Below is an outline of the purpose for collecting information identifying registered health practitioners, what information will be held on the Health Practitioner Index (HPI), what it will be used for, and to whom it will be disclosed.
Purpose for collection (in relation to registered health practitioners)
The principal purpose of the HPI is to uniquely identify health practitioners and to hold that information in a central, national database. To be able to do this, the HPI needs to hold identifying information about each practitioner. The practitioner information will be sourced from each practitioner’s Responsible Authority according to a Data Provision Agreement. This agreement sets out who will be able to access the information. Parties seeking to access the information held on the HPI will be required to sign a data access deed.
What practitioner information will be held on the HPI?
The HPI will initially hold only information sourced from public registers, which will be provided by responsible authorities. This includes practitioner name, qualifications, practising status, scope of practice,conditions on practice, and, in some cases, contact details. Over time, the HPI may hold more information about practitioners, but this will be only be collected and disclosed where agreed with each responsible authority.
What will the practitioner information be used for?
Practitioner information will be used to uniquely identify individual practitioners.
Who will be able to access information about practitioners from the HPI?
Health sector organisations will have access to public register information held on the HPI. This means they will be able to use the HPI to access information that is already publicly available through responsible authority public registers. They will not be able to access any other information that the HPI may hold. Certain healthcare organisations such as ACC, DHBs, HealthPAC and the Ministry of Health will be permitted to access additional practitioner information, subject to the prior agreement of the practitioner’s responsible authority. The additional data that each of these organisations will be able to access will be specified in both the data provision agreement (with the practitioner’s responsible authority) and the data access deed (with the data consumer).
Who to contact if you have any questions or concerns?
In the first instance, practitioners should contact their Responsible Authority. For any complaints about use or disclosure of information identifying you, then this should be directed to the Office of the Privacy Commissioner.