Privacy commissioner John Edwards has found no evidence to justify an investigation into health IT provider ProCare - and has criticised those who made the complaint.
The commissioner received a letter in July expressing concern that ProCare was breaching the Health Information Privacy Code by using a Clinical Intelligence System (CIS) database to collect and store patient information.
The letter, from four New Zealand and Australian healthcare IT companies, asked for a formal investigation and the concerned parties also made statements to the media - it was widely reported that up to 800,000 Aucklanders may have had their privacy breached.
“I have found no substance to allegations of such a breach,” Edwards said in a statement today. “I considered the issues that the letter raised, reviewed my office’s work with ProCare, and did not see sufficient evidence to justify an investigation at this time.”
ProCare appears to have acted responsibly in the development of the CIS database, including consulting the privacy commissioner, undertaking a privacy impact assessment, and providing it to the office for review at the beginning of 2017, he said.
The Commissioner also stressed to the concerned parties the importance of considering the effect on public confidence before making public statements.
“Making alarmist claims that the health information of 800,000 patients may be at risk can cause unnecessary anxiety for those patients and needlessly undermine confidence in the health system,” Edwards said.
“I appreciate these concerns being brought to my attention, but I see no evidence that this database has harmed patients, or that it presents a likely risk of harm.
"As a result, my office will not be taking any further action at this stage."
Complainants Dr Ashwin Patel, director of My Practice, Tom Bowden, CEO of HealthLink, Vino Ramayah, CEO of Medtech Global and Dr Frank Pyefinch, of Best Practice Software New Zealand issued a response saying they stand by their decision to ask the privacy commissioner to investigate the issue and thanking him for his consideration of this matter.
"As vendors whose technology makes the collection of identifiable health information in this way possible, we are relieved that he has found no breach of the HIPC, they wrote in a joint statement.
"However, we remain concerned that many patients are not being kept well informed about the collection of their identifiable medical data by PHOs.
"Our members repeatedly raised this issue with ProCare before approaching the privacy commissioner and the media."
They added open discussion about privacy issues and public awareness was vital to allow the safe and seamless sharing of medical data.
"The public’s trust must be retained at every step of the creation of any medical database," they wrote.
"Australia is right now dealing with the fallout from a loss of public confidence in sharing their medical data due to controversy over attempts to introduce a national electronic health record system.
"We look forward to further discussion about these issues before any new national electronic health records strategy is decided on."