top of page
medical.jpg

PRIVACY STATEMENT 

Rule 1:

 Health information must only be collected when:

  • The collection is for a lawful purpose, connected with what the agency does, and

  • It is necessary to collect the information for that purpose

Rule 2:

 Health information must usually be collected from the person who the information is about. But sometimes it is all right to collect information from other people instead - for instance, when:

  • Getting it from the person concerned would undermine the purpose of the collection

  • It’s necessary so a public sector body can uphold or enforce the law

  • The person concerned authorises collection from someone else

Rule 3:

 When an agency collects health information from the person the information is about, it has to take reasonable steps to make sure that person knows things like:

  • Why it is being collected

  • Who will get the information

  • Whether the person has to give the information or whether this is voluntary

  • What will happen if the information isn’t provided

Again, there are sometimes good reasons for not letting a person know, including that it would undermine the purpose of the collection, or it’s just not possible to tell the person.

At Village Health, we collect the information so we can provide best medical care to you. The information is held in our computer system and can be accessed by the team at Village Health.

Your information may also be provided to other medical providers that you are referred to, and will also be available on HealthOne should the Hospital or another medical centre need to access it to provide care to you.

Access to your information is restricted to authorised personnel via a unique username and password. If you don’t provide information, we may not be able to provide medical care for you.

Rule 3A:  When an agency collects personal information indirectly, it must take reasonable steps to make sure that the person knows:

  • That the information has been collected.

  • The purpose of the collection.

  • The intended recipients of the information. 

  • The name and address of the agency that is collecting information and the agency that holds the information.

  • If the collection is authorised or required by law, which particular law that is.

  • Their right to access and correct their information.

There are a number of exceptions to this principle, such as if the individual has already been made aware of the indirect collection, or that the information won’t be used in a way that identifies people.

​

Rule 4:

 Health information must not be collected by unlawful means or by means that are unfair or unreasonably intrusive in the circumstances.

Rule 5:

 It’s impossible to stop all mistakes. However, agencies must ensure that there are reasonable safeguards in place to prevent loss, misuse or disclosure of health information.

At Village Health, we have protocols that staff must comply with to protect your data. This includes rules regarding accessing information, storage of hardcopy files, secure destruction of paper based information, and IT Security.

Rule 6:

 People usually have a right to ask for access to health information about themselves. Agencies can refuse to give access in some situations, for instance because giving the information would:

  • Endanger a person’s safety

  • Prevent detection and investigation of criminal offences

  • Involve an unwarranted breach of someone else’s privacy

At Village Health, of course you may request your medical records. We prefer that this request is in writing. We may take up to 20 working days to respond to your request and can choose not to release some, or all, information for the reasons listed above. We normally provide reasonable requests for records free of charge, but can charge for repeated requests within 12 months. Large medical records are preferred to be provided electronically.

We strongly recommend that you do not request your records to give to a new medical centre in NZ, or to give to an Insurance Company or Agent. If you move to a new medical centre they are able to request the records to be delivered electronically, which is safer and more accurate.

It is unwise to provide full hard copy medical histories to insurers. Insurers are able to make valid requests via Suremed/Konnect or directly and these would include your written authority to release information.

Rule 7:

 People have a right to ask the agency to correct information about them, if they think it is wrong.

If the agency does not want to correct the information, it does not usually have to.  However, people can ask the agency to add their views about what the correct information is.

At Village Health, our preference is to add an entry to your medical records stating that you have requested that the part of the information is changed, together with the details of that change.

Rule 8:

 Before it uses or discloses health information an agency must take reasonable steps to check that information is accurate, complete, relevant, up to date and not misleading.

Sometimes the information will still be wrong, but the agency needs to try to get it right.

Rule 9:

 Agencies must not keep health information for too long.  They can only keep it for as long as is necessary to carry out the purpose for which the agency got the information in the first place.

At Village Health, we are also subject to other rules regarding medical records. Normally, they must be kept for at least 10 years after you change medical centre or after your death. This period is longer for children and vulnerable patients.

Rule 10:

 Agencies must use health information for the same purpose for which they obtained that information. Other uses are occasionally permitted (for example because this is necessary to enforce the law, or the use is directly related to the purpose for which the agency got the information).

Rule 11:

 Agencies can only disclose health information in limited circumstances. One example is where another law requires them to disclose the information.  Also, an agency can disclose information if it reasonably believes, for example, that

  • disclosure is one of the purposes for which the agency got the information

  • disclosure is necessary to uphold or enforce the law

  • disclosure is necessary for court proceedings

  • the person concerned authorised the disclosure

  • the information is going to be used in a form that does not identify the person concerned.

Rule 12:

 Some agencies give people a “unique identifier” instead of using their name.  Examples are a driver’s licence number, a student ID number, or an IRD number.  An agency cannot use the unique identifier given to a person by another agency.  People are not required to disclose their unique identifier unless this is one of the purposes for which the unique identifier was set up (or directly related to those purposes).

At Village Health, we use your NHI, which is a unique identifier used across all medical providers and hospitals to make sure we’re talking about the same patient. We may also use your Driving License or another ID to identify you for registration on the Manage My Health patient portal.

Pegasus-logo-1.png

© 2023 Village Health  |  03 338 8595  |  30 Lincoln Road, Christchurch

  • Instagram
  • Facebook
cornerstone.png
bottom of page