Te Āhua O Tā Mātou Whakahaere I Ō Mōhiohio Whaiaro

How We Manage Your Personal Information

Release of information to Manatū Hauora | Ministry of Health

The response to a request for information from the Ministry of Health by Te Tatau o te Whare Kahu | Midwifery Council (the Council) can be found HERE.

Collection, use and protection of personal information held by the Council

The Council collects personal information from applicants and practitioners to carry out the purposes detailed in the Health Practitioners Competence Assurance Act 2003 (the HPCAA) (s118).

We also collect information from people who wish to make a complaint about the practice of a midwife.

The Council is committed to safeguarding your privacy and the security of the personal information that it collects and holds about you. We aim to achieve this by complying with the provisions of the HPCAA, the Privacy Act 2020 and applying best practice around managing personal information. Managing your personal information means we will use it only for the purposes or directly related purposes for which we collected it; we will only keep it for as long as it remains necessary; it will be kept securely while we hold it; and, when you wish to understand what information we hold about you, we will enable you to access the information where appropriate.

Midwives’ Personal Information

The HPCAA requires the Council to maintain a public register about practitioners. The register details include your:

Name
Qualification including education provider where known
Registration Status
Practising certificate status
Expiry Date of Practising Certificate
Conditions on practice (if any)
Statistical information

The Council is also required to share practitioner information with the Ministry of Health to contribute to workforce and planning issues. The information we share with the Ministry includes your:

Name
Date of birth
Ethnicity
Gender
Qualification/s
Employer
Place or places of work
Average weekly number of hours worked at each place of work
Average caseload size
Practising certificate status
Conditions on practice (if any)

Much of the information collected is required under the HPCAA. Where collecting information is not required under the HPCAA the Council will ask your consent before it obtains the information (e.g. providing a work phone number).

Where information is provided to the Council about an applicant or registrant from another source (such as from a referee, or confirming registration in another jurisdiction) you will usually be asked to provide authority for that to occur, except where required under the law.

When you log into and make use of the practitioner portal, MyMCANZ, or other components within that system, the event is recorded in your practitioner audit log. The Council uses that information to access the effectiveness of its communications and processes.

Complainants’ Personal Information

Where you send a complaint to us we will collect biographical information about you, such as your name, address and contact details, to enable us to act on the issues you have brought to our attention.

We will also require details about the issues that concern you, which may require you to provide health information and related information about you and your relationship with a midwifery service.

Use of information

Midwives and Applicants

The Council is mindful that any sharing or disclosure of your information needs to be necessary and proportionate to the reasons we have collected it from you. There may be circumstances where we are compelled by other laws to disclose information. For example, where it is required for a hearing in a Court or where it is necessary for law enforcement purposes.

Regulatory and workforce data is compiled and shared with stakeholders when requested. The Council also uses practitioner information to provide publicly available data, such as the Annual Report and workforce survey each year. In these reports data is aggregated and individual practitioners are not identified.

The Council is required to have up to date contact information for practitioners to provide registrants with information relevant to their registration, practising status, and responsibilities as a registered health professional. Under the HPCAA (s140) practitioners also have responsibilities to ensure their details are correct.

The Council shares some information. The Ministry of Health provides the Council with Health Practitioner Index or CPN numbers that are allocated to practitioners. These are unique identifiers.

Occasionally, the Council may be asked to participate in research. Practitioner contact information is not shared with researchers at any time. The Council also carries out its own research and auditing activities to determine the effectiveness of its processes and policies. Any practitioner information used for these purposes is anonymised and not used in any way that could be linked to you as an individual.

The Council will use your practitioner information and information provided to us by complainants to manage complaints about you. Where necessary and proportionate to the complaint, we will ensure you are fully aware of the details of any complaint. Complaints may warrant us sharing information with an independent assessor engaged by the Council, a specially appointed Professional Conduct Committee or a Disciplinary Tribunal.

Complainants

The Council will use the information that you give us to contact you about your complaint and assess the matters you have complained about. It may share your information with others, such as with the Health and Disability Commissioner when required to refer your complaint. It may also share the information with an independent assessor who is engaged to complete a clinical review and analysis of the concerns you have raised. If your concerns warrant further investigation we may share them with a specially appointed Professional Conduct Committee or a Disciplinary Tribunal.

The Council will not use your personal information for any other purpose except as required by the Privacy Act 2020 or where required by another law, for example where it is required for a hearing in a Court or where it is necessary for law enforcement purposes.

Protection & Storage of information

All information in electronic form is stored in a secure, password-protected database and/or server. Personal information provided in hard copy is kept in secure locked storage at the Council’s offices while it is being used to further a service to you. Our long- term storage of hard copies is managed at a secure off-site location.

The Council manages practitioner information using cloud-based specialised regulatory software. Data is held on a Web Server (AWS) based in New Zealand and a server based and backed up in Sydney, Australia.

All of the Council’s staff undertake privacy and security training as part of their induction process and ongoing training. Privacy and security practices and policies are reviewed regularly by the Council.

Access to personal information

You are entitled to request a copy of the information that the Council holds about you and to request the Council to consider a correction where you consider the information we hold to be incorrect. These requests will be managed according to the provisions of the Privacy Act 2020.

Practitioners are encouraged to ensure the accuracy of the information held about them and to contact the Council if amendments are required. Practitioners have the ability to amend some information held about them through the MyMCANZ portal.

Requests for access to or correction of personal information should be addressed to the Midwifery Council Privacy Officer:

By email to: The Privacy Officer at [email protected]

By post to: The Privacy Officer, Midwifery Council, PO Box 9644 Marion Square Wellington 6141 New Zealand

The Council aims to respond to such requests as soon as possible and certainly within the expectations of the Privacy Act 2020.

Retention and disposal of personal information

The Council has a document retention and destruction policy and schedule and all personal files, both hard copy and electronic, that are archived are to be disposed of in alignment with the requirements of the policy.

Any personal information that is no longer required will be securely destroyed. Hard copy information is destroyed using a recognised document destruction company. Electronic information is deleted from the server and/or database.

Notifiable Breaches Involving Your Personal Information

The Privacy Act 2020 requires agencies to notify the Privacy Commissioner, and individuals whose information is involved, of any serious privacy breach. The Council will let you know as soon as practicable if your information is involved in a breach that may cause or has caused you some harm. Our Privacy Breach policy is viewable here.

Research and Statistical Use of Personal Information

The Council may use your information for research and statistical purposes. We may also use it to create learning opportunities for our staff and contractors.

We will only retain and use your personal information in these circumstances where it has been anonymised and de-identified to the extent that it cannot be re-identified.

Complaints to the Council

Any person may make a complaint about a breach of their privacy to the Council. Complaints should be addressed to the Council’s Privacy Officer:

By email to: The Privacy Officer at [email protected]

By post to: The Privacy Officer, Midwifery Council, PO Box 9644 Marion Square Wellington 6141 New Zealand

The complaint should include:

your name
the circumstances surrounding the complaint: What happened? When did it happen? Who was involved?
the action you would like to see happen.

The privacy officer may contact you for further information. An investigation into the complaint will be carried out without delay. The outcome of the complaint will be communicated to you, along with any action taken by Council.

If you are unhappy with the resolution of your complaint, you may complain to the Office of the Privacy Commissioner. Information on this process may be found HERE.