Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

The value of a phone call Hayley Forrest
12 January 2016

Phone image

Digital communication is ubiquitous: a hair salon sends you text messages reminding you of appointments; movie tickets are booked through apps on your phone – and you wave a card in the air to pay for groceries. Our expectations might be that our health records can be also be swiftly and easily transferred.

When it comes to healthcare, the truth is more complicated. In New Zealand, there is no central store of all your health information and most of us change doctors several times in our lives. Our health information is created and used by multiple agencies through our lives: Plunket nurses, dentists, mental health support, Quitline, district health boards, to name a few.  What’s more, digital healthcare information is a relatively new development; if you’re older than 20 or so, your healthcare records are likely to include a solid file of dead trees.

Access – Rule 6

We have the legal right to see our health records under rule 6 of the Health Information Privacy Code, but how often when you visit your doctor do you actually see your records? 

One of my first jobs was filing records at a rural medical centre. The largest room in the building was dedicated to files, and every available space was filled with floor to ceiling shelves heaving with boxes of x-ray slides, blood test results, prescriptions and spidery handwriting. It kept a girl busy.

I had the opportunity to get acquainted with these files when a longstanding patient requested access to all his health records. The man, in his 70s, had been seeing the same GP for 40 years, and had also been extremely diligent in communicating with the other agencies he’d attended consultations with. As a result, those agencies had been able to forward his health information to the GP, and the man’s health records now filled two large archive boxes as well as files in our digital records system.

The reality was that his request represented many hours of collation and work. The practice manager at the medical centre paled at the thought of the size of the job ahead of her. 

Withholding grounds

Health agencies must provide individuals with access to their health information – unless there is a good reason not to. These withholding grounds are outlined in sections 27-29 of the Privacy Act. They are mostly common-sense reasons. There is an independent review of these decisions. If an individual is denied access to the information and they believe it’s unfair, they can complain to the Privacy Commissioner who can look at the material and review the decision.

Clarifying his request

A quick phone call allowed us to explain the logistical barriers to assessing and copying his full medical file, and how, due to time restraints, it could actually take several weeks to provide him with his records.

It was a fruitful call. It turned out that the man only wanted to find out about a course of medication he’d taken 50 years ago. When we offered to locate the relevant material he was delighted. He was also happy to have the information emailed to him.  

Three years, rather than 70

This meant I was able to hone in on a date-range of three years – rather than 70 – find the information he was interested in, check it quickly for anything that wasn’t about him (in case something had found its way into his records over the years that could breach another person’s privacy), scan it, and securely email it to him. 

Once the information was scanned, the scanned data could be added to his digital file as an attachment. A thick wedge of paper was replaced with a single file-divider indicating that three years of his medical information had been digitised. The paper records were offered to the patient, who ended up giving us permission to securely destroy them anyway.

And of course, had the patient asked for his entire file, we would have considered the request in full. While it can be inconvenient and time-consuming for busy medical centres to respond to these types of requests, it should be worked into your business plan, just like paying tax, ACC levies, and buying copy paper.

Health resources online

The Office of the Privacy Commissioner has provided some online resources to help health agencies develop good policies to handle these requests:

  • All health agencies will benefit from bookmarking the Health Privacy Toolkit. It includes five printer-friendly Fact Sheets that simplify most of common issues and requests you’ll come across when it comes to health information. 
  • We have free online training modules that cover all your rights and legal obligations when handling health information: privacy.org.nz/e-learning
  • If in doubt, contact the Office of the Privacy Commissioner – 0800 803 909 or enquiries@privacy.org.nz. We’re happy to help. 

Image credit: Florida Memory from Tallahassee Democrat Collection, via Creative Commons 

2 comments

, , ,

Back

Comments

  • This was an interesting anecdote about the everyday implications of someone asking for their health records. The angle is about burden to the record keeper. In this case the individual had asked for more than he needed and the matter was quickly resolved.

    There's scope for a lot more discussion however. As the writer points out, its currently quite an undertaking to provide some records but in the digital age could we expect a rapid execution of a request for files? I assume there's now less likelihood of someone else's information being accidentally filed and that less checking will be required.

    I also have an anecdote. I presented in pain late at night to an after hours doctor surgery in Wellington. I'd come in because I'd spoken to an emergency nurse service. I'd answered a lot of questions in that phone call. After the (free) assessment they advised me to go to a doctor. I did. When I arrived they knew I'd been assessed but none of my data could be transferred even with my permission. Privacy was given as the reason. I was then wrongly diagnosed - the dr I saw did not ask the same questions - and sent home with the wrong sort of pain medicine for the pulmonary embolism it turned out I had. In my case swift sharing of my records could have avoided the almost fatal outcome I had. Also, had the dr been able to see my own GPs record he wold have seen I'd had a previous PE. Two easy clues missing.

    Posted by Deb P, 14/01/2016 8:53am (23 months ago)

    Post Reply

    The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.

  • Hi Deb, you raise some excellent points.

    One of the benefits of electronic health records is in minimising unnecessary repetition of information and making sure health providers have the information they need. There are a range of security risks that go alongside those benefits, of course - e.g. electronic information can go astray much further and faster than its paper equivalent - but the growth in patient portals and electronic repositories suggests the health sector considers that the benefits outweigh the risks.

    https://www.privacy.org.nz/assets/Files/Reports-to-ParlGovt/Electronic-Shared-Care-Records-Elements-of-Trust-report-1.pdf

    Electronic shared care records, while not without problems, are a useful step along the path to practitioners having safe access

    However if you were told that 'privacy' prevented your records being transferred with your permission, that's incorrect. Any agency can disclose health information with the permission of the person it relates to under rule 11 of the Health Information Privacy Code 1994.

    Sebastian Morgan-Lynch, OPC

    Posted by Sebastian Morgan-Lynch, 18/01/2016 12:05pm (23 months ago)

    Post Reply

    The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.

Post your comment

The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.

Latest Blog Entries