Privacy Policy

At CardioLabs we are committed  to promoting and protecting individual privacy in accordance with the Privacy Act 2020 ('Act') and the Health Information Privacy Code 2020 ('Code').


In this Policy "we" and "us" refer to employees trading as CardioLabs specialists, including  health professionals, technical staff and administrative staff.


Your privacy is important to us. We respect your right to privacy and are committed to being open and transparent with you. We endeavour to communicate in the clearest way possible with you about how we treat and manage your personal information. In this Privacy Policy we set out the principles which apply to any personal information which we collect about you (whether from you or from other sources).
 
We comply with the New Zealand Privacy Act 2020 (“Act”) when dealing with patient privacy. This Act regulates how we collect, manage and store your personal information. It also specifies how people may access and correct information held about them. 


The primary purpose of us collecting personal information about you is to help us manage your healthcare and wellbeing. This includes the administration and management of treatment services, health insurance eligibility checks, invoicing, to maintain and develop business systems and infrastructure, and to improve the services we provide.


We collect information such as name, address, telephone numbers, email address(es), National Health Index (NHI), date of birth, consents given, preferred contact person or any other information which may assist us in managing your healthcare and wellbeing. We collect information about your health including health history and what has been provided by your referring doctor or General Practitioner (“GP”), or other healthcare professional. We also collect insurance information and record your interactions with us. In the course of carrying out our treatment services, we may also collect information from other third parties, not limited to laboratories, radiology providers and other providers of specialist medical services.


We will take reasonable steps to ensure each patient is aware of:

·      The fact that information is being collected;

·      The purpose for which the information is being collected;

·      The intended recipients of the information;

·      The name and address of who is collecting the information, and who         will hold the personal information;

·      If collection is authorised or required by law, the particular law, and           whether the supply of information is voluntary or mandatory;

·      Any consequences for that patient if all or part of the requested                 information is not provided; and

·      The rights of access to, and correction of, personal information.


We may also obtain information about you automatically when you visit our website or use our website services, like your IP address and device type. Some of this information may be collected using cookies and similar tracking technologies.
 
Providing information is optional. If you choose not to provide the personal information we ask for, or do not consent to our collecting that personal information from third parties, then depending on the type of personal information concerned, we may not be able to provide you with appropriate treatment or care.


Purpose and Collection

Access and Storage


We collect information in a variety of ways, not limited to paper and electronic formats. 


We have confidentiality requirements on the use of information by our employees, practitioners and contractors.


Our patient management system is held behind an encrypted secure network. Access to personal information is controlled through identity and access management. Data is backed up daily and we employ firewalls with intrusion detection and virus scanning tools to protect us from unauthorised access.


We will only keep personal information for as long as is required for the purposes for which the personal information may lawfully be used, or as required by law. Once we no longer require the personal information for that purpose, we will take reasonable steps to safely dispose of the personal information.

We are required to disclose some information to government agencies to comply with laws regarding the reporting of notifiable diseases and statistics. Your personal information may be required as evidence in court when subpoenaed.
 
If there has been a break in the continuity of patient care, we might need to seek your consent before releasing personal information to a new doctor or health professional. If the situation is considered an emergency, consent is not required.
 
We cannot use your personal information for direct marketing purposes unless you provide clear authorisation in writing.
 
Our staff may convey to your next of kin or a close family member general information about your condition in accordance with the accepted customs of medical practice unless you request otherwise.
 
Our policies and procedures ensure our staff treat your personal information confidentially and discreetly with respect.


You consent to us using your personal information to send you messages by mail, email, SMS and telephone about the services you have or are about to receive. Each time you request us to provide you with services, we will send you an email and/or SMS or call you by telephone to confirm any booking details and for the purposes of communicating with you in relation to any services you have requested or have received. You cannot unsubscribe from these messages.
 
We may also send you our service email communications from time to time regarding any technical, administrative or legal notices that we consider appropriate. You may unsubscribe from these notices by replying to any such notice with the word "unsubscribe" in the headline, or by contacting our Privacy Officer whose details appear below.


