Why you should care about how your information is used:

Never before has there been such ability to store information about people in such easily retrievable forms and never before has it been so easy to share and copy information.

The hard disk drive pictured left had the ability to store over 40 Gigabytes of data.  Even though by today's standards that is quite a small capacity (in 2014, most new computers can store over 20 times as much) it is still a staggering amount of information.  Forty thousand library books or 80 copies of the full set of Encylopaedia Britannica including rich media.

Data is entered, copied backed-up and shared by multiple different systems, and this poses perhaps the single biggest threat to the sacred confidentiality of the doctor-patient relationship.

So how do we ensure your information is protected?

We have a robust policy in place to ensure that all staff are aware of their responsibilities in protecting your data privacy.  You are welcome to read the full Health Information Privacy Policy but the key data-protection points are:

• All our computers use passsword-protected screen savers.
• All access to your records requires a secure password.
• Your data is backed up to a trusted secure provider approved by Pegasus Health
• We do not keep paper copies of your notes, instead they are scanned and then protected by a password.
• All confidential paper is shredded and burned by Iron Mountain confidential waste disposal.
• Electronic storage devices are physically destroyed (not just wiped) when they are disposed of.
• Wherever possible we use encrypted HL7 standard electronic documents for communication.
• Paper records are sent by secure courier (not just posted)

What is your information used for?

You may be surprised to find out how many interactions we have with external agencies, all of which require some of your information to be shared.  Some is clearly in your interest, and some is required for compliance.  Occasionally we are required by law to share information.  Most in

Sharing that benefits you:

• Referral letters - when we are asking for help with your care, we provide appropriate information to make that care more effective and safer.
• Health One - a subset of your information is made available to other healthcare providers online.  Full details may be found in our Health One article.
• Test results - though not shared by us directly, your blood test results can be viewed by healthcare professionals.
• Other data provided with your knowledge to external agencies such as Medic Alert.
• Verbal information shared with key healthcare professionals - handovers and advice taken from hospital specialists, for instance.
• Information shared with screening providers such as Breastscreen.
• Immunisation data shared with the National Immunisation Register.

You can opt-off sharing of information (Health One and test results by calling 0800 TESTSAFE) if you like. 

Sharing that helps manage the healthcare system:

• Your date of birth, name, address and ethnicity are reported to the District Health Board every three months.  This is necessary for the management of capitated practice funding (subsidies).
• Funding for some medications requires a 'Special Authority' application that requires sharing of some of your information.
• Every three years or so we are assessed by auditors who check that we are meeting standards set by the District Health Board.  The auditors understand the importance of confidentiality and though they must read records, they do not retain any information.
• Occasionally a similar audit is required for Special Authority applications or to ensure that we are enrolling patients appropriately.
• Pooled data reported to the Ministry of Health.

Legally required sharing:

• Rarely, infectious diseases have to be notified to the Medical Officer for Health.  Medical confidentiality is maintained by the Medical Officer.  You will always be informed of any notification.
• Some medications require notification of their prescription to the Ministry of Health.  We will advise you if we prescribe one of these 'Section 29' medications.
• Courts can require doctors to release medical information, though this is extremely rare.

Sharing that is necessary but of questionable benefit:

• The function of some of our decision support software requires that some data is held on external computers.  We only use providers where there has been a thorough audit of their data security procedures.  The use of these providers is approved by a large committee at Pegasus Health.
• Similarly, some data about the use of electronic ACC and WINZ forms is held externally, again by reliable providers.

Sharing that benefits external agencies:

• When you sign an ACC form, you grant ACC access to healthcare information we hold about you.  This is restricted to information directly related to your accident.
• WINZ receive a summary of your healthcare information whenever we complete medical forms for benefits.
• Insurance companies may request copies of your records, with your written permission.

Whenever we are asked for access to your information, we weigh the risks and benefits of this carefully.  We respect the trust that you place in us and are very careful that anyone we share data with has a real need for that information and insofar as it is possible, your permission to use it.

Where information is not shared with your express consent, we go to a great deal of trouble to ensure that it is protected as well as we would protect it ourselves.  Why not check out our Health One article to find out more about information sharing in Canterbury?

Hopefully, you are now better informed about how your information is used and also how we protect it.  If you have any questions, please contact us using the site contact form and we will be more than happy to provide you with an explanation.

Credits:

Hard disk image:  Sumner Health Centre.