Privacy Policy

Last Updated: February 2024

 

Introduction

Ascot Angiography Ltd (“we”, “our” or “us”) is committed to safeguarding the privacy of patient information. We have a legal obligation to comply with the Privacy Act 2020 (” the Act”), the Information Privacy Principles (“IPPs”) under that Act, and where health information is involved, the Health Information Privacy Code 2020 (“the Code”). You can read more about these laws on the website of the NZ Privacy Commission (www.privacy.org.nz).

Under the Act, organisations that are in possession of an individual’s ‘personal information’ must observe certain restrictions and standards concerning the collection, use, disclosure, and security of that information. Personal information is defined by the Act as ‘information about an identifiable individual’.

As our patient, we may collect certain personal information and a medical history from you. For instance, we collect your personal details so we can provide you with medical treatment and advice. Test results and further information may be collected by us prior to your admission or may be received by us after your discharge.

For those people who are credentialled and independent medical practitioners who work within our hospitals and treat patients, we also collect personal information (such as evidence of competency, experience, current fitness, relevant health information, professionalism, and performance) to ensure that such practitioners are sufficiently qualified and safe to operate on patients.

We have an obligation to collect personal information about you directly from you unless it is unreasonable or impracticable to do so. If we have collected personal information about you, we must take steps as are reasonable in the circumstances to ensure that you are aware that we have collected your information and what we intend to do with it.

We have developed this Privacy Statement to inform you about:

  • The kind of personal information that we collect and hold.
    How we collect and hold personal information.
  • The purposes for which we collect, hold, use, and disclose personal information.
  • How you can gain access to personal information we hold and seek its correction.
  • How you may complain about possible breaches of privacy, and how that complaint will be handled.

 

Health and safety

This section applies to information collected for health and safety purposes. This helps us to manage the safety and security of our workplaces and those who visit.

If you entering Ascot Angiography, your contact details, such as your name, mobile number, and time of your visit, may be collected.

We will collect your contact details in the following ways:

  • If you are a patient, visitor or contractor, you will be asked to provide your contact details at our reception desk at the front entrance to our premises, either by signing in manually or using our electronic visitor register where this is available. We will already have your details if you are a patient.

If you do not wish to provide this information, we may be unable to allow you onto our premises.

 

How do we use personal information?

We will only use or disclose your personal information:

  • for the purpose which it was collected (or a purpose that is directly related to the purpose in connection with which the information was obtained);
  • for any other purpose for which you have authorised; and
  • otherwise, where we are permitted or required to do so by law.

We use personal information for the following purposes:

  • to confirm your identity.
  • to provide you, as our patient, with the clinical treatment that you have requested.
  • to enable you, as a credentialled and independent medical practitioner to access and practice within our hospitals to treat patients.
  • to offer applications (often referred to as an ‘App’) containing patient health information to medical practitioners, for that medical practitioner to review their patient’s health information and enable either our clinical staff, or a patient’s medical practitioner to provide timely medical treatment to their patient (note that any mobile App has a secure user consent process to enable those persons to access such data).
  • paying accounts, invoices or generating bills.
    to investigate and resolve complaints concerning the provision of services.
  • to comply with legislative and regulatory requirements and provisions; and
  • to perform administrative functions including accounting, risk management and record keeping.

 

What personal information do we collect?

The personal information that we collect from patients generally includes:

  • your name, email and postal address, date of birth, contact details, occupation, the name of your GP, emergency contact details, and other personal details (such as health insurance details if applicable), your NHI number, medical history, family medical history and health information such as medical test results, diagnosis, and treatments for us to open a hospital record.
  • personal information such as the name, contact details and medical history of any medical practitioners who are credentialled to treat the patients in our hospitals.

For those people who are credentialled and independent medical practitioners who access and practice within our hospitals and treat patients, we also collect personal information (such as evidence of competency, experience, current fitness, relevant health information, professionalism, and performance) and a medical history to ensure that such practitioners are sufficiently qualified and safe to operate on patients.

