Aim: To examine the practices used by New Zealand's 20 district health boards (DHBs) to protect patient privacy when patient information is used for research, and particularly practices for de-identifying information.
Method: An e-mailed questionnaire survey, using New Zealand's Official Information Act to request information on the policies and practices of each DHB.
Results: 19/20 DHBs (95%) responded to the survey, one of which reported that it did not provide patient information for research. 18/18 (100%) of the DHBs that reported providing patient information for research required the project to have ethics approval. 18/18 (100%) of the DHBs that offered patient data for research also required individual patient consent and/or de-identification of the information before it was used for research. 14/18 DHBs (78%) deidentified data before releasing it for research, 8/18 DHBs (48%) sought individual patient consent before releasing data for research, and 5/18 (28%) used both methods. Other measures to protect privacy included confidentiality agreements, encryption and cybersecurity procedures.
Conclusion: Our findings show DHBs self-report that they have sufficient measures in place to protect privacy when patient information is used for research. However, these measures need to be continuously evaluated against rapidly evolving international practices and technological developments.