Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 


17 posts

Geek
+1 received by user: 1


  # 2242291 21-May-2019 12:31
Send private message quote this post

Hi and thanks but there is currently nothing at HDC and there may not be (depending on what route I decide in time).  However the original main question was (a little clarified):

 

Within the context of Health and Privacy:  Does anyone know what the rules/laws are relating to a 3rd party who refuses to destroy an email that was erroneously sent to them?  Or recipients he may have also sent on too?

 

There doesn't seem to be much or any coverage for this in HIPC or Privacy Act.  Usually when this has happened in the pas the recipient has acted in good faith and dealt whit he situation with integrity eg disposal or advice and return to sender. 


585 posts

Ultimate Geek
+1 received by user: 315


  # 2242331 21-May-2019 13:37
4 people support this post
Send private message quote this post

Not my area of expertise (this is really a question for the Privacy Commissioner), but I don't think an unwitting recipient of private health information can be compelled to do anything. That is why Bronwyn Pullar was not charged with anything when she chose not to immediately delete the huge dump of private ACC data she was provided with, and instead shared it with a reporter.

 

Your recourse (if any) would be against the corporation that shared the information with the third party, if they didn't have a legal basis for doing so. But the identity of the corporation is important, as is the relationship they have with you and the manner in which they came to hold your information. If my GP sent my records on to a third party, they have clearly broken a number of rules, because health providers must be very careful with the private health information they're entrusted with. But if I accidentally post my GP records to the lawnmower shop down the road, the lawnmower shop doesn't suddenly gain the same duty of care over that information as my GP, because I never entered into a relationship with them where I trusted them to hold that information.


 
 
 
 




17 posts

Geek
+1 received by user: 1


  # 2242454 21-May-2019 16:27
Send private message quote this post

Thanks allio, great information ... your Bronwyn Pullar example is a really good one.  In my situation the 3rd party recipient is also a health agency (and practitioner) so I think he has a greater responsibility to treat information with care, even if he was not the intended recipient.


585 posts

Ultimate Geek
+1 received by user: 315


  # 2242465 21-May-2019 16:48
One person supports this post
Send private message quote this post

spacefish:

 

Thanks allio, great information ... your Bronwyn Pullar example is a really good one.  In my situation the 3rd party recipient is also a health agency (and practitioner) so I think he has a greater responsibility to treat information with care, even if he was not the intended recipient.

 

 

That seems reasonable (and there are professional codes of conduct for health professionals that go beyond normal privacy laws). But he likely still does not have as great a responsibility to safeguard your information as a practitioner who gained access to that information by treating you.

 

I think you need specific and detailed advice from the Privacy Commissioner. With the identities and relationships of all the parties known, they will be much more helpful than us!




17 posts

Geek
+1 received by user: 1


  # 2242471 21-May-2019 16:54
Send private message quote this post

allio:

 

That seems reasonable (and there are professional codes of conduct for health professionals that go beyond normal privacy laws). But he likely still does not have as great a responsibility to safeguard your information as a practitioner who gained access to that information by treating you.

 

I think you need specific and detailed advice from the Privacy Commissioner. With the identities and relationships of all the parties known, they will be much more helpful than us!

 

 

I agree, I'm awaiting the decision of the Privacy Officer before I can do anything more, but it's been pretty upsetting,  there's nothing like feeling like an ant in the face (or under the feet) of Goliath.  So I really appreciate your info and perspective. :)

 

 


362 posts

Ultimate Geek
+1 received by user: 206

Lifetime subscriber

  # 2242504 21-May-2019 17:20
One person supports this post
Send private message quote this post

Spacefish, I'm worried you are confused about jobs and job titles here.

 

Every organisation is supposed to have a Privacy Officer, they are supposed to make sure their organisation follows the rules of the Privacy Act.
The Office of the Privacy Commissioner is a statutory office of Parliament (not the Government) and is the referee / judge in matters of personal privacy and the Privacy Act.

 

You say


I'm awaiting the decision of the Privacy Officer

Which organisation's Privacy Officer are you waiting for? The one who works for the organisation you sent the email to, or the one who works for the organisation that was copied in on the reply? Or both?

 

Have you contacted the Privacy Commissioner (https://www.privacy.org.nz/about-us/contact/) or, since this apparently relates to health / medical information, the Health and Disability Commissioner (https://www.hdc.org.nz/making-a-complaint/make-a-complaint-to-hdc/)?

 

 

 

BTW Section 40(1) of the Privacy Act requires that you should receive a response rom the Privacy Officer(s) within 20 working days

 

 

 

 




17 posts

Geek
+1 received by user: 1


  # 2242519 21-May-2019 17:31
Send private message quote this post

Hi thanks PolicyGuy, I've been in contact with the PC and am following their recommendations, so just need to wait out my 20 days before progressing, unless of course they come back to me sooner ... 

 

HDC is not on the cards at the moment, it was the 3rd party who is pre-empting that.  I haven't settled on a path of accountability yet.  Only approx 4% of cases that get presented to HDC go through their process, and generally they're cases of greater public interest (or so I was told).

