Purpose:
In this privacy policy, ‘we’ or ‘us’ means Tāmaki Health Group Ltd and its subsidiaries, including our White Cross clinics. We recognise that your privacy is very important to you. This privacy policy has been prepared in accordance with the New Zealand Privacy Act 2020 (Privacy Act) and applicable codes under the Privacy Act.
This privacy policy is subject to and should be read in conjunction with any terms and conditions, or privacy statements, that apply to any particular services that you are asked to agree to when using, or signing up to, any of our services. These include our Health Information Privacy Statement and our Telehealth Patient Information Statement.
Scope:
All staff
Procedures:
Nominated Privacy Officers:
Dr Richard Hulme is the Privacy Officer for all Tāmaki Health “Local Doctor” Clinics including when wellness advisor notes and health coach notes form part of the medical record.
Dr David Codyre is the Privacy Officer for all situations when notes relating to the Tāmaki Health Wellness Support Team form part of the GP record. These include therapy/CBT and psychiatry notes.
Dr Alistair Sullivan is the Privacy Officer for all Tāmaki Health “White Cross” Clinics.
Doctors Hulme, Sullivan and Codyre can be contacted via mobile (see the emergency response contact list) or email for further advice and support if required.
What kind of personal information we collect
We collect personal information about you including:
- your name, email address, residential address and contact telephone numbers;
- other information you provide to us, or authorise to be provided to us, when you communicate with us, or someone who is authorised to communicate with us on your behalf does so;
- your image (which may be collected via security cameras) when you visit our offices, clinics or other premises; and
- your health information that may be collected in the course of you enrolling at one of our clinics or in the course of us providing health services to you. This may include, for example, your date of birth, your ethnicity and information about your health, medical history, any disabilities you may have and any health services or disability services that are being (or have been) provided to you. To read more about how we may collect your health information, please view the Health Information Privacy Statement linked above.
If you apply to work with us, we may also collect personal information relevant to the role you are applying for, such as your employment history, your experience and credentials and other information you provide to us in your curriculum vitae or otherwise during our recruitment process.
How we collect your personal information.
We primarily collect personal information directly from you, such as when you interact with us:
- through our website, by email, text or other written communications with us;
- when you enrol with us; and
- in person, over the phone or video calls.
Some of our clinics, offices and other premises may have security cameras which may collect recordings of your image while you are in and around our clinics, offices and other premises.
We may obtain personal information about you from third parties that have been authorised by you to provide information to us, or who you authorise us to collect information from. Such third parties may include other health care providers, health agencies, government agencies and your insurer; and if you have applied to work with us, from any previous employer and any referees you may nominate.
We may also collect information about you from publically available sources.
Purposes for which we use your personal information
We may use your personal information for the following purposes:
- Responding to your queries or requests for information from us.
- Providing our services to you and all administrative matters related to the provision of those services to you.
- To maintain and administer our records, including (when relevant) your clinical records.
- Complying with our healthcare provider obligations (which include reporting obligations), to Primary Health Organisations, District Health Boards and the Ministry of Health.
- To help us develop, market, improve, manage, administer and facilitate our services and operations which may include the undertaking of surveys, statistical analysis and research. However, where your information is used for statistical or research purposes, unless you otherwise agree, your information will not be used or disclosed in a form in which you could reasonably expect to be identified.
- For internal purposes (such as risk management, staff training and billing). Complying with our legal obligations including assisting government and law enforcement agencies or regulators when required to do so.
- For any other specific purpose which we notify you of at the time your personal information is collected or which you subsequently authorise.
If you have applied to work for us, we may use your personal information to assess your suitability for the role you have applied for. This may include the carrying out of pre-employment checks.
If you have consented to receiving marketing or promotional information from us, we may from time to time send you information about products and services provided by us or third parties we have dealings with, that we think may be of interest to you.
Clinical images:
When clinical images are required:
Before taking a clinical image, ensure the patient or guardian understands the reason for documenting the image, including:
- The purpose of the clinical image, why the clinical image is being taken
- How the clinical image may be used e.g., in an de-identified for from training and education purposes
- Who will have access to the image
- Whether it could be shared and disclosed to others and for what purpose
- Whether it will be de-identified
- How and where it will be stored
Take particular care when taking, storing, and transmitting images of genitalia or other sensitive body parts.
- Inform the patient or their guardian exactly which health professionals and other health employees may view the image(s).
- Consider only taking close up images and provide a written description of the location for context.
Always obtain and document their consent, including consent to share the image, if this is required.
