Use and confidentiality of your health information
Your privacy and confidentiality will be fully respected. This fact sheet sets out why we collect your information and how that information will be used.
Consent to collect patient health information
Patients directly consent to health information (patient data) being collected when they sign an enrolment form with their family doctor or visit a GP practice.
Your health information will be shared with others involved in your healthcare.
This helps to improve care for individuals, and with the health information from many people collected together it can be used to improve health services, care for other patients and future generations as well as community wellbeing.
Why do we collect your information?
We collect your health information to provide a record of care. This helps you receive quality treatment and care when you need it.
Patient data is used for the following reasons:
- To measure and improve the quality of healthcare
- To understand the frequency and severity of common major health problems
- To ensure that the differences in health status between different population groups are reduced
- To identify health prevention and promotion strategies
- To advocate for changes and improvement to health care funding and delivery
- To support some health research, subject to approval by an ethics committee
- To meet contract requirements with the Ministry of Health needed to obtain funding to reduce the cost of your GP visits.
We also collect your health information to help:
- Keep you and others safe
- Train healthcare professionals
- Prepare and publish statistics
- Improve government services
- Population health and quality improvement
- Sending reminders or recalls as appropriate.
What information is collected?
Enrolled patients
- Information about you (name, date of birth, gender, address, ethnicity, citizenship, NHI number) Information about your health and your medical conditions and measurements
- Information about health services that are being provided to you e.g. medications, immunisations, health screening, lab results I
- Information about the financial transactions around consultation charges.
If you are a casual patient, only non-identifiable information is collected.
Information is not collected from your consultation notes (the progress notes your GP made on your file regarding your visits).
Confidentiality and information sharing
- Your privacy and the confidentiality of your information is really important to us.
- Your health practitioner will record relevant information from your consultation in your notes
- Your health information will be shared with others involved in your healthcare and with other agencies with your consent, or if authorised by law
- You don’t have to share your health information, however, withholding it may affect the quality of care you receive. Talk to your health practitioner if you have any concerns
- You have the right to know where your information is kept, who has access rights, and, if the system has audit log capability, who has viewed or updated your information
- Your information will be kept securely to prevent unauthorised access.
Information quality
We’re required to keep your information accurate, up-to-date and relevant for your treatment and care.
Your right to access and correct
You have the right to access and correct your health information.
- You have the right to see and request a copy of your health information. You don’t have to explain why you are requesting that information, but may be required to provide proof of your identity. If you request a second copy of that information within 12 months, you may have to pay an administration fee
- You can ask for health information about you to be corrected. Practice staff should provide you with reasonable assistance. If your healthcare provider chooses not to change that information, you can have this noted on your file.
Many practices now offer a patient portal, which allows you to view some of your practice health records online. Ask your practice if they’re offering a portal so you can register.
How your health information is used
Examples of how your health information is used is outlined below:
If your practice is contracted to a Primary Health Organisation (PHO), the PHO may use your information for clinical and administrative purposes including obtaining subsidised funding for you.
- Some health information we collect and generate is stored electronically by cloud service providers located in Australia. This information may also be processed (but not stored) by these providers in other countries. The information is encrypted at all times and these providers comply with internationally recognised security standards
- Health New Zealand (Te Whatu Ora) uses your information to provide treatment and care, and to improve the quality of its services
- A clinical audit may be conducted by a qualified health practitioner to review the quality of services provided to you. They may also view health records if the audit involves checking on health matters
- When you choose to register in a health programme (eg immunisation or breast screening), relevant information may be shared with other health agencies
- The Ministry of Health uses your demographic information to assign a unique number to you
on the National Health Index (NHI). This NHI number will help identify you when you use
health services - The Ministry of Health holds health information to measure how well health services are delivered and to plan and fund future health services. Auditors may occasionally conduct financial audits of your health practitioner. The auditors may review your records and may contact you to check that you received those services
- Notification of births and deaths to the Births, Deaths and Marriages register may be performed electronically to streamline a person’s interactions with government.
Update to Privacy Act (IPP3A) effective 1 May 2026*
One of the important changes in the Privacy Amendment Act 2025 is the addition of Principle (IPP)3A. This requires that when personal information is collected indirectly from someone other than the person themselves, then the agency (e.g. general practice) is required to notify those people that information has been received. This is not required when the person is already aware or has been informed that the information will be sent to the practice.
Examples of personal information that is received indirectly in the practice:
- Laboratory results
- Radiology reports
- Immunisation vaccinations
- Screening results e.g. cervical screening, mammography, bowel screening
- Shared care records
- Hospital discharge summaries.
- Testsafe
- Allied Health
*This is an interim communication and will be updated upon receipt of further guidance from Health New Zealand and/or the Office of the Privacy Commissioner.
Research
Your health information may be used in research approved by an ethics committee or when it has had identifying details removed.
- Research which may directly or indirectly identify you can only be published if the researcher has previously obtained your consent and the study has received ethics approval
- Under the law, you are not required to give consent to the use of your health information if it’s for unpublished research or statistical purposes, or if it’s published in a way that doesn’t identify you.
Complaints
It’s OK to complain if you’re not happy with the way your health information is collected or used.
Talk to your healthcare provider in the first instance. If you are still unhappy with the response you can call the Office of the Privacy Commissioner toll-free on 0800 803 909, as they can investigate this further.
For further information
Further detail in regard to the matters discussed in this fact sheet can be found on the Health New Zealand / Te Whatu Ora website.
For details about your health information and how it’s used, please review our Privacy Policy.
