Data protection guidelines and legislation

Privacy Act 2020

Privacy Act 2020

The Privacy Act 2020 provides the general framework for promoting and protecting individual privacy.

It does so by establishing certain principles with respect to the collection, use, disclosure of and access to information relating to individuals. It applies to public and private sector agencies.

It also established the role of Privacy Commissioner to investigate complaints about interferences with individual privacy.

Health Information Privacy Code 2020

Health Information Privacy Code 2020

The Health Information Privacy Code 2020 is a Code of Practice issued by the Privacy Commissioner under section 32 of the Privacy Act which gives extra protection to health information because of its sensitivity.

It covers all health agencies, and protects all personal health information relating to an identifiable individual. The Ministry has a responsibility to ensure it complies with this Code in respect of all health information entrusted to it.

Health Information Governance Guidelines

Health Information Governance Guidelines

The Health Information Governance Guidelines (HISO 10064:2017) gives health providers guidance on how to collect and share personal health information legally, securely, efficiently and effectively. 

This helps ensure public confidence in data privacy and security is maintained and that the best possible treatment and care is delivered to all New Zealanders.

Other relevant legislation

New Zealand Public Health and Disability Act 2000

New Zealand Public Health and Disability Act 2000
The New Zealand Public Health and Disability Act 2000 introduced a major change to the public funding and provision of personal health services, public health services, and disability support services. It also established new publicly owned health and disability organisations, such as District Health Boards and the Pharmaceutical Management Agency (Pharmac).

Section 3(1)(d) describes one of the objectives as being to facilitate access to, and the dissemination of information to deliver, appropriate, effective, and timely services.

Health Act 1956

Health Act 1956

The Health Act 1956 gives health authorities the function of improving, promoting and protecting public health. It contains specific provisions in section 22 governing the disclosure of health information about identifiable individuals by and between health service providers and other agencies with statutory functions.

Health (Retention of Health Information) Regulations 1996

Health (Retention of Health Information) Regulations 1996
The Health (Retention of Health Information) Regulations 1996 was introduced to set a minimum period of 10 years for which health information has to be held by health or disability service providers. It also covers the form in which health information is to be retained and the obligations associated with the transferring of health information, for example, when a service provider ceases business.

Cancer Registry Act 1993 and Cancer Registry Regulations 1994

Cancer Registry Act 1993 and Cancer Registry Regulations 1994

The Cancer Registry Act 1993 and Cancer Registry Regulations 1994 were introduced because of the under-reporting of primary cancers in New Zealand. This limited the use of the data collection in research and in monitoring and evaluating cancer prevention and control programmes.

Since 1994, with the onus on the person in charge of each laboratory to report primary cancers, the number of pathology reports sighted and actioned by the Cancer Registry has greatly increased. As a result, the quality, completeness and credibility of the national cancer database have improved significantly.

Section 4 of the Act requires the Director-General of Health to maintain or arrange for the maintenance of a Cancer Registry. The Cancer Registry Regulations stipulate the details of the reports that need to be provided to the Director-General for this Registry.

Official Information Act 1982

Official Information Act 1982
Official Information Act 1982

The Official Information Act 1982 was established to make official information more freely available.

Its relevance is when a request for information held by the Ministry of Health is from someone who is not the subject of the information or their personal representative. This is treated as a request under Part II of the Act and is subject to the principle of availability under section 5, and should be made available unless good reason for withholding exists.

Public Records Act 2005

Public Records Act 2005
The Public Records Act 2005 provides, inter alia, a comprehensive framework for the systematic creation and preservation of public archives and local authority archives. In particular it gives the Chief Archivist, who is also the Chief Executive of Archives New Zealand, powers of direction with respect to archiving and disposal decisions over health information held by the public sector.