Medical records of up to 800,000 patients in Auckland may have been put at risk after a primary health organisation (PHO) supposedly uploaded to a single large database, according to a group of healthcare IT companies.
In a submission to the Privacy Commissioner, IT companies Best Practice Software New Zealand, Healthlink, Medtech Global, and My Practice alleged that PHO ProCare Health uploaded patients’ names, ages, addresses, and financial, demographic, and clinical information to the database, the New Zealand Herald reported. Holding that much identifiable in one place is unacceptable, according to the four IT firms’ letter.
The firms allege that most patients and some general practitioners seemed unaware of the ProCare database, which could be in breach of the Health Information Privacy Code.
“At a time when attitudes towards patient privacy are shifting in favour of giving greater protections to the individual, here is an organisation that has no direct patient relationship asking doctors to help it amass all the patient records it can get access to,” said the submission as quoted by the New Zealand Herald.
ProCare Health has denied the claims and said it could not function as a PHO without collecting such data.
“Patients should understand from the enrolment form that identifiable information is shared with the PHO for the purposes stated,” clinical director Allan Moffitt said, as quoted by the New Zealand Herald. “The PHO has strict procedures to ensure that individual patient privacy is protected and uses the data for improving healthcare provision and planning.”