Advise the patient that consent can be withdrawn at any time and be prepared to remove clinical images from the file if this occurs.
If a photo is required for a referral, but the patient does not consent for an image to be taken or shared, always state this in the referral, and include a detailed history and description of the patient’s condition or skin lesion.
Do not store patient images on personal phones. Delete the images immediately after saving them to the patient’s clinical record.
Non clinical images
Taking images in the clinic by visitors or patients is not permitted without appropriate consent.
Who we may share your personal information with
We may provide your personal information that we hold to third parties in order to provide you with, or assist you to obtain, the information and/or health care services that you require. This may include other health care providers such as health care specialists, hospitals, ACC and your health insurer.
We may also share your personal information with Primary Health Organisations, District Health Boards and the Ministry of Health to comply with our healthcare provider obligations (which include reporting obligations), and to obtain subsidised funding on your behalf.
We may also share your personal information if required to do so by law.
We may also share your information with our third party service providers (including hosting providers, data management, and processing and storage service providers) to the extent necessary for the performance of the services they have been engaged to provide.
Cookies
We use cookies and other technologies to collect personal information from the hardware and software you use to access our website. A cookie is a small piece of text sent to your browser by a website you visit. It helps the website remember information about your visit, which can make it easier to visit the website again and to make it more useful to you; they do not record any other personal information about you.
We also use cookies in our electronic direct mail messages, including any newsletter updates you may subscribe to. These cookies help us gain insight about the content we send and how it is received, which in turn helps us to improve the content we create and the way we deliver it to you.
If you reject cookies, you may still use our website and/or receive our electronic direct mail messages, but your experience may be affected, and your ability to use some areas of our website may be limited.
We also use web analytics tools, including the Google Analytics service. The Google Analytics Service analyses non-identifiable traffic data relating to use of our website, using its own cookies and anonymous identifiers for mobile devices (e.g. Android Advertising Identifier or Advertising Identifier for iOS) or similar technology used to collect data. For more information on how Google collects and processes data, please click here. Please refer to Google's Privacy Policy for more information
What are the consequences of you not providing the personal information we require?
If you do not provide us with all of the personal information we have requested from you, we may not be able to provide you with the information and/or services that you require.
How you can access/amend your personal information
You may contact us at to enquire about, seek access to, and correct personal information we hold about you.
We will usually provide you with a copy of the personal information we keep about you, however in certain circumstances we may not be able to provide you with a copy of your personal information (and are not required to under the Privacy Act), for example if the information does not exist, cannot be found or is not readily retrievable, or will cause harm.
Tāmaki Health is to ensure that verbal or written consent has been provided by the patient to release their information. For requests to release children’s records a primary duty of care is to the child, but there are legal and ethical duties owed to the child’s caregivers. For these requests it is recommended to obtain medicolegal advice.
Where a third party such as the Police, Court or Executor of the deceased’s estate has requested the release of information these requests should be made in writing.
Tāmaki Health is responsible to take all reasonable steps to ensure that they are satisfied that the request is legitimate and lawful which may include presentation of photo identification.
When you request that the personal information we hold about you be corrected, you may also provide us with a statement of the correction sought (statement of correction) and if we do not make the correction you have requested, you may request that a statement of correction be attached to the information that you have asked to be corrected so that it is read with the information.
Security of Information
We will ensure that your personal information is protected by reasonable security safeguards against loss; unauthorised access, use, modification or disclosure; and other misuse.
Once we no longer need your personal information for the purposes it was collected for, or for which you have authorised, and it is no longer required to be kept by us, we will ensure that it is securely disposed.
Breaches:
What should I do if there is a privacy breach?
Notify the Clinic Coordinator, Regional Manager and if a significant breach, the most appropriate Privacy Officer for further guidance.
Amendments
We may amend this privacy policy at any time by notice on the website. Any such amendments will apply from the date stated on the website. By accessing the website and/or continuing to use our services you will be deemed to agree to our updated Privacy Policy
Links and References:
Information Technology and IT Security and Back up Policy
Code of Rights Policy
Patient Complaints Policy
The Privacy Act 2020
Health Information Privacy Code 2020
Electronic Messages Act 2007
Office of the Privacy Commissioner
Simpson and Grierson
Medical Protection Society, Releasing of Children’s Records, Medicolegal - Privacy - Request for releasing children's personal health information - MPS - 10.10.22.pdf retrieved 10/10/2022
Medical Protection Society, Request for the release of a deceased patient’s health information, Medicolegal - Privacy - Request for the release of a deceased patient's personal health information - MPS - 03.05.22.pdf, Retrieved 3.5.2022