Privacy Commissioner finds no evidence to justify investigation into ProCare

Privacy Commissioner John Edwards has found no evidence to justify an investigation into ProCare after receiving a joint letter of concern from four New Zealand and Australian healthcare IT companies.

The Commissioner received a letter in July 2018 expressing concern that ProCare was breaching the Health Information Privacy Code by using a Clinical Intelligence System (CIS) database to collect and store patient information.

The letter asked the Commissioner to launch a formal investigation into ProCare. The concerned parties also made statements about the matter to the media, and it was widely reported that up to 800,000 Aucklanders may have had their privacy breached.

“I have found no substance to allegations of such a breach,” Mr Edwards said.

“I considered the issues that the letter raised, reviewed my Office’s work with ProCare, and did not see sufficient evidence to justify an investigation at this time.”

ProCare appears to have acted responsibly in the development of the CIS database. This includes consulting the Office of the Privacy Commissioner, undertaking a Privacy Impact Assessment, and providing it to the Office for review at the beginning of 2017.

The Commissioner also stressed to the concerned parties the importance of considering the effect on public confidence before making public statements.

“Making alarmist claims that the health information of 800,000 patients may be at risk can cause unnecessary anxiety for those patients and needlessly undermine confidence in the health system,” Mr Edwards said.

“I appreciate these concerns being brought to my attention, but I see no evidence that this database has harmed patients, or that it presents a likely risk of harm. As a result, my Office will not be taking any further action at this stage,” Mr Edwards said.