We will use and disclose your personal information for purposes directly related to your treatment and in ways you would reasonably expect for your ongoing care, or in accordance with this Privacy Policy. This may include, but is not limited to, the transfer of relevant personal information to your nominated GP, to another treating health professional, service or hospital, to a specialist for a referral.


You have a right to request access to your personal information. You can also ask us to correct information you believe it is inaccurate. If you wish to do so please send your request in writing to our Privacy Officer whose details appear below. We will respond to the request in accordance with the timeframes and procedures specified in the Act. There are limited circumstances in which we can deny a patient access to, or to correct personal information. If that is the case, we will provide the patient with the reason for denial of access to, or correction of, the personal information.
 
It is your responsibility to ensure that the personal information you provide is accurate, complete and up to date. 


In providing our services, you accept that we may disclose personal details to recipients in countries other than New Zealand if we believe there is reasonable grounds the recipient is required to protect your personal information using comparable safe guards to those under New Zealand privacy laws. If we cannot ensure a recipient is able to properly safeguard your personal information, we will only provide this information if you authorise us to do so. You are able to request in advance not to be contacted by our research company by contacting our Privacy Officer, whose details appear below.
 
If we cannot contact you, we will use our judgment to determine whether transferring your data internationally is prudent. We will only disclose information overseas if we are satisfied the receiving agency has similar safeguards to those in the Act. 



Communication, Access and Correction

Reporting Breaches

We will take all steps necessary to ensure a privacy breach does not occur. 


·      A privacy breach is the unauthorised, or accidental access to, or disclosure, alteration, loss or destruction of personal information, or an action that prevents us from accessing the information (on a temporary or permanent basis).

·      A notifiable privacy breach is a privacy breach from which it is reasonable to believe serious harm has been caused to an affected individual(s) (or is likely to do so).


In the event that a notifiable privacy breach occurs, or if we, as a business, believe there has been a privacy breach that has caused serious harm, we must immediately notify the Office of the Privacy Commissioner, as well as anyone affected by the breach. If we believe there has been a privacy breach that will affect you, we will notify you immediately of the breach and any next steps. 


Any individual who becomes aware of a privacy breach or a notifiable privacy breach should immediately notify our Privacy Officer, so that the matter can be dealt with in accordance of the Act.


The Privacy Commissioner has the power to issue compliance notices which can require us to do something, or cease doing something, in order to comply with the Act. However, if you are not satisfied of our handling or the outcome, you may choose to lodge a complaint with the Privacy Commissioner: Tel: 0800 803 909  Website: https://www.privacy.org.nz/responsibilities/privacy-breaches/notify-us/



We are committed to the fair, simple, speedy and efficient resolution of complaints relating to the Code. If a patient wishes to make a complaint for a breach of the Code, they should direct their complaint to our Privacy Officer, whose details are listed below.


If we receive a complaint for a breach of this Code, we will:

·      Within 5 days of receipt of the complaint, acknowledge the complaint in writing (unless the complaint has been resolved to the satisfaction of the complainant within that period); and

·      Inform the complainant of any of our relevant internal and external complaints procedures; and

·      Document the complaint and our actions regarding that complaint.


Within 10 days of acknowledging the complaint we will:

·      Decide whether we accept that the complaint is justified or not; or

·      If we decide that more time is needed to investigate the complaint, we will:

·      Determine how much additional time is needed; and

·      If that additional time is more than 20 working days, we will inform the complainant of that determination and the reasons for it.


As soon as practicable after we have decided whether or not we accept the complaint is justified, we will inform the complainant of:

·      The reasons for our decision;

·      Any actions that we propose to take;

·      Any appeal procedure we have in place; and

·      The right to complain to the Privacy Commissioner.


This complaint procedure is subject to our rights under the Act to refuse to provide patients with access to their personal information.

Complaint Process

Privacy Officer

We take your concerns seriously. If you have any questions about privacy or the use or collection of your personal information, or if you wish to request us to correct or stop using your personal information in any way, please email our Privacy Officer at manager@cardiolabs.co.nz. We will respond as quickly as possibly (our target response is 5days) and handle all complaints in a way that is fair and consistent.

Share by: