Health Information Privacy Code 

How does the Privacy Act keep my health information safe?

The Privacy Act keeps your personal information safe and makes sure that it is collected and used properly. It also gives you the right to see your own information and make sure that it’s all correct. If you want more information about the Privacy Act you can check out the Privacy Commissioner's website.

The Health Information Privacy Code (HIPC) specifically protects your health information by setting out rules for health agencies to follow. The code controls how sensitive health information - like your medical history - is collected and used by health agencies. The HIPC also gives New Zealanders the right to get all personal health information about themselves from rest homes, doctors, nurses, dentists, pharmacists, district health boards and anyone else who provides personal or public health or disability services.

What are my rights under the Health Information Privacy Code?

You have the right to know who is going to see your health information and what will happen to it in the future. You also have a right to see your own health information and your doctor or health professional can give you access to it or your own copy. You can only see your own information, not your partner’s or anyone else’s (unless you have been authorised as their agent or representative e.g. as someone’s principal caregiver – other exceptions are listed in Rule 11 of the Code).

Can I access my medical records and how much will it cost?

You have a right to see your own health information. If you make a request to your doctor or other health agency they must respond within 20 days of your request.

If the agency does not respond to your request to access your health information within 20 working days, or they have denied your request and you are unsatisfied with their reason, you can complain to the Privacy Commissioner.

If you made your request to a public health sector agency (e.g. your DHB), they cannot charge you a fee for this. Private sector agencies (e.g. your private sector dentist) can only charge you if they have provided you with the same information in the last twelve months. More about this is on this Privacy Commissioner fact sheet.

If you think that any of your personal information isn’t correct then you have the right to ask that it be corrected. If the agency doesn’t correct it they still need to make a note of your request.

What is my National Health Index number, and what is it used for?

A National Health Index number is assigned to anyone who uses health and disability support services in New Zealand. This number keeps your health information private and is stored on a National Health Index along with your personal details, such as age, gender and ethnicity. You will see it at the top of appointment letters you get from the hospital and it’s a good idea to have it handy when you phone up the hospital about something. It helps them identify you and your medical record quickly. This number can only be used within the health sector.

How do I complain if my health provider hasn’t respected my privacy?

If you’re not happy about how your health information has been handled, you should speak to the person or organisation involved first. If you’re still unhappy you can complain to the Privacy Commissioner. You might find it helpful to discuss the complaints procedure with your local Citizens Advice Bureau because every health agency has a different way of dealing with these complaints. If the information has been wrongly given to someone else, not safely stored, or you have been refused access without good reason, then you can complain.