We often collect personal information that is regarded as health information. Health information may only be collected where it is reasonably necessary for, or directly related to, one of our business functions or activities. Where required by law or regulation, we will handle this type of personal information differently to other types of personal information due to its special nature.

 

Why is this information is collected?

If you are to receive, or have received, a service from us we will collect and hold your personal information to:

  • provide the required treatment, service, and advice.
  • administer and manage those services, including charging, invoicing, and debt collection.
  • contact you to provide advice or information relating to your treatment.
  • conduct appropriate health insurance eligibility checks.
  • improve the quality of our services through research and development.
  • conduct surveys to gain an understanding of individual needs.
  • maintain and develop business systems and infrastructure to improve the services we provide.

If you are a medical practitioner providing services at our facility, we will collect and hold your personal information to:

  • administer and manage those services, including charging, invoicing, and debt collection.
  • contact you to provide advice or information relating to a patient’s treatment.
  • conduct appropriate indemnity insurance, registration, and other relevant professional practice checks.
  • improve the quality of our services through research and development.
  • conduct surveys to gain an understanding of individual needs.
  • maintain and develop business systems and infrastructure to improve the services we provide.

 

How do we collect personal information?

Information collected from you.

When it is reasonable and practicable to do so, we will collect your information from you directly.

  • each time we have contact with you by telephone or email, or when you visit our website and complete an online enquiry form and submit that to us.

As a patient this may take place when you complete admission or administrative paperwork either in person via a paper form. It may also occur via the admission process, through your doctor’s rooms or over the telephone. We will do this:

  • when you, as our patient, provide information before, during or after your patient admission.

As one of our credentialled medical practitioners:

  • applying to become credentialled with us, so as to enable you to treat patients within our facility.

As a staff member of Ascot Angiography Limited, or if you apply for employment with us.

When you browse our website, you may do so without providing any personal information. However, where you voluntarily provide personal information (e.g. via an email to us or by completing a request online via our website) we are required to manage your information safely and with respect as per the Act and the Code.

 

Information collected from third parties

We may also collect personal information about you for the purposes set out above from:

  • medical practitioners and/or other healthcare service providers or external agencies.
  • your treatment funder (or an advisor or agent associated with your treatment funding); and
  • any other third party authorised by you such as a relative, a person with your power of attorney or other health services provider if it is unreasonable or impracticable to collect it from you.

We may need to access health information about you that is relevant to your current treatment (including pre-admission and after discharge) which may be held by us, other health professionals or other health organisations.

When we collect personal information about you from a third party (such as another health services provider) you will have already given that third party your consent to share personal information with us for the purposes of carrying out your treatment, or we may contact you directly to obtain your consent to access this information.

If you do not provide the personal information we request or do not consent to our collecting that personal information from third parties, then depending upon the type of personal information concerned, we may not be able to provide you with appropriate treatment or care.

 

Google Analytics

At www.ascotangiography.co.nz, Google Analytics is utilised to collect visitor data and analyse site traffic, aiding in the understanding of customer interests and website improvement. Cookies, small elements of data, may be sent to your browser to gather information about your operating system, including browser type and IP address, based on your browser preferences. However, the website does not employ cookies to obtain personally identifiable information. You have the choice to configure your internet browser to receive notifications when receiving cookies, granting you the opportunity to accept or block them accordingly.

 

Use and disclosure of personal information.

We will use and disclose your personal information for purposes directly related to your treatment and in ways you would reasonably expect for your ongoing care, or in accordance with this Privacy Statement. This may include, but is not limited to, the transfer of relevant personal information to your nominated GP, to another treating health service or hospital, to a specialist for a referral, for pathology tests and X-rays.

To facilitate continuation of your care following discharge, it is our practice to disclose personal information to your nominated general practitioner. If you do not want your personal information disclosed to your nominated general practitioner, please let us know.

The main purpose of collecting personal information about you is to provide ongoing clinical treatment and advice.