 

PolicyGuy:

 

BTW Section 40(1) of the Privacy Act requires that you should receive a response rom the Privacy Officer(s) within 20 working days

 

 

Thanks for that!  I knew it was 20 working days but you saved me a trip into the Act to find that. :)


 
 
 
 


362 posts

Ultimate Geek
+1 received by user: 206

Lifetime subscriber

  # 2242532 21-May-2019 18:00
One person supports this post
Send private message quote this post

spacefish:

 

HDC is not on the cards at the moment, it was the 3rd party who is pre-empting that.  I haven't settled on a path of accountability yet. 

 

 

The desires, intentions or preferences of the "3rd party" should not influence your course of action, after all it's your Personal Information that has been disclosed to an unauthorised party, not theirs.
If you want to got to the HDC, go for it, never mind the "3rd party"

 

 

 

spacefish:

 

Only approx 4% of cases that get presented to HDC go through their process, and generally they're cases of greater public interest (or so I was told).

 

 

I'm fairly sure that the 4% figure is the number that get the full investigation followed by the Commissioner making a public Finding.
I think you'll find that the 96% get resolved much before that, and very few just get black-holed.
For example, as soon as the HDC gets on the line to the provider, there is a sudden change of attitude and a bunch of fairly grovelling apologies and the complainant goes away happy: job done.
Or the HDC decides that the complainant was misinformed, didn't understand, whatever: the complainant goes away either wiser or sadder.
The HDC going full blast on a complaint and taking it right through the process is a very expensive process in top management time for the target organisation, and can be severely career limiting for somebody who caused the original problem. That's why so many get sorted straight away


BTR

1511 posts

Uber Geek
+1 received by user: 459


  # 2243112 22-May-2019 13:23
Send private message quote this post

If you question is in regards to laws a forum is not the best place to look for answers, seek advice from privacy commision or a lawyer. 




17 posts

Geek
+1 received by user: 1


  # 2243128 22-May-2019 14:00
Send private message quote this post

PolicyGuy:

 

The desires, intentions or preferences of the "3rd party" should not influence your course of action, after all it's your Personal Information that has been disclosed to an unauthorised party, not theirs.

 

Thank you for the excellent reminder ... it is a good one too, and one I feel strongly about too. :)

 

 

 

Thanks also for the info re HDC, this is a really complex situation in a number of different ways and the end course may be very simple (ha!).  There is a lot involved and obviously I have only given the smallest fraction of info here and that is all I can do for various reasons.  There is still more info to come in, and more people to talk with.

 

I brought this question here because the "email" aspect and "how confidential are your e-comms" is not always as simple as "well you put it out there in the ether so suck it up".  It raises some bigger questions around the law, IT and Health,  and I was fairly sure there would be someone here who could help me think my way through.  When you're involved in this type of situation it is not always so easy to depersonalise - a second perspective is good.

 

 

 

BTR I posted the question because I was wanting information, not a "legal opinion".  I would definitely go to a lawyer for that, but there are perspectives worth thinking about too, before the lawyer.  I think the question I have posted has also shown a differing of knowledge and opinion around emails which is always a good thing, especially if you could be impacted by that personally or in your line of work.


585 posts

Ultimate Geek
+1 received by user: 315


  # 2243130 22-May-2019 14:06
Send private message quote this post

spacefish:

 

HDC is not on the cards at the moment, it was the 3rd party who is pre-empting that.  I haven't settled on a path of accountability yet.  Only approx 4% of cases that get presented to HDC go through their process, and generally they're cases of greater public interest (or so I was told).

 

 

As PolicyGuy said, that's not quite the whole story. It's true that only 4% of complaints are "formally" investigated, but it's not like nothing happens with the other 96%. Some of those cases involve months or years of work and can result in strong recommendations being made for change or censure. Some of the "front page news" stories you hear about are HDC cases that weren't formally investigated, but nevertheless an enormous amount of work went into resolving them. If your complaint has merit, at the least the provider will be asked to explain and account for their actions. If their answer isn't satisfactory then things can be escalated.


1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

New Zealand PC Market declines on the back of high channel inventory, IDC reports
Posted 18-Jun-2019 17:35


Air New Zealand uses drones to inspect aircraft
Posted 17-Jun-2019 15:39


TCL Electronics launches its first-ever 8K TV
Posted 17-Jun-2019 15:18


E-scooter share scheme launches in Wellington
Posted 17-Jun-2019 12:34


Anyone can broadcast with Kordia Pop Up TV
Posted 13-Jun-2019 10:51


Volvo and Uber present production vehicle ready for self-driving
Posted 13-Jun-2019 10:47


100,000 customers connected to fibre broadband network through Enable
Posted 13-Jun-2019 10:35


5G uptake even faster than expected
Posted 12-Jun-2019 10:01


Xbox showcases 60 anticipated games
Posted 10-Jun-2019 20:24


Trend Micro Turns Public Hotspots into Secure Networks with WiFi Protection for Mobile Devices
Posted 5-Jun-2019 13:24


Bold UK spinoff for beauty software company Flossie
Posted 2-Jun-2019 14:10


Amazon Introduces Echo Show 5
Posted 1-Jun-2019 15:32


Epson launches new 4K Pro-UHD projector technology
Posted 1-Jun-2019 15:26


Lenovo and Qualcomm unveil first 5G PC called Project Limitless
Posted 28-May-2019 20:23


Intel introduces new 10th Gen Intel Core Processors and Project Athena
Posted 28-May-2019 19:28



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.