Disclosing Patient Information

Policy

For requests to access patient information from the patient or their legal representative, see Patient Access to Records.

We comply with the information privacy principles of:

the Privacy Act 2020
the Health Information Privacy Code 2020
any other relevant legislation when sharing information with third parties.

Staff do not disclose patient information without authorisation from the patient, unless there is a legal exception.

We only work with third-party services providers if we are satisfied that their privacy policy, settings, and controls are secure and managed appropriately, and that the information provided will only be used for the purpose it was collected. We clearly document all requests for information, as well as any information that is disclosed.

When we disclose patient information to a third party, we only include information that is relevant to the request.

We respond to requests to access information as soon as reasonably practicable, but within 20 working days of request.

Consult with the privacy officer if there are any questions or concerns around releasing patient information.

For more information, see Privacy Commissioner | Te Mana Mātāpono Matatapu: HIPC Factsheet 4 - Dealing with Access Requests and HIPC Factsheet 3 - Disclosure of Health Information.

Third-party records access requests

We comply with legislation around releasing personal information to third parties:

Government agencies
We may disclose health information to external agencies specified under Section 22C of the Health Act if they require the information to carry out their powers, duties, or functions under a relevant act.

Refer to Ministry of Justice: Information Sharing Guidance and Oranga Tamariki: Information Sharing.
Family of a deceased patient
If the family of a deceased patient wants access to the patient's health records, consent must be obtained from either the executor or administrator of their estate.

Refer to Medical Protection: Factsheet: Request for the release of a deceased patient's health information.
Third parties outside of New Zealand
We only disclose information to third-party organisations outside of New Zealand if they are subject to the Privacy Act, or to similar privacy laws as New Zealand, or it has been authorised by the patient.

Refer to Privacy Commissioner: Principle 12 - Disclosure outside New Zealand.

Proactive disclosure of patient information

We proactively disclose information to certain external agencies when this is legally required. Health practitioners are protected as long as information is disclosed in good faith.

For more information on releasing patient records to third parties, see Ministry of Health: Information Sharing Provisions for Health Professionals.

See Mandatory and Discretionary Reporting for situations where health practitioners may need to proactively disclose patient information to a third party.

Family violence, sexual abuse

Keywords: Domestic violence

Page Information

Last reviewed Last review: The date this page last had a comprehensive review by the GPDocs team. See the review schedule.	June 2024
Next review Next review: The date this page will next be reviewed by all GPDocs practices. See the review schedule.	April 2027
Topic type Topic Types There are two topic types: Core content Text outside the yellow highlighting (as shown on the model site) is there for compliance, legislation, or best practice. The text is not normally changed. Core content is continually reviewed and kept up to date. Customised Core content on this page has been changed on request by the practice. Customised topics must be reviewed and updated by the practice because they are not automatically updated by GPDocs.	Core content
Approved By:	Key Contact
Topic ID:	8154

Site Links

About us

Logout

Contact

Phone: 0800 473 627
Email: support@gpdocs.co.nz

Disclosing Patient Information

Page Information

Last review:

Next review:

Topic Types

Site Links

About us

Contact