Medical authorities have condemned privacy breaches at Waikato Hospital after a doctor's patient records were accessed by his colleagues without good reason.
The Privacy Commissioner's office found Waikato District Health Board interfered with the junior doctor's privacy by failing to safeguard personal health information and failing to release personal information to the registrar when he requested it.
The doctor had been treated at the hospital's emergency department, and later became aware that colleagues appeared to know about his medical issues, and he was the subject of workplace gossip.
Medical Council of New Zealand chairman Dr Curtis Walker said there was a standard and expectation of doctors to only access the medical records of patients when there was a clinical reason and justification.
Walker said doctors had the same rights to privacy as any other patient.
"Any doctor or any health practitioner must only look up clinical records when it's their patient and it's clinically relevant to do so. End of story."
Walker said there were definite processes if doctors or health managers were concerned about a doctor's health and that included notifying the Medical Council if there were issues around performance, competence and safety.
He said if a complaint was made to the council by the victim in this case it would be carefully and thoroughly considered.
"We take all matters where doctors may not have met their professional obligations, including around privacy, very seriously."
Resident Doctors' Association national secretary Dr Deborah Powell said the union for junior doctors was concerned at the breach.
"If an employee has a health condition that an employer does have a legitimate interest in, there are processes. They do not include invading someone's health privacy.
"There are legitimate, well-known HR [Human Resources] ways of managing health conditions in the workplace but they do not include breaching people's rights with respect to their personal health record."
Powell said junior doctors were at the mercy of their senior colleagues over career progression and she said the union had wider concerns around bullying and harassment across the country.
"We're in a really powerful hierarchy. And the fear of career retribution, as it's typically known, is always present for RMOs [Resident Medical Officers].
"They're so dependent on those above them to give them references to continue in their career, they are incredibly vulnerable.
"If something adverse does happen they invariably won't complain because that will make their risk even higher so we have a very serious problem for resident doctors being able to stand up."
She said Waikato DHB had form when it came to privacy breaches.
In 2017 the senior doctors' union warned its members not to use a staff healthcare service at Waikato Hospital following a complaint a doctor's private medical records were accessed by her bosses.
The warning from the Association of Salaried Medical Specialists [ASMS] was made after a senior doctor who worked for the DHB agreed with management to use the staff-only Occupational Health and Safety service.
She was shocked when, during a meeting involving human resources staff, some of her medical information that was in the service was referenced, according to the union.
A complaint was lodged with the Privacy Commissioner and partially upheld.
ASMS executive director Sarah Dalton said patient privacy rules were in place for "really good reasons, both to protect patient rights for safe care and also for staff".
She called the latest breach disappointing.
"It's really tough to be an employee and a patient, particularly if you're being treated in the same organisation and that makes privacy absolutely paramount.
"Those rules are there for really good reasons, to keep staff and patients safe."
Emotional safety and wellbeing was at stake, she said.
"If people feel unsafe around their privacy, they don't feel confident to go somewhere to seek treatment, that's dangerous as well because they may avoid seeking treatment on the basis they don't want it to become a public commodity or gossip."
Dalton said doctors as patients should be able to rely on their colleagues not to "have a cheeky look to see what's going on" when they know a doctor is in the hospital for non-work reasons.
She said the union had major concerns about culture and organisational practice across Waikato DHB at the time of both privacy breach cases in 2016 and 2017, when former chief executive officer Dr Nigel Murray was at the helm.
"We think a lot of progress has been made to address these things and I would note this particular event [the latest privacy breach] dates back to around about that time.
"We are pleased Waikato has become more open to reflect on its practices and more willing to engage in a constructive way when union staff or others have concerns."
The DHB said its staff take privacy very seriously.
"All staff have a professional and ethical obligation to maintain privacy and confidentiality and are reminded of this obligation frequently.
"Additionally, all new staff members to the DHB must undertake a mandatory privacy course so they are aware of their obligations."
In February 2017 Auckland District Health Board investigated a potential privacy breach of former Silver Ferns netballer Tania Dalton's patient file at Auckland Hospital.
Dalton was admitted to the hospital in critical condition after suffering a ruptured internal carotid artery aneurysm during a social game of touch rugby. The 45-year-old mother-of-three did not survive.
In 2013, four clinicians at Canterbury DHB faced disciplinary action after accessing cricketer Jesse Ryder's medical records.
In 2016 the Herald reported more than 70 upper North Island health workers had been disciplined for snooping into patients' records in the previous three years.