The Health Minister pulled no punches when responding to the findings of an inquiry into the major Covid privacy breach, describing the leak as "disgraceful and grubby".
Health Minister Chris Hipkins says Covid-19 patients' data was leaked to gain a political advantage for the National Party. Photo: RNZ / Dan Cook
The inquiry into the leak to media of Covid-19 patient details has found outgoing National MP Hamish Walker and Michelle Boag were solely responsible for putting the personal health information of 18 people into the public arena, and it was politically motivated.
Chris Hipkins told reporters it was a "disgraceful and grubby act carried out by two National Party members for political purposes".
They "gave no thought to the stress and harm" that may have caused to the 18 people on the list, to "gain political advantage", he said.
Hipkins thanked the three media outlets for the responsible way they had handled the highly sensitive information, and not making it public after receiving it from Walker.
Hamish Walker and Michelle Boag Photo: RNZ & Boag Allan SvG
Michael Heron QC was asked to carry out an investigation into what initially could have been a leak from a public agency, but the following day Walker and Boag outed themselves: "That was a great help actually," he told reporters.
The State Services Commission referred the report to the Privacy Commissioner John Edwards, to look into whether either Walker or Boag should face any consequences for their role.
Edwards said he would take the findings into account while doing a related inquiry into the distribution of Covid-19 health information.
He says as Commissioner he has "no ability" to issue penalties against individuals or organisations and has "no jurisdiction over Members of Parliament".
"It remains open to any of the individuals whose information was subject to the Walker/Boag breaches to make complaints to my office."
Health Ministry response
The Health Ministry has issued a breach of contract notice to the Auckland Rescuer Helicopter Trust. Boag received the patients' information in her role as acting chief executive. She passed it to Walker - who then leaked it to three media outlets.
Ashley Bloomfield Photo: RNZ / Samuel Rillstone
Director-General of Health Ashley Bloomfield said the notice is mainly to get assurances from the Trust it would abide by the privacy commitments in their contract and that information would be properly protected.
The report criticised the ministry for not reviewing a strict privacy policy under which the information was sent out to emergency services, but beyond that found no responsibility for it ending up in the public arena.
Under a strict "serious threat" exemption, the ministry agreed to share the daily list of patient details with emergency services so they could be aware of possible cases when attending emergencies, but that was at the start of the outbreak when there were cases in the community.
The report found after New Zealand was declared free of community transmission, there was no longer a need to share that information.
It also found such sensitive information should be handled in a much more secure way, as it was not password protected or encrypted.
Bloomfield said the ministry has contacted each of the 18 people to apologise and keep them up to date with what was going on.
And he said a number of changes have been made to better protect the information; the most immediate was to stop sending it to a "group of organisations" that had been receiving it since the start of the pandemic for whom it was no longer necessary.
They had also reviewed that list of organisations and people who would get the information "should it be required again" in the future and to make sure there's a "clear reason" for them to receive it.
Health professionals deal with people's personal health information every day, Bloomfield said. They take that responsibility seriously and he thanked them for the work they do "every day to ensure the privacy of New Zealanders".
See all RNZ coverage of Covid-19
Watch the full briefing from Chris Hipkins and Dr Ashley Bloomfield:
