This report has been prepared according to guidelines issued by Office of the Privacy Commissioner and follows the format suggested in the Privacy Impact Assessment Handbook. It is intended to explain the proposal in plain language, and analyse the privacy issues from a policy perspective.

The role of this report is to contribute to the debate around the questions, ‘given the privacy impacts (if any), should the project proceed,’ and if the answer to that question is ‘yes’, ‘how can the project proceed in a way that minimises privacy impacts?

A draft of this report was circulated to interested parties such as responsible authorities, and to the Office of the Privacy Commissioner, in April 2003. Since then there have been changes in the design of the proposed HPI and changes in the law. This version of the report reflects feedback received from stakeholders, the current design settings as at December 2003, and changes to the law, particularly the Health Practitioners Competence Assurance Act 2003.

This report remains a ‘living document’. As the project progress, further choices will be available to the system designers as to how the system is configured, what data will be collected, what technical security measures will be employed, who will have access to what information, for what purposes. At each of these decision points the privacy considerations should be taken into account, and made explicit in the decision making process.