Some employees may need access to the HI Service as part of their duties. These are authorised employees.
Identifying authorised employees
We need to identify Authorised employees who access the HI Service in electronic transactions or over the phone.
Organisations should tell authorised employees that we collect identifying information for this purpose. Under the Healthcare Identifiers Act 2010, the HI Service can request details of authorised employees for up to seven years after they no longer have access to healthcare identifiers.
Verifying authorised employees
For us to verify the identity of an authorised employee, the organisation must have at least 1 of the following in place:
1. Authorised employee register - the authorised employee register (the register) allows us to verify the identity of authorised employees over the phone. The register includes access dates and details of all authorised employees. The Employment Start Date is the date the authorised employee was first authorised to access the HI Service. The Employment End Date is the date their authorisation to access the HI Service ceased.
The HI Service stores information on behalf of the organisation.
The OMO submits the register online to the Healthcare Identifiers Service through HPOS.
The register must include the organisation’s full list of authorised employees.
Each submitted register will replace any previously submitted register.
Authorised employees should read the privacy notice on the register before it’s submitted.
2. Software - the software the organisation uses to access the HI Service must include details of authorised employees and each transaction.
3. Organisation employee register - the organisation maintains and stores its own register of authorised employee details.