top of page

Privacy Guidance

GUIDANCE FOR MEMBERS SEEKING PROFESSIONAL INDEMNITY OR LEGAL ADVICE

PURPOSE OF GUIDANCE

1. This document provides guidance to members of Te Whare Tohu Tapuhi Aotearoa | The College of Nurses Aotearoa (the College) on how to manage patient privacy when seeking professional indemnity or legal advice.
 

2. The College is committed to supporting its members’ compliance with the Privacy Act 2020 (Act) and the Health Information Privacy Code 2020 (Code).
 

3.This guidance is intended to support good practice and does not replace a member’s professional, legal, or organisational obligations.

WHEN MEMBERS MAY SHARE PERSONAL OR HEALTH INFORMATION

Sharing personal or health information of a client with the College

 

4. Members may need to share personal or health information with the College when seeking advice or support in relation to:

 

a. complaints or investigations;

b. clinical incidents or adverse events;

c. medico-legal concerns; and

d. professional conduct issues.

 

5. Where possible, this information should be de-identified. Identifiable information should only be provided where:

 

a. the member has obtained the client’s consent; or

b. it is necessary for the College to provide legal or insurance support, and the information shared is limited to what is reasonably necessary.

 

6. When a member provides patient-related information to the College, the College will:

 

a. treat it as confidential;

b. use it only for the purpose of providing advice, support, or indemnity;

c. limit access to authorised personnel only; and

d. take reasonable steps to protect it from unauthorised access or disclosure.

 

7. The College may share information with its insurer or legal advisers where necessary to support the member’s request.

 

8. Where the College collects personal or health information about a client from a member, it will comply with Information Privacy Principle 3A (IPP3A), including taking reasonable steps to notify the client of the fact that the information has been collected, unless:

 

a. the member has already provided that notification; or

b. an exception applies under the Privacy Act 2020.

 

9. This notification may include information such as:

 

a. the fact that the information has been collected;

b. the purpose of the collection;

c. the intended recipients of the information;

d. the name and address of the agency that is collecting the information and the agency that holds the information;

e. if the collection is authorised or required by law, which particular law; and

f. their rights of access to, and correction of, their information.

 

10. The College is not required to notify an individual where:

 

a. the information is anonymised or does not identify the individual; or

b. another exception applies under the Privacy Act 2020.

 

Sharing personal or health information of a client with insurer and lawyer

 

11. Members may need to share the personal or health information of a client with their insurer or legal advisor where it is necessary to obtain legal advice and defend a complaint.

 

12. This may be done without the client’s consent where the disclosure is necessary for the purposes of legal proceedings before a court or tribunal that have commenced or are reasonably contemplated.

 

13. In other situations, the member should obtain the client’s consent before sharing their information. This consent is often obtained through the organisation’s standard consent forms when a client registers for services.

 

14. Where a member shares a client’s personal or health information with a lawyer or insurer, those parties are not required to notify the client under Information Privacy Principle 3A where it is reasonable and necessary not to do so, including where notification would prejudice legal proceedings.

SHARE SECURELY

15. Members should ensure that information is shared with the College and/or their lawyer/insurer in a secure way, such as:

 

a. by a secure email; and

b. on approved systems or platforms.

 

16. Members should avoid sending sensitive information through insecure or personal channels.

RETENTION OF INFORMATION

17. Information provided in relation to professional advice or complaints may be retained in accordance with the College’s legal, regulatory, and insurance obligations.

YOUR RESPONSIBILITIES AS A MEMBER

18. When a member seeks advice, the member is responsible for:

 

a. ensuring the disclosure is lawful under the Act and Code;

b. only sharing information that is necessary; and

c. taking reasonable steps to protect patient privacy.

 

19. Members should ensure their own privacy and consent processes allow for disclosure of information where necessary to seek professional or legal advice. A statement such as the following in a consent form is recommended:

 

“For the purposes of meeting our obligations under the Privacy Act 2020 and the Code of Health and Disability Services Consumers’ Rights, we may seek advice from legal or professional advisers. As part of this process, we may share relevant health information, limited to what is necessary.”

 

20. If a member is employed by a health agency, the member should follow their employer’s privacy and consent policies and processes and is responsible for raising any issues with these with their employer.

QUESTIONS OR CONCERNS

21. If you are unsure about what information you can disclose to the College or your insurer and/or legal advisor, you are encouraged to contact the College for guidance before providing details.

bottom of page