Privacy
Policy
1. Affinity Medical Imaging Limited (Affinity Medical Imaging) is a private health service provider and is subject to the Privacy Act 2020 (the Act) and Health Information Privacy Code 2020 (Code).
2. Affinity Medical Imaging (we, us, our) takes its responsibility for your personal information very seriously and is committed to managing personal information in accordance with the Act and Code.
3. Personal information is any information about an identifiable individual (a natural person).
4. This statement does not limit or exclude any of your rights under the Act or Code. If you wish to seek further information about the Act, Code, or about privacy in general, visit www.privacy.org.nz
Scope and purpose
5. This privacy statement applies to any personal information we collect or obtain about you when you interact with us, including through this Website.
6. The purpose of this statement is to set out the basis upon which we collect, store, manage and disclose personal information and your rights in respect of that information.
7. We may make changes to this statement from time to time, with or without notice to you. When we do so we will publish an updated version on our Website and update the "last updated" notice on this page. We recommend that you visit our Website regularly to keep up to date with any changes.
What personal information we collect
8. The types of personal information we collect will vary depending on the circumstances of collection and the kind of interaction you have with us, but could include:
a. Contact and identification information, such as your name, preferred name, date of birth, address, phone number, email address, gender and pronouns (if you choose to provide them), and ethnicity information where you have consented to this being collected to help us monitor equity of care.
b. Health information, including your referral, relevant medical history, imaging records and reports, correspondence with your healthcare providers, and your National Health Index (NHI) number where required for your care.
c. Appointment and payment information, such as appointment details, Accident Compensation Corporation (ACC) or insurance information, billing and payment records, and communications with you.
d. Employment information, if you apply for a job with us, we may collect information such as your qualifications, work history, references, and any demographic information you choose to share. If you work for us, we may also collect payroll, IRD, KiwiSaver, and related employment information.
e. Website and digital information, including information collected through our website, analytics tools, and cookies.
f. Other information you provide to us or authorise us to collect as part of your interactions with us.
When we collect personal information
9. We may collect personal information directly from you when you:
a. contact us through our website, including by using contact forms, subscribing to newsletters, or sending patient enquiries or communications;
b. book an appointment online or complete patient registration, screening, consent, or intake forms;
c. attend an appointment or receive healthcare services from us;
d. apply for employment with us; or
e. contact or interact with us by phone, email, in person, or through our social media channels.
10. In some situations, we may collect personal information about you from other people or organisations rather than directly from you. This is known as indirect collection.
11. Under the Act we are required to take reasonable steps to let you know when we collect personal information about you indirectly unless a legal exception applies.
12. By receiving healthcare services from us, you acknowledge that we may collect relevant health and personal information about you from the sources listed below to:
a. support safe, effective, and coordinated healthcare;
b. maintain accurate health records; and
c. provide high-quality radiology services.
13. We may collect information about you indirectly from:
a. other healthcare providers and organisations involved in your care;
b. your GP, specialist, hospital, allied health provider, or another radiology provider. This information may include referrals, clinical notes, medical history, prior imaging, test results, discharge summaries, and other shared health information relevant to your care;
c. national screening programmes, shared electronic health records, and approved health information systems operating in New Zealand; or
d. ACC, insurers, employers (where you have authorised this), legal representatives, government agencies, or other organisations where collection is permitted or required by law.
14. If we collect personal information about you from a source not described in this Privacy Statement, we will take reasonable steps to notify you, unless an exception applies under applicable privacy or other laws.
Why we collect personal information and what we use it for
15. We collect and use your personal information as reasonably necessary to carry out our business and our functions as a health provider, and to assess and manage our clients' needs and provide services. We may also collect information to fulfil administrative functions associated with these services, for example billing.
16. The purposes for which we collect and use personal information depend on the nature of your interaction with us, but may include:
a. provide diagnostic imaging and other healthcare services you request;
b. accurately identify you within the New Zealand health system, including using your NHI number in accordance with Rule 12 of the Code;
c. create, store, access, and deliver your imaging, clinical records, and radiology reports;
d. communicate with your referring clinician and other healthcare providers involved in your care
e. manage appointments, patient administration, and our ongoing relationship with you;
f. respond to enquiries, feedback, complaints, or requests you make to us;
g. send you information you have subscribed to or requested;
h. provide information about our services, patient surveys, events, or other communications where you have consented or where permitted by law;
i. support quality improvement, service planning, patient experience, and equity initiatives;
j. support approved research and teaching, in accordance with applicable ethical, legal, and privacy requirements;
k. process employment applications and recruitment activities;
l. manage billing, ACC claims, insurance matters, payment processing, and debt recovery;
m. maintain the safety, security, and integrity of our systems, facilities, and services;
n. monitor, audit, and improve the quality and effectiveness of our healthcare services;
o. comply with our legal, regulatory, accreditation, and professional obligations; and
p. carry out any other purpose authorised by you or permitted or required by law, including under any applicable terms and conditions between you and us.
Disclosure of personal information
17. We will only share personal information with other organisations or individuals as authorised by law which includes the following circumstances:
a. with parent(s) or guardians if the patient is under 16 years of age;
b. with your referring clinician and other healthcare providers involved in your care;
c. with hospitals, specialists, and healthcare services involved in your treatment or ongoing care;
d. with authorised health-sector agencies, shared electronic health records, and approved national health-information systems where this supports safe and effective healthcare delivery;
e. with ACC, insurers, and other organisations responsible for funding or administering your care, where authorised;
f. with trusted information technology, clinical-system, storage, and support service providers who assist us to operate our business and healthcare systems, subject to contractual confidentiality and security obligations;
g. with our professional advisers, including legal, accounting, audit, and accreditation advisers, where reasonably necessary;
h. where you have provided your consent or directed us to share information on your behalf;
i. to help maintain the security, integrity, and reliability of our systems and services, including to detect, prevent, investigate, or respond to cyber-security incidents, fraud, money laundering, unauthorised access, or other unlawful activity;
j. where disclosure is required or permitted by New Zealand law or applicable overseas laws; and
k. where necessary to establish, exercise, protect, or enforce our legal rights, or to protect the safety, rights, property, patients, or staff of our organisation.
How we hold and store personal information
18. We will take all reasonable steps, and maintain all necessary processes and systems, to prevent unauthorised access to, or use of, personal information we collect.
19. Any personal information provided to us will be collected and held by, or on behalf of, Affinity Medical Imaging at 2 Connolly Street, Lower Hutt, 5010, at one of our other office locations in New Zealand, and/or at cloud providers or data centres we use.
20. Where Affinity Medical Imaging transfers personal information outside of New Zealand (to offshore data centres, for example) we take steps to ensure that such transfers are to third parties and/or countries with adequate safeguards in place and in accordance with the Act.
21. We retain your personal information only for as long as it is lawfully required or necessary for the purposes for which it was collected.
22. Health information is retained in accordance with the Health (Retention of Health Information) Regulations 1996, which generally requires us to keep health records for a minimum of 10 years from the date of your last contact with us. In some circumstances, we may retain information for longer where required or permitted by law, accreditation requirements, or legitimate clinical, operational, or legal purposes.
Use of Artificial Intelligence (AI) in imaging
23. Some of our imaging systems use AI or automated analysis tools to support our clinicians in the delivery of healthcare services.
24. Where AI is used, it is designed to assist, not replace the clinical judgement of our radiologists and healthcare professionals. Your imaging and clinical information will continue to be reviewed and interpreted by appropriately qualified clinicians.
25. We take reasonable steps to ensure that information processed through AI enabled systems is handled securely and in accordance with applicable privacy, health-information, and cybersecurity requirements.
26. Our use of AI is governed by our internal AI governance and clinical oversight arrangements and is informed by relevant professional guidance, including the 2023 Ethical Principles for Artificial Intelligence in Medicine published by Royal Australian and New Zealand College of Radiologists and guidance issued by the Medical Council of New Zealand.
Website analytics
27. Affinity Medical Imaging also collects non-identifiable information through your interactions with our information technology systems. This includes through use of our Website.
28. We use analytics to analyse web traffic based on specific behaviour, demographic, and interest data. These analytics collect statistical information about visits to the Website, including:
a. IP addresses (which are masked);
b. search terms used;
c. pages accessed from the Website, clicks on links, or engagement with content;
d. dates and times at which the Website is accessed;
e. the referring site (if any) through which the Website is accessed;
f. operating systems (e.g. Windows, Mac OS X) used to access the Website; and
g. web browsers used (e.g. Microsoft Internet Explorer or Edge, Google Chrome or Apple Safari).
29. The data collected is aggregated and IP addresses are masked so that they cannot be used to identify specific individuals or their analytics. Analytics will also respect any "do not track" settings on user's web browsers.
Use of external links
30. Affinity Medical Imaging websites may contain links to third-party websites operated by providers that are not associated with us. After you click the link, we no longer have any influence over the collection, storage, or processing of any personal data transmitted by clicking the link (such as the IP address or URL of the page that contains the link), as the behaviour of third parties is, by nature, beyond our control. Therefore, Affinity Medical Imaging is not responsible for the processing of personal data by third parties. You choose to access links to third party websites at your own risk.
Use of cookies
31. A cookie is a piece of data stored on a user's computer or other device tied to non-personal information about the user. We use cookies to refine and improve the way we provide information and services (for example, the layout of our Website or the types of information we provide to our clients)
32. Users can disable cookies in their web browser settings and/or delete them from their computer's hard drive. Users do not need to have cookies turned on to use our Website, but some online services, features or functions of the Website may not function properly if the cookies are turned off.
Social media
33. We may use social media websites, like Facebook, Instagram, LinkedIn and YouTube, to communicate with the public about our work. If you interact with us on social media (for example, by posting on our Facebook page or liking our posts), you share your social media profile with us. We only use this information to interact with you on social media. This information is collected from you by the relevant social media service and is governed by that service's terms and privacy statement.
Right to access or seek correction of your personal information
34. To find out what personal information we hold about you, to get a copy of that information, and/or request corrections to that information as outlined in the Act, or for any further information about this privacy statement, please contact us at info@affinityimaging.co.nz
35. We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up to date. You can help us to do this by letting us know if you notice errors or discrepancies in information, we hold about you and letting us know if your personal details change.
Complaints about the handling of your personal information
36. You may contact us at any time if you have any questions or concerns about this privacy statement or about the way in which your personal information has been handled.
37. You may make a complaint about privacy to Affinity Medical Imaging's Privacy Officer via the email address set out below.
38. The Privacy Officer will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve the complaint. We will generally respond to your complaint within a week.
39. If your complaint requires more detailed consideration or investigation, we will acknowledge receipt of your complaint within a week and endeavour to complete our investigation into your complaint promptly. We may ask you to provide further information about your complaint and the outcome you are seeking. We will then typically gather relevant facts, locate and review relevant documents and speak with individuals involved.
40. In most cases, we will investigate and respond to a complaint within 30 days. If the matter is more complex or our investigation may take longer, we will let you know.
41. If you are not satisfied with our response to your complaint, or you consider that we may have breached the Act, you can make a complaint to the Office of the Privacy Commissioner by telephone on 0800 803 909 or by using the contact details on their website.
How you can contact us
42. You can contact Affinity Medical Imaging's Privacy Officer by email at info@affinityimaging.co.nz