Level 2, H Block
The Princess Margaret Hospital
Telephone: 0064 3 364 4160
Fax: 0064 3 364 4101
8 July 2016
Tom Sellers Email: [FYI request #4144 email];
Dear Tom Re: Official Information Act Request CDHB 9397
We refer to your email dated 15 June 2016 requesting the following information under the Official
Information Act. This was clarified by you on 17 June 2016 as CORS being the Christchurch Opioid
1. If CORS case managers have access to patient files requested, are they required to release such
information if so requested by the patient to which the files pertain?
The Canterbury DHB has a standard process for the release of health information to an individual. Please
refer to the form attached as Appendix 1
. When individuals apply for a copy of their clinical notes the
request is made to Medical Records not individual services such as CORS (Christchurch Opioid Recovery
2. If CORS are not in direct possession of a patients case files, are they required to obtain such
information and present it to patients?
CORS would not request the individual’s notes as Medical Records is responsible for releasing the
3. If case managers are not allowed to release patient files, are managers of CORS allowed to release
such information to patients to which the files pertain?
CORS staff would not release an individual’s notes as Medical Records is responsible for releasing the
4. What is the procedure for the release of patient files by CORS to patients?
The Canterbury DHB has a standard process for the release of health information to an individual. The
individual is required to complete a Release of Information form and forward it to Medical Records.
Medical Records review the individual’s information to ensure compliance with the Privacy Act 1993 and
the Health Information Privacy Code 1994, Rule 6: Access to Information.
5. Is CORS governed by the Health Information Privacy Code 1994? I refer you specifically to
All Canterbury DHB services are required to comply with the Privacy Act 1993 and Health Information
Privacy Code 1994.
6. If CORS is not governed by the Health Information Privacy Code 1994, please direct me to the
relevant documents that explains CORS policy towards the release of patient information.
CORS services are required to comply with:
The Privacy Act 1993 and Health Information Privacy Code 1994.
Health Act 1956; 22C Disclosure of Health Information; 22 F Communication of Information for
Diagnostic and other Purposes.
I trust that this satisfies your interest in this matter.
Carolyn Gullery General Manager,
Planning, Funding & Decision Support