2.4.2 Privacy Policy
About This Policy
The purpose of this policy is to clearly communicate how we collect and manage personal information.
Types of Personal Information
We collect personal information from you, including information about your:
• contact information
• interactions with us
• billing or purchase information
We collect your personal information only in order to: Provide diagnostic medical imaging services.
We keep your information safe by storing in secure data centres and restrict access by policy to authorised users only. We believe your imaging data is your own, so it is freely accessible at any time via the Patient Portal.
We keep your information for 7 years at which point we securely destroy it by accordance with our data retention policies.
You have the right to ask for a copy of any personal information we hold about you, and to ask for it to be corrected if you think it is wrong. If you would like to ask for a copy of your information, or to have it corrected, please contact us at [email protected], or 04 978 8600, or Unit 2, 2 Connolly Street, Hutt Central, 5010.
The types of personal information we collect includes but is not limited to current (and sometimes historical) information about:
a. Name
b. Contact details including phone number, address, and email address
c. Gender
d. Date of birth
e. Payment related information including credit card details, banking details
f. Communications and interactions with us
g. Relevant feedback, complaints, and claims
Additionally, in relation to patients:
a. Requesting practitioner details
b. Result copy recipients
c. Insurance details including private health fund details and Workcover claim details
d. Healthcare identifiers
e. Medical history and other health information including but not limited to, imaging history, test results, medical conditions, treatments, allergies, pacemaker use, claustrophobia, implants, medications, and use of health services
f. Where relevant, family history and lifestyle information, which may include information about your work, relationships, religion, beliefs, ethnic background, sexual preference/activity, and genetic information
g. Preferences in respect of health services
h. ACC claim number (if applicable)
Additionally, in relation to job applicants and staff:
a. Qualifications, skills, experience, and character
b. Screening checks (including health, reference, background, directorship, financial probity, identity, eligibility to work, vocational suitability and criminal record checks)
c. Performance, conduct, use of our IT communications recourses, payroll matter and training
d. IRD number
Additionally, in relation to other healthcare providers:
a. Healthcare identifiers
b. Referral trends
c. IT system details
Collection and Retention of Personal Information
1. Personal information will in many circumstances be collected directly from you, for example via patient forms, over the phone or from face-to-face consultation.
2. In other instances, we may collect personal information about a patient from a third-party source. This may include but is not limited to:
a. Relatives and personal representatives; and
b. Other health service providers such as general practitioners, specialists, hospitals, day clinics and other medical imaging practices
3. The circumstances in which we may collect personal information from a third-party source include where the patient has provided consent, where it is not reasonable or practical to collect the information directly and where otherwise permitted by the law. This may include where the patient’s health is potentially at risk and his/her personal information is needed to provide them with emergency medical treatment.
4. We endeavour to store and retain a patient’s personal information securely either using our own facilities or with the assistance of our service providers. This includes:
a. In paper-based form and other hard copy documents located securely within the practice and at secure storage facilities; and
b. In electronic record in a secure environment
Purposes of Collection, Use and Disclosure of Personal Information
1. Personal information is important to our ability to provide health care. For example, we may need to collect, use, and disclose your personal information for the purpose of:
a. Assessing your health status
b. Providing a diagnostic imaging report about your health
c. Working with and referrals involving other healthcare providers in connection with your medical care, including medical practitioners, nurses, allied health professionals, pathology services, physiotherapists and outpatient or community health services
2. We may also collect, use, and disclose personal information for other purposes including:
a. Sending out appointment reminders
b. Invoicing, billing, account management and debt recovery
c. Verifying your identity and personal information
d. Maintaining and updating our records
e. Other administration, management, quality control and improvement of our services and operations including accreditation, audits, risk and claims management, patient satisfaction surveys and staff education and training
f. Medico-legal matter including medical indemnity insurance
g. Conducting research in accordance with privacy requirements (which may involve, for example, consent, de-identification, or ethics committee approvals)
h. Recruiting and managing our staff, including considering job applicants for alternative and subsequent positions
i. Facilitating acquisitions and potential acquisitions of our business, and
j. With your consent or where otherwise required or authorised by the law
3. In addition to healthcare providers as described above, we may provide your personal information to other third parties. These third parties may include:
a. Parent(s) - (if the patient is under the age of 18)
b. Guardians
c. A person exercising a patient’s power of attorney under an enduring power or attorney
d. Insurers including private health funds
e. Government agencies such as the Ministry of Health and WorkSafe as appropriate
f. Community and government cancer and disease screening programs
g. Our service providers including providers of archival, auditing, accounting, legal, banking, payment, debt collection, delivery, data processing, data analysis, document management, information broking, research, investigation, insurance, website, and technology services
Additionally, in relation to job applicants and staff:
a. Academic institutions
b. Referees
c. Screening check providers (including law enforcement agencies)
d. Professional and trade associations
e. Your current previous and prospective employers
f. Provers of payroll, superannuation and KiwiSaver, staff benefits, surveillance, and training services
Some third parties described above may be in other countries. We are required to comply with strict privacy requirements where we disclose personal information to recipients outside New Zealand.
4. We are subject to many laws in providing our services, and sometimes we may collect, use, and disclose personal information as required or authorised by or under those laws including the Privacy Act 2020. We may also need to respond to subpoenas and comply with mandatory reporting and disclosure requirements pursuant to applicable law.
Our Website
1. If you use our website to read, browse or download information, our system may record information such as the date and time of your interaction, the pages accessed, and any information downloaded. This information is used for statistical, reporting and website administration and maintenance purposes.
2. Like many other websites, our website may use ‘cookies’ from time to time. A cookie is a piece of information that allows our system to identity and interact more efficiently with your browser. The cookie helps us to maintain our continuity of your browsing session and remember your details and preferences when you return. You can configure your web browser software to reject cookies however parts of our website may not have full functionality in that case.
3. Our website may use Google services such as Google analytics from time to time. For more about how Google collects and processes data, please see Google’s privacy policy and their information at: www.google.com/policies/privacy/partners/.
4. Our website may contain links to other sites. We are not responsible for the privacy practices or policies of those sites.
5. Please be aware that there are inherent risks in transmitting information across the internet and we cannot guarantee the security of information sent to us online. If you are concerned about sending information of a sensitive nature to us online, you may prefer to contact us by telephone or mail.
Access and Changes to Personal Information
1. You can contact us to request access or changes to your personal information that we hold. Please provide as much details as you can about the information you seek, to help us locate it.
2. We will respond within a reasonable period and may need to verify your identity.
3. We may charge reasonable expenses in supplying the requested information, subject to legal requirements.
4. We will provide our reasons if we deny any request for access or to correction of personal information where we decide not to make a requested correction with the information.
Complaints Handling
1. Should you wish to make a complaint about how we have treated your personal information or privacy, please contact us.
2. An acknowledgement will be sent within 24 hours. Your complaint will be investigated, and we will endeavour to resolve your complaint within one month. We may request additional details from you about your complaint and may need to engage or consult with other parties to investigate and deal with your issue. We will keep records of your complaint and any resolution.
3. If you are dissatisfied with the response provided, you can refer the matter to the Office of the Privacy Commissioner via [email protected] or https://privacy.org.nz/your-rights/making-a-complaint/complaint-form/
Review of Policy
1. We may modify or amend this policy at any time and for any reason, including to address any legislative change. Any material changes to this policy will be posted prior to their implementation.
2. Updates to this policy will be published on our website (affinityimaging.co.nz) for our patients and staff.