Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

More Accept ×

We respect your Do Not Track preference.

Close ×

opc header logo
  • Home /
  • Public inquiries /
  • Inquiry into Ministry of Health's use and disclosure of Covid-19 patient information

Print | Email this page

Inquiry into Ministry of Health's use and disclosure of Covid-19 patient information

In late February 2020, New Zealand confirmed its first positive Covid-19 case. Very shortly after, the Ministry started receiving sporadic requests from Police and other Emergency Service Providers for details of confirmed cases.

Read the Privacy Commissioner’s Inquiry into Ministry of Health's use and disclosure of Covid-19 patient information (opens to PDF). The report also includes the footnotes.

A white woman puts a white medical mask on. She has strawberry blonde hair that is tied up. She is wearing a yellow jersey and a tan coat.Executive summary

The executive summary of the report was written by Privacy Commissioner John Edwards. 

This report is the result of my Inquiry into the Ministry of Health’s (“the Ministry”) disclosure of Covid-19 patient information to Emergency Services. On 29 July the State Services Commissioner referred the Heron QC report on the disclosure of Covid-19 patient information to me. Having considered the matters in Mr Heron’s report I decided to conduct an Inquiry under section 13(m) of the Privacy Act 1993 into the Ministry’s disclosure of Covid-19 patient information to Police, Fire and Emergency NZ, and ambulance service providers (“Emergency
Services”). 

This Inquiry is split into two parts, and I have assessed whether:

  • The Ministry’s disclosure of Covid-19 patient information to Emergency Services was compliant with the information privacy principles and rules of the Health Information Privacy Code 1994 (“the Code”) and whether the disclosure infringes or may infringe individual privacy; and
  • Police’s access to and use of Covid-19 patient information was compliant with the privacy principles and rules of the Code, and whether it infringes or may infringe individual privacy.

This Inquiry is an opportunity to provide observations and feedback both on the Ministry’s policy and arrangement of sharing patient information to Emergency Services, and Police’s access to and use of that information. While I acknowledge these comments are made with the benefit of hindsight, my hope is that they can inform both the Ministry and Police as further cases of Covid-19 inevitably emerge in the community.

Both the Privacy Act and the Code anticipate and allow for a coordinated approach to information sharing – a clear and systematised process from collection and storage, to use and disclosure (and preventing reuse for any further unrelated purpose).

Findings

I have found that the Ministry had a clear and measured rationale for its decision to provide patient information to Emergency Services in April 2020 when that decision was initially made. However, I consider that the Ministry should have revisited its decision as New Zealand began to move down alert levels in May 2020.

I have also found that Police had legitimate reasons to collect Covid-19 patient information from the Ministry. However, Police should have reviewed its need for patient information as the prevalence of Covid-19 reduced in New Zealand. Further, while it was appropriate for frontline Police staff to access and rely on alerts related to Covid-19 in the National Intelligence Application (“NIA”) to assist with or enable them to carry out their pandemic management or general policing duties, I have found that Police’s use of that information in disclosing it to agencies as part of Police’s vetting function, although in only a small number of cases and for a short-lived period, was inappropriate.

Recommendations and details of the inquiry are outlined in our report

Back to top