BACKGROUND

Omnicare is a specialist women’s health and gynaecologist organisation committed to women’s health and their privacy. This privacy statement sets out our obligations under the Privacy Act, as well as the information we collect, the information we give to third parties and how we collect and hold your personal information, and the obligations of the Privacy Commissioner.

OUR PRIVACY COMMITMENT

We respect your right to privacy and are committed to being open and transparent with you. We endeavour to communicate in the clearest way possible with you about how we treat and manage your personal information.

We comply with the New Zealand Privacy Act 2020 (“Act”) when dealing with patient privacy. This Act regulates how we collect, manage and store your personal information. It also specifies how people may access and correct information held about them.

PURPOSE

The primary purpose of us collecting personal information about you is to help us manage your healthcare and wellbeing. This includes the administration and management of treatment services, health insurance eligibility checks, invoicing, to maintain and develop business systems and infrastructure, and to improve the services we provide.

We collect information such as name, address, telephone numbers, email address(es), National Health Index (NHI), date of birth, consents given, next of kin, preferred contact person or any other information which may assist us in managing your healthcare and wellbeing. We collect information about your health including health history and what has been provided by your referring doctor or General Practitioner (“GP”). We also collect insurance information and record your interactions with us.  In the course of carrying out our treatment services, we may also collect information from other third parties, not limited to laboratories, radiology providers and other providers of specialist medical services.

We may also obtain information about you automatically when you visit our website or use our website services, like your IP address and device type.  Some of this information may be collected using cookies and similar tracking technologies.

Providing information is optional. If you choose not to provide the personal information we ask for, or do not consent to our collecting that personal information from third parties, then depending on the type of personal information concerned, we may not be able to provide you with appropriate treatment or care.

INFORMATION WE GIVE TO OTHERS

We will use and disclose your personal information for purposes directly related to your treatment and in ways you would reasonably expect for your ongoing care, or in accordance with this Privacy Statement. This may include, but is not limited to, the transfer of relevant personal information to your nominated GP, to another treating health service or hospital, to a specialist for a referral or for pathology tests and X-rays.

YOUR CONSENT

By commencing or continuing your relationship with us, you authorise the collection and disclosure of personal information, including health information, by us, from and to third parties, as detailed in this Privacy Statement.

CHANGES TO THIS PRIVACY STATEMENT

We may make changes to the terms of this Privacy Statement from time to time. You have notice of any changes when an updated version is posted on our website.

HOW WE COLLECT AND HOLD PERSONAL INFORMATION

We collect information in a variety of ways, not limited to paper and electronic formats.

We have confidentiality requirements on the use of information by our employees, practitioners and contractors.

Our patient management system is held behind an encrypted secure network. Access to personal information is controlled through identity and access management.  Data is backed up daily and we employ firewalls with intrusion detection and virus scanning tools to protect us from unauthorised access.

We are required to disclose some information to government agencies to comply with laws regarding the reporting of notifiable diseases and statistics. Your personal information may be required as evidence in court when subpoenaed.

If there has been a break in the continuity of patient care, we might need to seek your consent before releasing personal information to a new doctor or health professional. If the situation is considered an emergency, consent is not required.

We cannot use your personal information for direct marketing purposes unless you provide clear authorisation in writing.

Our staff may convey to your next of kin or a close family member general information about your condition while in hospital in accordance with the accepted customs of medical practice unless you request otherwise.

Our policies and procedures ensure our staff treat your personal information confidentially and discreetly with respect.

HOW YOU CAN ACCESS YOUR PERSONAL INFORMATION OR SEEK ITS CORRECTION

You have a right to request access to your personal information.  You can also ask us to correct information you believe it is inaccurate. If you wish to do so please send your request in writing to privacyofficer@omnicare.co.nz. We will review your request as soon as reasonably practical and in accordance with the Privacy Act. All requests require proof of identity or authority and outline the correction needed.

It is your responsibility to ensure that the personal information you provide is accurate, complete and up to date.

INTERNATIONAL DATA TRANSFERS

In providing our services, you accept that we may disclose personal details to recipients in countries other than New Zealand if we believe there is reasonable grounds the recipient is required to protect your personal information using comparable safe guards to those under New Zealand privacy laws. If we cannot ensure a recipient is able to properly safeguard your personal information, we will only provide this information if you authorise us to do so.

If we cannot contact you, we will use our judgment to determine whether transferring your data internationally is prudent. We will only disclose information overseas if we are satisfied the receiving agency has similar safeguards to those in the Act.

RETENTION

We will keep your personal information for as long as we have a relationship with you and for a period of time afterwards in accordance with the Health (Retention of Information) Regulations 1996.

PRIVACY OFFICER

We take your concerns seriously.  If you have any questions about privacy or the use or collection of your personal information, please email our Privacy Officer at privacyofficer@omnicare.co.nz.  We will respond as quickly as possibly (our target response is 20 days) and handle all complaints in a way that is fair and consistent.  We have an internal privacy procedure, and this will be adhered to.

If we, as a business, believe there has been a privacy breach that has caused serious harm, we must immediately notify the Office of the Privacy Commissioner, as well as anyone affected by the breach.  If we believe there has been a privacy breach that will affect you, we will notify you immediately of the breach and any next steps.

The Privacy Commissioner has the power to issue compliance notices which can require us to do something, or cease doing something, in order to comply with the Act.

However, if you are not satisfied of our handling or the outcome, you may choose to lodge a complaint with the Privacy Commissioner:

Tel: 0800 803 909

Website: https://www.privacy.org.nz/responsibilities/privacy-breaches/notify-us/

Physical mail: PO Box 10 094, Wellington 6143