Four healthcare IT companies warned that a primary health organization (PHO) put up to 800,000 patients’ medical data at risk.

On 17 July, New Zealand and Australian healthcare companies HealthLink, Medtech Global, myPractice and Best Practice Software New Zealand sent a letter to New Zealand’s Privacy Commissioner. In it, they explained how they learned in June that ProCare Health had been storing hundreds of thousands of patients’ information including names, addresses, financial information, clinical data and medication histories in a database called “Clinical Intelligence System.”

The four companies said they didn’t know the extent of the data collection but asserted it was unacceptable to store so much data in a single location. They clarified the data storage was particularly troubling because most patients and some general practitioners (GPs) “seemed unaware of the ProCare database,” as reported The New Zealand Herald. The companies therefore argued that ProCare Health could at best have undermined patients’ trust in the public health system and at worse breached NZ Health Information Privacy Code.

As they explained in their letter: “At a time when attitudes towards patient privacy are shifting in favour of giving greater protections to the individual, here is an organisation that has no direct patient relationship asking doctors to help it amass all the patient records it can get access to.”

For its part, ProCare Health said it did nothing wrong. The PHO noted that it relies on consent to collect information it needs to function from its patients when they visit their doctor. Clinical director Dr. Allan Moffitt told Stuff in a statement that ProCare Health takes great efforts to protect patients’ information once it has collected it:

Patients should understand from the enrolment form that identifiable information is shared with the PHO for the purposes stated. The PHO has (Read more...)