17 October 2023
AS Van Wey
[FYI request #24182 email]
Kia ora Amy
Your Official Information Act request, reference: GOV-027853
Thank you for your request of 19 September 2023, asking for the fol owing information under the Official
Information Act 1982 (the Act).
I request all policies, manuals, processes, guidelines, instruction documents, or any other document
which describes what happens to claims and who has access to claims after (1) ACC has declined
cover, (2) a claimant has requested a review of a decision to either decline cover, or not issue a
deemed cover decision pursuant to section 58 of the Act, or (3) a claimant has started proceedings
to appeal a decision by reviewers. When I specify who, I do not mean any particular named
individual, but the roles of staff at ACC (e.g., claim assessor, recovery administrator, legal advisor,
etc.). Can I ask what claim ownership means?
I request to know how and when ACC employees obtain authorization (from the claimant and the
agency) to access claimant files. Does access to a claimant party file or specific claim file require a
transfer of the party file or transfer of the claim file ownership, which is documented in the EOS task
section. Can only one ACC employee access a claimant's party file (or claim file) at any given time: in
other words, is access to a claimant's part file (and claim files) restricted to a single user at any
given time? Must an ACC employee first request the claim ownership be transferred to them prior to
access? Or can claims be accessed at any time by any person without any failsafe?
I request information (policies, processes, manuals, guidelines, etc) on how ACC documents that the
access to claimant files is authorized by either the claimant or the agency, to mitigate against
"snooping" by ACC employees. I request information as to where this information is held, and how
the authorized access is documented in the claimants' party file and specific claim files.
I request information (policies, processes, manuals, guidelines, etc) on how ACC documents all
internal communications regarding a claimant, including the internal communications with
technical staff like the privacy team and legal counsel.
I request information (policies, processes, manuals, guidelines, etc) regarding the documentation by
ACC employees for the reasons of access to claimant's files, or transfer of the files or claim
ownership. How is authorized access monitored? I request documentation on how ACC maintains
claimant information in a manner that protects against access by ACC employees without the
claimants informed consent, or specific authorization provided by the agency.
All information provided to us by clients and providers is handled with care and respect
How we collect, secure, use and share information is governed by the Privacy Act 2020 and the Health
Information Privacy Code 2020. Client information is held in files on our case management system, Eos.
Each client file contains information such as the client's name, contact details, payment details, claim notes,
reports, and medical records.
GOV-027853 Page 1 of 3
Eos restricts access to certain types of information
Each claim file is divided into tabs, or compartments, so contact information and payments, for example,
are in different parts of the file to reports and medical records relating to the client's injury. When staff
need to access a file, they only work in the tabs that hold the information they need to see to complete
their task.
Access to claim files is restricted to a role, rather than to individuals
For some types of claims where there is not an assigned case owner, individual tasks are completed by a
team of people (Assisted Recovery). While many staff could, in theory, access claims, they will only do so if
they have been allocated a task or are a case owner. Access is the ability of an ACC staff member to view a
claim file (or part of a claim file), which is available to staff if it is appropriate to their role. This includes
Recovery Staff, contact centre workers, payments teams. Further information on this is outlined in the
paragraph below.
Authorisation is signed via the ACC45, ACC46 or ACC6300 forms
Claim ownership is generally used to refer to a person who is primarily managing a claim, whether that is at
cover assessment or managing an entitlement. However, as indicated above, access to a claimant file isn’t
restricted to a single person, so there is no ‘transfer of ownership’ to enable a new case owner to access it.
As noted above, access to a claim record is governed by role mapping and claims access checking. Role
mapping sets out which staff can access Eos tabs and functions, ensuring that only staff members who need
to access information for the purpose of their role can. To show which staff members have access to Eos
functions, we have attached a copy of ACC’s role mapping dictionary.
Staff are expected to adhere to the Code of Conduct, and access to claims is continuously monitored
The Code of Conduct sets out the expectations of staff members throughout the course of their work. The
‘Conduct Claims Access Monitoring Check’ is the procedure used to conduct random or ‘spot check’
monitoring of staff members. This document details the process fol owed if a ‘low assurance’ rating was
determined as part of the procedure, which can be seen in section 4d. This tool could also be used if an
allegation was made by a client.
When such an allegation is made, the matter is referred to the Customer Resolution team for assessment
and possible resolution. Where there are further concerns, the matter is escalated to the Privacy,
Employment Relations or the Integrity Services team to investigate.
ACC has tools available that help inform the decision on this allegation. For example, we can run a digital
footprint on a client’s claim as part of an investigation into inappropriate access. If an employee is found to
be in breach of their employment obligations due to accessing claimant files, they will be subject to ACC’s
Discipline Policy. Actions taken can include warnings or dismissal.
The nine documents relevant to your request are attached and are:
• Code of Conduct
• Legal Professional Privilege Policy
• Seek Internal Guidance
• When to save emails in Eos Policy
• Add a contact
• Making sure your people have the correct access to systems
• Conduct Claims Access Monitoring Check
• Assess Claims Access Concerns
• Transition Claim
GOV-027853 Page 2 of 3
As staff names were not requested, they have been deemed outside the scope of your request and
removed from the documents.
For further information, we refer you to the following OIA responses and website links:
•
www.acc.co.nz/assets/oia-responses/policy-and-procedures-around-clients-information-being-
shared-external-to-acc-oia-response-GOV-018135.pdf.
•
www.acc.co.nz/assets/oia-responses/policy-for-client-information-record-keeping-oia-response-
GOV-018052.pdf.
•
www.acc.co.nz/im-injured/how-we-manage-your-claim/how-we-protect-sensitive-claims-
information/.
•
www.acc.co.nz/about-us/how-we-col ect-and-use-your-information/how-we-use-claim-
information/.
ACC is in the process of publishing policies
We have published policies related to client privacy, here
: www.acc.co.nz/resources/#/subcategory/244.
As this information may be of interest to other members of the public
ACC has decided to proactively release a copy of this response on ACC’s website. All requester data,
including your name and contact details, wil be removed prior to release. The released response will be
made availabl
e www.acc.co.nz/resources/#/category/12.
Ngā mihi
Sara Freitag
Acting Manager Official Information Act Services
Government Engagement
GOV-027853 Page 3 of 3
Document Outline