We are required to disclose some information to government agencies to comply with laws regarding the reporting of notifiable diseases and statistics. Your personal information may be required as evidence in court when subpoenaed.

We cannot use your personal information for direct marketing purposes unless you provide authorisation.

Our staff may convey to your next of kin or a close family member, general information about your condition while in hospital, in accordance with the accepted customs of medical practice, unless you request otherwise.

Our policies and procedures ensure our staff treat your personal information confidentially and discreetly.

We do not ordinarily disclose patient personal information to entities overseas. You may direct us to do so if, for example, your health insurer is based outside of New Zealand. These organisations may not be subject to New Zealand privacy laws. However, we will take such steps as are reasonable in the circumstances to ensure that those organisations are either subject to privacy laws that, overall, provide comparable safeguards to those under the Act, or are otherwise required to protect the information in a way that, overall, provides comparable safeguards to those under the Act.

In summary, we will only disclose your personal information to third parties:

  • if you have given us your consent to do so;
  • to people or entities such as:
    – (if you are a patient) your medical practitioner or GP and/or other healthcare service provider;
    – government, law enforcement or statutory bodies;
    – treatment funders, where the information is required as part of a treatment settlement or associated audit;
    – if the situation is an emergency and consent is not required.
  • to other Southern Cross branded businesses for the sole purposes of: (a) fraud prevention, detection and investigation; and (b) redirecting claims and other correspondence that we reasonably believe to be intended for another Southern Cross branded business;
  • to any third party authorised by you; and
  • where it is permitted by law.

Any use of your information by that third party is limited solely to the purpose of that third party.

There may be occasions when your information is used or disclosed in other circumstances which are permitted by the Act, the Code or other laws.

 

Your consent

As a patient you should note that by commencing or continuing your relationship with us, you are taken to have authorised the collection and disclosure of personal information, including health information, by us from and to third parties as detailed in this Privacy Statement. You do not have to provide us with your personal information. However, depending on the circumstances, this may prevent us from being able to provide our services to you.

For those people who are credentialled and independent medical practitioners who access and practice within our hospitals and treat patients commencing or continuing your relationship with us, you are taken to have authorised the collection and disclosure of personal information, including health information, by us from and to third parties as detailed in herein and in the Credentialling access and practice guide. You do not have to provide us with your personal information. However, this will prevent us from being able to provide you with access and the ability to practice within our hospitals.

 

How personal information is held / security.

Your personal information will be collected and held by:

Ascot Angiography Ltd, 90 Greenlane East Road Greenlane Auckland

We store personal information in a variety of ways, including paper and electronic formats. The security of information is important to us. Our staff are responsible for maintaining the security of patient information from unauthorised access to misuse, loss and damage.

We are strongly committed to protecting your personal information and your privacy. We have strict information security policies and procedures in place to protect personal information held by us from misuse, interference, loss, and unauthorised access, modification, or disclosure.

Access to personal information systems is controlled by us through identity and access management. All employees are required to complete training about information security; and we regularly monitor and review our compliance with internal policies and industry best practice. By law we are required to hold all health information for a period of 10 years. Personal information may be stored in either hardcopy documents or as electronic data. We store all electronic data in secure data facilities located in either NZ or Australia, these facilities are either owned by us or our external service providers. All personal information is held in secure locations with access limitations. Our computer-based information is protected using access passwords on each computer. Data is backed up daily. We employ firewalls, intrusion detection systems and virus scanning tools to protect against unauthorised persons and viruses entering our systems.

Where personal information is transferred by you to us over the internet, we cannot guarantee that a transmission of information is always secure, and while we maintain the highest security measures, we cannot ensure information sent by you is secure and therefore it is transmitted by you at your own risk.

It is considered usual practice for healthcare organisations to communicate with patients via ordinary post. Such communications may include personal or health information.

We use a secure disposal system for the destruction of hard copy records containing personal information that does not need to be retained. All electronic documents are retained securely in our system.

