Letters in the wrong envelope, sensitive documents left on a photocopier, an autofill error in an email - these are some of the most common privacy breaches, and have been since the Privacy Act was passed in 1993.
These mistakes happen in all kinds of agencies, and they can be particularly harmful in the health and disability sector. So it makes sense that everyone working with health information should have a solid understanding information privacy.
On 1 December 2020 the new Privacy Act will come into effect.
The Act introduces a number of new privacy protections for individuals and obligations for organisations, including mandatory privacy breach notifications, access directions, and compliance notices.
This video gives an overview of why New Zealand's Privacy Act was revised and introduces some of the key changes in the new legislation.
A privacy breach is where there has been unauthorised or accidental access to personal information, or disclosure, alteration, loss, or destruction of personal information.
It can also include a situation where a business or organisation is stopped from accessing information – either on a temporary or permanent basis.
One of the key changes to note in the new act is that any privacy breach which presents a 'risk of serious harm' MUST be notified to the Office of the Privacy Commissioner.
There is a fact sheet on this in the files and links section below.
The Act isn't in effect until 1 December 2020, but the advice is to begin following the breach notification protocol now.
There are two new e-learning modules on the new Privacy Act.
The Privacy Act 2020 module gives an overview of the key changes in the Privacy Act 2020 and why the law was revised.
Learn about the new requirement to report serious privacy breaches, which will come into force on 1 December.
Both of these modules take approximately 30 minutes and can be completed in more than one session.
Access the modules using the link below.
Health ABC is designed for busy health and disability workers who only need the basics of health information privacy. It takes less than an hour to complete, and uses scenarios to bring concepts to life. It’s also divided into 12 short sections, so you can easily dive into the information you need, when you need it.
Half of the module deals with some of the important concepts for dealing with health information, such as drafting privacy statements and using information in a fair and reasonable way. The other half deals with common situations that we’ve seen and heard about - things like taking information off site, dealing with patients who want to video you, how to address a serious threat and working with children’s health information.
Health 101 is a three-hour, deep dive into the health information privacy code. It’s great for someone who needs to really get into the details, such as a privacy officer ior an IT specialist in a large general practice.
Health ABC is a companion to Health 101. We encourage everyone to take Health ABC, because it gives a solid foundation of privacy knowledge. This may be enough for some people, and for others, it will give you something to build on when you go on to Health 101
Michelle Bayley, Clinical Governance Programme Manager
027 590 1241