1. Do you have a privacy officer and at what level of DHB leadership do they sit?
2. Do you have a chief data officer and if so, what is their responsibility in the organisation?
3. How do you gain patient consent for data sharing - ie via a consent form? (please provide a copy of the form or statement that explains how patient data is shared)
4. For what purposes are you sharing patient identifiable health information within the DHB?
5. Do you share patient identifiable information outside of the DHB and if so, with what other entities? Ie other DHBs, PHOs, GPs, NGOs, social services. If so, what agreements do you have in place to support this?
6. Do you share any personal data directly with patients? (appointment and discharge letters/ emails to patients should not be included in this definition of ‘sharing personal data’) a. If yes, what data do you share and via what method?
7. Do you plan to let consumers access and contribute to their own health information online, via something like a patient portal, in the future? a. If so: when do you plan to implement and what info will be shared first?
8. How does your organisation govern data sharing?