Our security procedures and policies are audited on a regular basis to ensure they are updated and in accordance with legal requirements and current levels of information security standards and practices.

We will take all reasonable steps to protect the personal information of patients and credentialled medical practitioners from misuse, interference, loss, unauthorised access, modification, or disclosure in accordance with the Act and the Code.

When we no longer need your personal information for a purpose for which it may be used or disclosed by us, we will take steps that are reasonable in the circumstances to destroy that information or make sure it is anonymised. We do not need to destroy or anonymise information that we are required to retain by a New Zealand law or a court/tribunal order.

 

Access and correction

You may request access to and/or correction of any of the personal information, including your medical records that we hold about you. To enable us to process your request, we ask that you contact us in writing or by emailing privacy@ascotangiography.co.nz and state:

  • your name.
  • your date of birth; and
  • the kind or type of information that you are requesting access to.

If you wish to correct that information, we may require proof that we have incorrect information held about you (i.e. such as statement from a doctor).

The type of information held generally includes the following:

  • a record of your hospital procedures and medical history, and.
  • the name of your medical practitioner who is providing or has provided treatment to you if you are our patient.
  • details relating to your credentialling with us, if you are a medical practitioner working within our facility.
  • for some people, information relating to their treatment insurance cover and audit requirements.

Details of what kind of information we hold and for what purpose can be obtained by emailing us. You can also request information as to how we collect, use, store, and disclose your information.

We will acknowledge a request for access and respond to your request as soon as reasonably practicable and no later than 20 working days from the date the request is received unless we have extended the time limit for responding to your request in accordance with the provisions of the Privacy Act. We may recover from you the reasonable costs of providing access to your personal information. We do not charge you for receiving or processing a request to correct or update your personal information. Access to the information will either be in the form of copies or by allowing you to view the information.

Where your access request may result in disclosure of personal information and, in particular health information, about other individuals, the request for access must be in writing with appropriate consents or a declaration that consent has been given before the personal information is released.

If you establish that the personal information, we hold about you is not accurate, complete or up-to-date, we will take reasonable steps to correct the information on being provided sufficient evidence to correct or change the information. Please assist us to keep accurate details by informing us whenever your personal details change or whenever you become aware that our records are inaccurate.

There are certain circumstances permitted under the Privacy Act where we might not be able to fulfil your request. If that happens, we will provide reasons in writing for the denial or limitation on access and the options available to you to dispute the refusal, and we will inform you of any exceptions relied on under the Act. If we don’t allow you to access or correct your personal information, and you disagree with our decision, please contact us using the contact details set out at the end of this Privacy Statement.

We will investigate your complaint and respond to you as quickly as possible (usually within 30 days of hearing from you). If your complaint takes longer to resolve, we’ll let you know how the investigation is progressing.

 

Overseas storage of data

Due to the way in which we store electronic data, in some cases your information is transferred overseas. By signing our patient admission form, you are consenting to us transmitting, using secure connections, your information to overseas parties for the purpose of secure storage, in appropriate circumstances, if required.

 

No marketing

We do not rent, sell, or lease our customer information to third parties.

 

Privacy complaints

You should first direct any complaint of an alleged breach of the Privacy Act to our Privacy Officer

The complaint can be emailed to privacy@ascotangiography.co.nz

Alternatively, any complaint may be sent by post, for the attention of the Privacy Officer, to this address:

Ascot Angiography Ltd

PO Box 17187

Greenlane
Auckland New Zealand

If you are not satisfied with how we have dealt with the complaint, you may contact the Privacy Commissioner at:

Privacy Commissioner
Level 13, WHK Tower
51-53 Shortland Street
Auckland 1140
New Zealand

Telephone 0800 803 909

Email enquiries@privacy.org.nz

 

Changes to the Privacy Statement

This Privacy Statement was last updated in February 2024 and is subject to ongoing review.

Ascot Hospital, Level 3
90 Greenlane East
Remuera, Auckland 1051

PO Box 17 187,
Greenlane, Auckland 1546

Contact Us