Privacy Law and Policy Reporter
In the first part of this article (see (1994) 1 PLPR 141) the authors outlined the background and the first nine principles of NZ's Health Information Privacy Code 1994, the first code to be issued under NZ's Privacy Act 1993. The authors outline the remaining three principles and discuss the role of the code alongside other legislation.
Rule 10 raises the difficult issue of how to limit access to personal information within large institutions (see r 5 on security). It remains easy for staff members to read patient information even though they might not be involved in that person's care. There is the potential for a large number of hidden breaches under this rule because it may be very difficult for the individual to know if their health information has been used for a purpose other than the original purpose for which it was obtained. Only if there is subsequent disclosure of information from an unexpected source is it likely to come to the attention of the individual.
Rule 10 prohibits the use of health information for purposes other than the purpose it was obtained for, unless one of the specified exceptions apply. This rule is similar to principle 10 of the Act, except that there are two reformulated exceptions and two deletions from the maintenance of the law exception.
The two reformulated exceptions are:
Wherever possible, the consent of the individual should be obtained before using information for a different purpose. This is consistent with the philosophy of personal autonomy and control of health information by the individual. If there is no consent, the use of the information would have to fall within one of the exceptions set out in the code or else authorised by any other enactment.
Rule 11 sets out the circumstances where health information may be disclosed. This rule extends to health information about deceased people, whereas principle 11 of the Act applies only to personal information about living persons and information contained in the register of deaths is kept under the Births and Deaths Registration Act 1951.
Disclosure is prohibited except in the specific circumstances listed as exceptions to r 11. It is important, when applying this rule in practice, to recognise that r 11 does not require or oblige disclosure; it is permissive. Again, whenever possible the consent of the individual should be obtained.
Rule 11(2) sets out the situation where disclosure can be made without the consent of the individual.
Prior to making a disclosure under the exceptions in r 11(2), the health agency must believe on reasonable grounds that it is not desirable or practical to obtain the individual's consent. If the decision to disclose is later challenged by the individual, the onus is on the health agency to prove that the exception applied.
There are a number of additional exceptions to r 11, which are not found in principle 11 of the Act, where disclosure is:
Rule 11 clarifies that:
The Privacy Commissioner has emphasised that health agencies should convey, in a meaningful and frank way, to their patients the purposes to which health information will be put. Then there will be less need to resort to one of the exceptions to rr 10 and 11 to justify a use or disclosure. The Privacy Commissioner has also asserted that health agencies should review their admission forms and invite patients to say which people they want notified of their admission to a hospital (for example, a chaplain or family member) and who should be given more information than mere admission information (for example, spouse, parent, friend or nobody). The Commissioner has stated that health agencies should cease asking questions such as 'what is your religion?' or requiring a patient to 'name your next-of-kin' without stating the purpose (Privacy Commissioner (1)).
Under the Privacy Act, principle 12 generally prohibits the use of a unique identifier except in some circumstances. These exceptions include:
Under the Health Code, however, the use of the National Health Index number (NHI) as a unique identifier by listed health agencies is permitted in r 12(3). The use of health identifiers in the health sector was such that the Code had to be modified to allow greater flexibility in the assignment of NHI's.
The advantage of using a unique identifier rather than a name, particularly in respect of health information, is that it can protect privacy. For example, in the situation of samples being sent for diagnostic laboratory tests, there is no need for the staff to know the identity of the individual. Similarly, it could be used to prevent disclosure or unauthorised use of health information sent by a facsimile transmission.
A 1993 amendment to the Health Act inserted a number of provisions concerning the disclosure of health information (s 22C), communication of information for diagnostic and other purposes (s 22F), anonymous health information (s 22H), an offence of failing to retain health information (s 22I) and the expiry of s 22I on 30 June 1994 (s 22J).
The Health Code must be read as subject to the provisions of the Health Act because an overriding exception in all the rules of the code is that an action is not a breach of the rules if it is authorised or required by law. These provisions are statutory exceptions to the rules of the code. As such, the disclosure provisions in the Health Act override the rules in the code.
Anyone may disclose anonymous health information (s 22H, Health Act l986). This is consistent with the principles under the Privacy Act which permit the collection, use or disclosure of non-identifying personal information.
It was important to the patient and for the health care system that, during the transitional stages of the health reforms, health records were not arbitrarily destroyed. This resulted in a specific requirement to retain medical records until 1 July 1994 (ss 22I and 22J, Health Act 1986). This has since been extended to 1 January 1995 (see s 2, 1994, No 37).
There is another statute which has a key role to play in respect of the disclosure of health information by public sector agencies. This is the Official Information Act 1982 (OIA). Many health agencies, such as RHAs and CHEs, will be subject to both the OIA (under s 17, Health and Disability Services Act 1993) and the Health Code. This overlap is bound to cause some confusion until the parameters of the overlapping jurisdictions are tested and clarified.
The Health Code contains a provision that nothing in r 11 (on disclosure) derogates from any provision in any Act which authorises or requires information to be made available or regulates the manner in which personal information may be obtained. The OIA is such an enactment. The effect is that, although the disclosure rules in the Health Code are highly relevant, they cannot be used to override the OIA in circumstances where a consideration of the request under each of the Health Code and the OIA would result in a different outcome.
It is to be expected that the Health Code will be very relevant as a guide to interpreting the reference to personal privacy in s 9(2)(a) of the OIA in the context of health information. It is unlikely that either an Ombudsman or a court, on reviewing the agency's decision on a request, would ignore such a significant document on health privacy in the form of the Health Code. The Ombudsmen's Practice Guidelines (No 6, para 8.1) make the point that, by enacting the Privacy Act, Parliament has recognised a strong public interest in withholding information the disclosure of which would infringe personal privacy. It is, therefore, quite probable that the Code might be used to qualify the meaning of personal privacy as this term is used under s 9(2)(a) of the OIA.
Extracted from E Longworth & T McBride The Privacy Act - A Guide, Wellington, 1994, GP Publications - PO Box 12 052 Wellington NZ, or Freefax 0800 80 4454, NZ$39.95 plus $3.75 postage.