Jump to start of main content.

The New Zealand Health Information ServiceGo to the Ministry of Health home page.
      

NEW ZEALAND HEALTH INFORMATION SERVICE

Home > technical documentation > MHINC information


Mental Health Information National Collection (MHINC)

Privacy Impact Assessment and Commentary on the Mental Health Information Project for the New Zealand Health Information Service

Elisabeth Harding
February 1999

1. Executive Summary

1.1 In September 1997, the Minister of Health authorised the New Zealand Health Information Service (NZHIS) to develop a high level database containing information on the provision of secondary mental health and alcohol and drug services. The need to develop such a database flowed from the acknowledged need for national level information about the mental health sector.

1.2 In response to this requirement the Mental Health Information Project (MHIP) was established. The objective of the project is to provide complete, accurate and timely information on secondary mental health services.

1.3 This report focuses on privacy implications associated with the development of a database under the MHIP. It is split into two major parts:

  • Part 1 provides a background to the MHIP.
  • Part 2 provides a privacy impact assessment of the MHIP.

Part 1


1.4 Part 1 of the report provides a general overview of the MHIP in the context of:
  • National mental health strategy;
  • National mental health standards;
  • NZHIS;
  • The Mason Report;
  • Mental Health Commission;
  • Various legislative requirements; and
  • Professional and ethical codes, Standards New Zealand requirements, and Health Research Council guidelines.

Further contextual background information is provided on:

  • Database management;
  • Databases and their relationship to privacy legislation;
  • Current state of monitoring of mental health data; and
  • Content of mental health information database.

1.5 The following conclusions were reached in relation to Part 1 of this report:

1.5.1 Conclusion 1: The Ministry of Health has made a commitment to ensure that mental health services are available to those who need them. In order to monitor the success of implementing this commitment, it has been considered necessary to measure the delivery of secondary mental health services by both the public sector and non-governmental organisations.

1.5.2 Conclusion 2: One of the objectives of the MHIP is to provide a mechanism for monitoring the implementation of the mental health strategy with respect to the delivery of secondary care services.

1.5.3 Conclusion 3: Although there is no statutory requirement for providers to supply this information, the funding agreement for 1998/99 includes, as part of the performance measures for the Health Funding Authority (HFA) five year plan, a commitment from the HFA for “requirement for compliance with the NZHIS National Mental Health Information System to be included in 1998/2000 service specifications.”

1.5.4 Conclusion 4: Providing NZHIS is able to gain the commitment of the providers, NZHIS is in an excellent position to be able to carry out the development of a secondary database for the provision of aggregate data to effectively monitor the delivery of secondary mental health services.

1.5.5 Conclusion 5: However, NZHIS must ensure that all the purposes of the database are properly contemplated prior to implementation and that the mental health service providers are aware of these purposes so they may be conveyed to individuals receiving services, and whose information is to be provided.

1.6 Part 2: Privacy Impact Assessment

Part 2 of the report assesses privacy issues in relation to the development and operation of the Mental Health Information Database.

This part of the report is constructed in the following way:

  • General overview of the project from a privacy perspective.
  • Collecting/obtaining information: HIPC rules 1–4, with associated NZHIS response to collection issues and subsequent discussions.
  • Storage and security: rule 5, with associated NZHIS response to storage and security issues and associated discussion.
  • Accuracy: rule 8, with associated NZHIS response to accuracy issues and associated discussion.
  • Retention rule 9, with associated NZHIS response to retention issues and associated discussion.
  • Use and disclosure: rules 10 and 11, with associated NZHIS response to use and disclosure issues and associated discussion.
  • Unique identifiers rule 12, with associated NZHIS response to unique identifiers issues and associated discussion.
  • Access and correction: rules 6 and 7, with associated NZHIS response to access and correction issues and associated discussion.

1.7 Conclusions to Part 2 of the report:


1.7.1 Conclusion 1: Any centralised database containing identifiable information raises issues concerning the extent of information obtained and the purpose of such a database.

1.7.2 Conclusion 2: Overall, the way the project has been developed indicates that NZHIS is committed to taking a leadership role with respect to the provision of health information services generally, and in this instance the implementation of the MHIP.

1.7.3 Conclusion 3: In doing so it has recognised the need to ensure that its own staff are familiar with the requirements of the Privacy Act and the Health Information Privacy Code. In addition, NZHIS has acknowledged that in order to build a trusting relationship with health service providers, it is important that NZHIS help providers fulfil their obligations when collecting information from individuals.

1.7.4 Conclusion 4: NZHIS has taken the potential privacy impacts seriously and acknowledged the role it needed to play in ensuring that the providers are aware of the purposes of the information and their privacy obligation with respect to their patients.

1.7.5 Conclusion 5: Trust in NZHIS and value in the benefits of the MHIP by both the providers of mental health services and the individuals receiving those services, will be the deciding factor to the ultimate success of the project.

1.8 Recommendations (not in any order of priority)

1.8.1 Recommendation 1: NZHIS needs to document its information management policy regarding the MHIP. This policy should provide an overview of how the information will be protected from potential privacy intrusions including:

  • how NZHIS will ensure that providers are aware of their obligations when collecting information from individuals for the MHIP;
  • storage and security safeguards in place to protect the information;
  • retention periods for electronic and paper records;
  • how accuracy of the information will be achieved;
  • restrictions on access to identifiable information by staff of NZHIS and a policy for dealing with unanticipated requests for information held on the database;
  • protocol for dealing with research projects;
  • restrictions on the linking, by NHI number, of information obtained from the MHIP;
  • a procedure enabling individuals to access their personal information and request correction.

1.8.2 Recommendation 2: NZHIS should consider the possibility of appointing a group to monitor the implementation of MHIP on an on-going basis, including monitoring how effective the project is in supplying the statistics necessary to measure the implementation of the National Mental Health Strategy. Such a group could also have responsibility for protecting the information and considering requests for access for research projects and official information requests. For example, NZHIS may chose to invite interested groups to be represented on the group such as Mental Health Commission, the Office of the Privacy Commissioner, and mental health consumer groups.

1.8.3 Recommendation 3: NZHIS needs to develop education materials such as posters and pamphlets, use of web site for both providers and individuals to gain an awareness and understanding about the MHIP. These materials should explain:

  • the objectives of the project and why specific information needs to be collected;
  • how the information will be protected, and who will be able to use the information;
  • individual’s right to access and correct information held by NZHIS.

NZHIS should work with the Office of the Privacy Commissioner in developing these materials.

1.8.4 Recommendation 4: NZHIS needs to provide on-going training for staff to ensure that they are aware of how personal health information should be protected from potential privacy risks.

1.8.5 Recommendation 5: NZHIS needs to consider whether it is necessary to retain information about deceased persons in an identifiable form as there will be no need to add further information to those records.

1.8.6 Recommendation 6: NZHIS needs to ensure that a field is included on the database to provide an alert where an individual has requested the correction of information or the inclusion of a statement of correction. This will alert those considering disclosing information for research purposes of the possible inaccuracy of the information.



top of page.



Top  Back