Privacy

(1)  Use Case  

(2) Data Sensitivity 

Validate 
eg. Confirm information supplied is correct or give an error if incorrect  

No personal or health information about identifiable individuals or information is available 

Search / Read 
eg. Displaying read-only view of planned events 

Publicly available information relating to identifiable individuals eg. information about registered health professionals which is publicly available via their registering authority  

Create / Add to / Update / Edit 
eg. Adding a new allergy, updating an existing allergy information to add more detail 

Personal, Health or Demographic information about identifiable individuals eg. name, date of birth, address, NHI along with information about an individual’s social circumstances (eg. housing, education, employment, whanau, domestic abuse, finances) and/or an individual’s health (eg. diagnosis, conditions, smoking status, treatment, care plans, discharge papers, clinical records, weight).  

Delete 
Can remove existing data 

(2) Data Sensitivity 

1 

2 

3 

(1)  Use Case 

4 

3 

2 

1 

No harm if sharing limited to authorised agencies or individuals  
Should only be used by or shared with specified authorised agencies or individuals as could include personal or health information about identifiable individuals  

Potential harm  
If compromised or destroyed in an unauthorised transaction may breach privacy or individuals and/or impact organisation as includes personal or health information about identifiable individuals   

Serious harm  
If compromised or destroyed in an unauthorised transaction will seriously breach privacy or individuals and/or significantly impact organisation as includes personal or health information about identifiable individuals.  

NOTE:  Level of identity can differ at this level depending on what info is available. 

Catastrophic harm  
If compromised or destroyed in an unauthorised transaction will very seriously breach privacy or individuals and/or catastrophically impact organisation as includes personal or health information about identifiable individuals  

You must only collect the minimum information necessary to achieve that purpose and redacting/ignoring the remaining data from the API. 

YES 

YES 

YES 

YES 

You must anonymise the data using Appendix 13 of the HISO Health Information Governance Guidelines to mitigate the impact of a potential privacy incident 

NO 

NO 

YES 

YES 

You must have a method for recording consents for processing personal information and consent revocations from data subjects whose data will be shared via the API. 
 
If you do not need to track consent under New Zealand Privacy Laws, please provide the condition that allows you to process personal information without consent in the comments box. 

YES 

YES 

YES 

YES 

You must have a privacy notice that is compliant with New Zealand Privacy Act 2020 requirements. 

YES 

YES 

YES 

YES 

Your staff who will have access to the personal data must have been trained on their privacy and data protection responsibilities under the Privacy Act 2020. 

YES 

YES 

YES 

YES 

You must have a process in place for individuals to request actions on their data (access and correction) in accordance with the New Zealand Privacy Act 2020. 

YES 

YES 

YES 

YES 

You must have an information retention and disposal policy for PII and can you demonstrate compliance with. 

YES 

YES 

YES 

YES 

You must audit access, use and disclosure of personal or health information. 

YES   

YES 

YES  

YES  

You must have performed a Privacy Impact Assessment on the systems and processes involved in processing personal data to understand the privacy risks involved. 

YES 

YES 

YES 

YES 

If a PIA was performed, you must have all the identified actions been completed. 

YES  

YES  

YES  

YES