An outline of the purpose for collecting information identifying registered health practitioners, what information is held on the HPI, what it is used for, and to whom it is disclosed.

Purpose for collection (in relation to registered health practitioners)

The principal purpose of the HPI is to uniquely identify health practitioners and to hold that information in a central, national database. To be able to do this, the HPI holds identifying information about each practitioner. The practitioner information is sourced from each practitioner’s Responsible Authority according to a Data Provision Agreement. This agreement sets out who can access the information. Parties seeking to access the information held on the HPI may be required to sign a data access deed.

What practitioner information is held on the HPI?

The HPI currently holds only information sourced from public registers, which is provided by responsible authorities. This includes practitioner name, qualifications, practicing status, scope of practice, conditions on practice, and, in some cases, contact details. Over time, the HPI may hold more information about practitioners, but this will be only be collected and disclosed where agreed with each responsible authority.

The intention is to also extend the coverage of the HPI to all health care workers.

What will the practitioner information be used for?

Practitioner information will be used to uniquely identify individual practitioners.

Who will be able to access information about practitioners from the HPI?

Health sector organisations will have access to public register information held on the HPI. This means they will be able to use the HPI to access information that is already publicly available through responsible authority public registers. They will not be able to access any other information that the HPI may hold. Certain healthcare organisations such as ACC, DHBs and the Ministry of Health will be permitted to access additional practitioner information, subject to the prior agreement of the practitioner’s responsible authority. The additional data that each of these organisations will be able to access will be specified in both the data provision agreement (with the practitioner’s responsible authority) and the data access deed (with the data consumer).

Who to contact if you have any questions or concerns?

In the first instance, practitioners should contact their Responsible Authority. For any complaints about use or disclosure of information identifying you, then this should be directed to the Office of the Privacy Commissioner.