As they explained in their letter: "At a time when attitudes towards patient privacy are shifting in favour of giving greater protections to the individual, here is an organisation that has no direct patient relationship asking doctors to help it amass all the patient records it can get access to."For its part, ProCare Health said it did nothing wrong. The PHO noted that it relies on consent to collect information it needs to function from its patients when they visit their doctor. Clinical director Dr. Allan Moffitt told Stuff in a statement that ProCare Health takes great efforts to protect patients' information once it has collected it:
Patients should understand from the enrolment form that identifiable information is shared with the PHO for the purposes stated. The PHO has strict procedures to ensure that individual patient privacy is protected and uses the data for improving healthcare provision and planning.... ProCare takes very seriously the care of both patients and their records and has very robust frameworks and processes in place to ensure all legislation obligations are met.A spokesperson for the Privacy Commissioner said the office had received the four healthcare IT companies' letter and would be reviewing the case to determine if further action was warranted. Given the types of digital threats confronting them, healthcare organizations should make sure they've taken appropriate steps to secure patients' electronic health records. Here are some recommendations. Healthcare organizations should also consider purchasing a solution that provides comprehensive digital security protection.