Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 


19 posts

Geek


  #2242291 21-May-2019 12:31
Send private message

Hi and thanks but there is currently nothing at HDC and there may not be (depending on what route I decide in time).  However the original main question was (a little clarified):

 

Within the context of Health and Privacy:  Does anyone know what the rules/laws are relating to a 3rd party who refuses to destroy an email that was erroneously sent to them?  Or recipients he may have also sent on too?

 

There doesn't seem to be much or any coverage for this in HIPC or Privacy Act.  Usually when this has happened in the pas the recipient has acted in good faith and dealt whit he situation with integrity eg disposal or advice and return to sender. 


636 posts

Ultimate Geek


  #2242331 21-May-2019 13:37
Send private message

Not my area of expertise (this is really a question for the Privacy Commissioner), but I don't think an unwitting recipient of private health information can be compelled to do anything. That is why Bronwyn Pullar was not charged with anything when she chose not to immediately delete the huge dump of private ACC data she was provided with, and instead shared it with a reporter.

 

Your recourse (if any) would be against the corporation that shared the information with the third party, if they didn't have a legal basis for doing so. But the identity of the corporation is important, as is the relationship they have with you and the manner in which they came to hold your information. If my GP sent my records on to a third party, they have clearly broken a number of rules, because health providers must be very careful with the private health information they're entrusted with. But if I accidentally post my GP records to the lawnmower shop down the road, the lawnmower shop doesn't suddenly gain the same duty of care over that information as my GP, because I never entered into a relationship with them where I trusted them to hold that information.


 
 
 
 




19 posts

Geek


  #2242454 21-May-2019 16:27
Send private message

Thanks allio, great information ... your Bronwyn Pullar example is a really good one.  In my situation the 3rd party recipient is also a health agency (and practitioner) so I think he has a greater responsibility to treat information with care, even if he was not the intended recipient.


636 posts

Ultimate Geek


  #2242465 21-May-2019 16:48
Send private message

spacefish:

 

Thanks allio, great information ... your Bronwyn Pullar example is a really good one.  In my situation the 3rd party recipient is also a health agency (and practitioner) so I think he has a greater responsibility to treat information with care, even if he was not the intended recipient.

 

 

That seems reasonable (and there are professional codes of conduct for health professionals that go beyond normal privacy laws). But he likely still does not have as great a responsibility to safeguard your information as a practitioner who gained access to that information by treating you.

 

I think you need specific and detailed advice from the Privacy Commissioner. With the identities and relationships of all the parties known, they will be much more helpful than us!




19 posts

Geek


  #2242471 21-May-2019 16:54
Send private message

allio:

 

That seems reasonable (and there are professional codes of conduct for health professionals that go beyond normal privacy laws). But he likely still does not have as great a responsibility to safeguard your information as a practitioner who gained access to that information by treating you.

 

I think you need specific and detailed advice from the Privacy Commissioner. With the identities and relationships of all the parties known, they will be much more helpful than us!

 

 

I agree, I'm awaiting the decision of the Privacy Officer before I can do anything more, but it's been pretty upsetting,  there's nothing like feeling like an ant in the face (or under the feet) of Goliath.  So I really appreciate your info and perspective. :)

 

 


703 posts

Ultimate Geek

Lifetime subscriber

  #2242504 21-May-2019 17:20
Send private message

Spacefish, I'm worried you are confused about jobs and job titles here.

 

Every organisation is supposed to have a Privacy Officer, they are supposed to make sure their organisation follows the rules of the Privacy Act.
The Office of the Privacy Commissioner is a statutory office of Parliament (not the Government) and is the referee / judge in matters of personal privacy and the Privacy Act.

 

You say


I'm awaiting the decision of the Privacy Officer

Which organisation's Privacy Officer are you waiting for? The one who works for the organisation you sent the email to, or the one who works for the organisation that was copied in on the reply? Or both?

 

Have you contacted the Privacy Commissioner (https://www.privacy.org.nz/about-us/contact/) or, since this apparently relates to health / medical information, the Health and Disability Commissioner (https://www.hdc.org.nz/making-a-complaint/make-a-complaint-to-hdc/)?

 

 

 

BTW Section 40(1) of the Privacy Act requires that you should receive a response rom the Privacy Officer(s) within 20 working days

 

 

 

 




19 posts

Geek


  #2242519 21-May-2019 17:31
Send private message

Hi thanks PolicyGuy, I've been in contact with the PC and am following their recommendations, so just need to wait out my 20 days before progressing, unless of course they come back to me sooner ... 

 

HDC is not on the cards at the moment, it was the 3rd party who is pre-empting that.  I haven't settled on a path of accountability yet.  Only approx 4% of cases that get presented to HDC go through their process, and generally they're cases of greater public interest (or so I was told).

 

PolicyGuy:

 

BTW Section 40(1) of the Privacy Act requires that you should receive a response rom the Privacy Officer(s) within 20 working days

 

 

Thanks for that!  I knew it was 20 working days but you saved me a trip into the Act to find that. :)


 
 
 
 


703 posts

Ultimate Geek

Lifetime subscriber

  #2242532 21-May-2019 18:00
Send private message

spacefish:

 

HDC is not on the cards at the moment, it was the 3rd party who is pre-empting that.  I haven't settled on a path of accountability yet. 

