ENG / MĀO LOGIN

Practitioner privacy

Collection and protection of personal practitioner information held by OTBNZ

The OTBNZ collects personal information from applicants and practitioners to carry out the purposes detailed in the Health Practitioners Competence Assurance Act 2003 ( s118). The OTBNZ is committed to ensuring the privacy and security of the personal information that it holds. 

Public register

Some information about practitioners is viewable on the public register as required by the HPCAA (s149). This includes a practitioner's: 
  • Name
  • Registration number
  • Qualification
  • Registration Status
  • Practising certificate status
  • Expiry Date of Practising Certificate
  • Conditions on practice (if any)
  • Recertification status (if any)

Statistical information

The OTBNZ is required by the HPCA Act ( s123 ) to share practitioner information with the Ministry of Health for workforce and planning purposes. This includes a practitioner's:
  • Name
  • Date of birth
  • Ethnicity
  • Gender
  • Qualification/s
  • Employer
  • Place or places of work
  • Average weekly number of hours worked at each place of work
  • Practising certificate status
  • Conditions on practice (if any)

Collection of information

Much of the information collected is required under the HPCAA. Where the information is not required by the HPCAA practitioners are given the option to not provide the information (eg, providing a work phone number)

Where information is provided to the OTBNZ about an applicant or registrant from another source (such as from a referee, or confirming registration in another jurisdiction) the applicant or practitioner will usually be asked to provide consent for this to occur, except where required under the law.  

When a practitioner logs in and makes use of the practitioner portal, myOTBNZ, or other components within this system this is recorded in their practitioner audit log. The OTBNZ uses this information to assess the effectiveness of its communications and processes.

Protection of personal information

Regular reviews of privacy and security practices and policies are scheduled by the OTBNZ. All staff undertake privacy and security training as part of their induction process and ongoing training.
The OTBNZ manages practitioner information using cloud-based specialised regulatory software. Data is held on cloud-based servers in Canada, Aotearoa New Zealand and Australia. Any hard copy data that OTBNZ holds, including historical records, are held in a secure Aotearoa New Zealand archive.  

Use of information

As a repository of national data OTBNZ is aware of its responsibilities to Tangata Whenua, the profession, and the Ministry of Health to provide and share the data it holds.   Regulatory and workforce data is compiled and shared with stakeholders when requested. The OTBNZ also uses practitioner information to provide publicly available data such as the Annual Report each year. Individual practitioners are not identified in these reports.

The OTBNZ is required to have up to date contact information for practitioners to provide registrants with information relevant to their registration, practising status, and responsibilities as a registered health professional.

From time to time the OTBNZ receives requests to distribute information to registrants about research projects. Practitioners can choose to consent to receive notification about these projects. Practitioner contact information is not shared with the researchers at any time.

The OTBNZ carries out research and auditing activities to determine the effectiveness of its processes and policies.  Any practitioner information used for these purposes is de-identified and not be used in any way that could be linked to an individual.

Access to information

Practitioners and applicants are able to request a copy of the information that the OTBNZ holds about them and request the OTBNZ to consider a correction where they consider the information to be incorrect.

Complaints about Privacy


A practitioner or applicant may make a complaint to the Privacy Officer if they feel that the OTBNZ has breached their privacy. 
Complaints may be addressed to the privacy officer:

OTBNZ Privacy Officer
privacy@otboard.org.nz
PO Box 9644
Marion Square
Wellington 6141
New Zealand

The complaint should include:

  • the complainant’s name
  • the circumstances surrounding the complaint: What happened? When did it happen? Who was involved?
  • the action the complainant would like to see happen.

The privacy officer may contact the complainant for any further information.

An investigation into the complaint will be carried out without delay. The outcome will be communicated to the complainant, along with any action taken by OTBNZ.

Where the complaint identifies a privacy breach the OTBNZ will notify the Office of the Privacy Commissioner as required under the Privacy Act.