The Health Information Privacy Code sets specific rules for how health information is collected, used, held and disclosed by agencies in the health sector.
The MCP Programme has worked with the Office of the Privacy Commissioner and the five Midland DHBs to develop a comprehensive approach to privacy, based on a principle of ‘Trust but Verify’ for the foundation Midland Clinical Portal solution (Phase 1).
The ’Trust’ element of the Midland Clinical Portal is that a clinician who has successfully logged on to their local clinical system is trusted to be given access to the Midland Clinical Portal.
The ’Verify’ element is that all access to patient information and any related activity within the Midland Clinical Portal is recorded in detailed audit logs, which can then be used to provide detail on access to a patient’s records or provide detail on a clinician’s access.
In addition, the platform the Midland Clinical Portal solution runs from has undergone an assessment to ensure the system complies with the Department of Internal Affairs requirements for using cloud services.