The Privacy Commissioner is warning the storage of millions of New Zealand's health records online puts them at risk of cyber attacks and snooping.
John Edwards released a new report on three electronic shared care record systems, that said while they were appropriately mitigating privacy risks, continued attention to privacy was needed.
Mr Edwards said medical records were now potentially available to anyone in the world and could be downloaded almost instantly, allowing for widespread and damaging accidental or malicious disclosures.
"We certainly believe that ongoing vigilance is required in terms of security and you only need to look at the recent hack of iCloud and the celebrity photos to see that even a sophisticated IT company like Apple is vulnerable."
He said there was also an increasing likelihood that secondary uses for the data could be found.
Mr Edwards said there needed to be robust governance and a culture of privacy to increase security of data.
Patients should know who has seen their records - health chief
A Canterbury medical leader wants patients to be able to know who has seen their electronic medical records.
In his report, Mr Edwards warned the storage of millions of health records online puts the data at risk of both accidental and malicious snooping.
The chief medical officer of the Canterbury District Health Board, Nigel Millar, said security measures such as audits already flagged potential privacy breaches but allowing patients to see who has accessed their medical data would give them peace of mind.
"Also, it's a clear reminder to those people - the health professionals - that looking at a record inappropriately may result in somebody finding out and then will result in quite serious consequences."
Dr Millar said patients could be able to see who has looked at their files in the next two to five years.