 

 

The desires, intentions or preferences of the "3rd party" should not influence your course of action, after all it's your Personal Information that has been disclosed to an unauthorised party, not theirs.
If you want to got to the HDC, go for it, never mind the "3rd party"

 

 

 

spacefish:

 

Only approx 4% of cases that get presented to HDC go through their process, and generally they're cases of greater public interest (or so I was told).

 

 

I'm fairly sure that the 4% figure is the number that get the full investigation followed by the Commissioner making a public Finding.
I think you'll find that the 96% get resolved much before that, and very few just get black-holed.
For example, as soon as the HDC gets on the line to the provider, there is a sudden change of attitude and a bunch of fairly grovelling apologies and the complainant goes away happy: job done.
Or the HDC decides that the complainant was misinformed, didn't understand, whatever: the complainant goes away either wiser or sadder.
The HDC going full blast on a complaint and taking it right through the process is a very expensive process in top management time for the target organisation, and can be severely career limiting for somebody who caused the original problem. That's why so many get sorted straight away


BTR

1522 posts

Uber Geek


  #2243112 22-May-2019 13:23
Send private message

If you question is in regards to laws a forum is not the best place to look for answers, seek advice from privacy commision or a lawyer. 




19 posts

Geek


  #2243128 22-May-2019 14:00
Send private message

PolicyGuy:

 

The desires, intentions or preferences of the "3rd party" should not influence your course of action, after all it's your Personal Information that has been disclosed to an unauthorised party, not theirs.

 

Thank you for the excellent reminder ... it is a good one too, and one I feel strongly about too. :)

 

 

 

Thanks also for the info re HDC, this is a really complex situation in a number of different ways and the end course may be very simple (ha!).  There is a lot involved and obviously I have only given the smallest fraction of info here and that is all I can do for various reasons.  There is still more info to come in, and more people to talk with.

 

I brought this question here because the "email" aspect and "how confidential are your e-comms" is not always as simple as "well you put it out there in the ether so suck it up".  It raises some bigger questions around the law, IT and Health,  and I was fairly sure there would be someone here who could help me think my way through.  When you're involved in this type of situation it is not always so easy to depersonalise - a second perspective is good.

 

 

 

BTR I posted the question because I was wanting information, not a "legal opinion".  I would definitely go to a lawyer for that, but there are perspectives worth thinking about too, before the lawyer.  I think the question I have posted has also shown a differing of knowledge and opinion around emails which is always a good thing, especially if you could be impacted by that personally or in your line of work.


636 posts

Ultimate Geek


  #2243130 22-May-2019 14:06
Send private message

spacefish:

 

HDC is not on the cards at the moment, it was the 3rd party who is pre-empting that.  I haven't settled on a path of accountability yet.  Only approx 4% of cases that get presented to HDC go through their process, and generally they're cases of greater public interest (or so I was told).

 

 

As PolicyGuy said, that's not quite the whole story. It's true that only 4% of complaints are "formally" investigated, but it's not like nothing happens with the other 96%. Some of those cases involve months or years of work and can result in strong recommendations being made for change or censure. Some of the "front page news" stories you hear about are HDC cases that weren't formally investigated, but nevertheless an enormous amount of work went into resolving them. If your complaint has merit, at the least the provider will be asked to explain and account for their actions. If their answer isn't satisfactory then things can be escalated.


1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Sony introduces the digital camera ZV-1 for content creators
Posted 27-May-2020 12:47


Samsung Announces 2020 QLED TV Range
Posted 20-May-2020 16:29


D-Link A/NZ launches AI-Powered body temperature measuring system
Posted 20-May-2020 16:22


NortonLifeLock Online Banking Protection now available for New Zealand banks
Posted 20-May-2020 16:14


SD Express delivers new gigabyte speeds for SD memory cards
Posted 20-May-2020 15:00


D-Link A/NZ launches Nuclias cloud managed network solution hosted in Australia
Posted 11-May-2020 17:53


Logitech introduces new video streaming solution for home studios
Posted 11-May-2020 17:48


Next generation Volvo cars to be powered by Luminar LiDAR technology
Posted 7-May-2020 13:56


D-Link A/NZ launches Wi-Fi Certified EasyMesh system
Posted 7-May-2020 13:51


Spark teams up with Microsoft to bring Xbox All Access to New Zealand
Posted 7-May-2020 13:01


Microsoft plans to establish its first datacenter region in New Zealand
Posted 6-May-2020 11:35


Genesis School-gen has joined forces with Mind Lab Kids
Posted 1-May-2020 12:53


Malwarebytes expands into privacy with fast, frictionless VPN
Posted 30-Apr-2020 16:06


Kordia to donate TV airtime on Channel 200 to community groups
Posted 30-Apr-2020 16:00


OPPO A91 is a high specs mid-range smartphone
Posted 23-Apr-2020 16:44



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.