Introduction
Braemar Hospital Limited is committed to safeguarding the privacy of patient information. We have a legal obligation to comply with the requirements of The Privacy Act 2020 and the Health Information Privacy Code 2020.
More information about these laws is available on the website of the Privacy Commissioner: www.privacy.org.nz
This privacy statement details:
- The type of personal information we collect and hold
- How we collect and hold personal information
- The purposes for which we collect personal information
- How you can access and correct personal information we hold
- How we will respond to a privacy breach
What Information do we collect?
We collect personal and medical details of patients so that we can provide them with medical treatment and advice. We collect personal information of medical practitioners so that we can enable them to work in our hospital. The information we collect may include:
- Name
- Date of birth
- Country of birth
- Residency status
- Occupation
- Religion
- Ethnicity
- Address
- Phone numbers
- Email address
- Medical history
- Family medical history
- Health information (such as medical test results, diagnosis and planned treatments)
We only collect information that we need for the purpose for which we are collecting it.
Why is this information collected?
If you are to receive, or have received, a service from Braemar Hospital or if you are a medical practitioner providing services at our hospital, we will collect and hold your personal information to:
- Provide the required treatment, service and advice
- Administer and manage those services including charging, billing and debt collection
- Contact you to provide advice or information relating to your treatment
- Conduct appropriate health insurance eligibility checks
- Improve the quality of our services through research and development
- Conduct regular surveys to gain an understanding of individual needs
- Maintain and develop business systems and infrastructure to improve the services we provide
How do we collect personal information?
If it is practical to do so, we will collect your information directly from you. This may take place when you complete admission or administration paperwork via the hospital admission process, through your doctor’s rooms, or over the telephone.
Sometimes we may need to collect information from third parties if it is unreasonable or impractical to collect it from you. These third parties may include a relative, power of attorney, or another health services provider.
To facilitate continuation of your care following discharge, it is our practice to disclose personal information to your nominated General Practitioner and other health providers. If you do not want your personal information disclosed, please let us know.
How do we use personal information?
We only use or disclose personal information:
- For the purpose which it was collected or a purpose directly related to that purpose
- For any other purpose for which you have authorised
- Otherwise where we are permitted or required to do so by law
We will use and disclose your information for purposes directly related to your treatment and in ways you would reasonably expect for your ongoing care. This may include, but is not limited to transfer of relevant information to your nominated General Practitioner, to another treating health service or hospital, to a specialist for a referral or for pathology tests and X-rays.
The main purpose of collecting information about you is to provide ongoing medical treatment and advice. We are required to disclose some information to Government agencies to comply with laws regarding the reporting of notifiable diseases and statistics. Your personal information may be required as evidence in court when subpoenaed.
If there has been a break in the continuity of patient care, we might need to seek your consent before releasing information to a new doctor or health professional. If the situation is an emergency, consent is not required.
We cannot use your personal information for direct marketing purposes unless you provide authorisation.
Our staff may convey to your identified next of kin or a close family member, general information about your condition while in hospital, in accordance with accepted customs of medical practice, unless you request otherwise.
Our policies and procedures ensure our staff treat your information confidentially and discreetly. We do not ordinarily disclose patient personal information to entities overseas. You may direct us to do so if, for example, your health insurer is based outside of New Zealand. Privacy regulations in other countries may not be as strict as in New Zealand.
What are the consequences of not providing personal information?
You do not have to provide us with personal information. However, you will need to tell us so we can discuss any consequences this may have. If you do not provide us with the requested personal information, this may impact on our ability to provide you with our services.
How do we store personal information?
We store personal information in a variety of ways including paper and electronic formats. The security of information is important to Braemar Hospital. Our staff are responsible for maintaining the security of patient information from unauthorised access, misuse, loss and damage.
How do you access and correct your personal information?
You are entitled to request access to and/or correction of all personal information we hold, including your medical records. To enable us to process your request we ask you to apply for access in writing or by email. We may require you to provide proof of identification.
Access to the information will be either be in the form of copies or by allowing you to view the information.
Access to personal information may be declined in special circumstances, such as where giving access would put you or someone else as risk of harm, or would result in unwarranted disclosure of someone else’s information. If access is declined we will provide an explanation of the reasons in writing or by email.
If you advise us that you believe the information we hold about you is incorrect we may choose not to amend the information we hold. If we choose not to amend the information, you may request that your view be noted on the relevant record.
How do we respond to a privacy breach?
A privacy breach occurs when there is unauthorised or accidental access to personal information or disclosure, alteration, loss, or destruction of personal information. If the privacy breach causes or is likely to cause serious harm to someone, we will notify the Officer of the Privacy Commissioner as soon as possible. If a notifiable privacy breach occurs we will also notify the effected person or people.
Contact us
If you have questions about the privacy of your information, or if you have a complaint you should contact us by:
- Writing to:
The Privacy Officer
Braemar Hospital Limited
PO Box 972
Waikato Mail Centre 3240
- Phoning 07 843 1899 and asking to speak with our Privacy Officer (either the General Manager of Clinical Services, or the Chief Financial Officer).
If you are not satisfied with how we have dealt with your complaint, you can contact the Privacy Commissioner.