Privacy Policy
1. ABOUT THIS POLICY
At Beyond Radiology, we are committed to protecting the privacy and confidentiality of personal information affiliated with our services and activities.
We are subject to several obligations to protect the privacy, security, and confidentiality of personal information under the Privacy Act 2020 and the Health Information Privacy Code.
The purpose of this policy is to clearly communicate how we collect and manage personal information.
The point of contact for any queries regarding this policy is the Privacy Officer by email to: admin@beyondradiology.co.nz or by writing to: The Privacy Officer, Beyond Radiology, 110 Grafton Road, Grafton, Auckland 1010.
We provide free copies of this policy for patients and staff to access, which can be located on our website.
2. TYPES OF PERSONAL INFORMATION
To provide patients with adequate health care services, we need to collect and use personal information. It is important to be aware that if we receive incomplete or inaccurate information, we may not be able to provide our services as requested.
The types of personal information we collect includes but is not limited to current (and sometimes historical) information about:
- Name
- Gender
- Date of birth
- Contact details including phone number, address, and email address
- Payment-related information including credit cards details, banking details
- Communications and interactions with us
- Relevant feedback, complaints, and claims
Additionally, in relation to patients:
- Requesting practitioner details
- Results copy recipients
- Insurance details including private health fund details and Workcover claim details
- Healthcare identifiers
- Medical history and other health information including but not limited to, imaging history, test results, medical conditions, treatments, allergies, pacemaker use, claustrophobia, implants, medications, and use of health services
- Where relevant, family history and lifestyle information, which may include information about your work, relationships, religion, beliefs, ethnic background, sexual preference/activity, and genetic information
- Preferences in respect of health services
- ACC claim number (if applicable)
Additionally, in relation to job applicants and staff:
- Qualifications, skills, experience, and character
- Screening checks (including health, reference, background, directorship, financial probity, identity, eligibility to work, vocational suitability and criminal record checks)
- Performance, conduct, use of our IT communications recourses, payroll matter and training
- IRD number
Additionally, in relation to other healthcare providers:
- Healthcare identifiers
- Referral trends
- IT system details
3. COLLECTION & RETENTION OF PERSONAL INFORMATION
Personal information will in many circumstances be collected directly from you, for example via patient forms, over the phone or from face-to-face consultation.
In other instances, we may collect personal information about a patient from a third-party source. This may include but is not limited to:
- Relatives and personal representatives; and
- Other health service providers such as general practitioners, specialists, hospitals, day clinics and other medical imaging practices
We may also collect personal information from parties to whom personal information as described below.
The circumstances in which we may collect personal information from a third-party source include where the patient has provided consent, where it is not reasonable or practical to collect the information directly and where otherwise permitted by the law. This may include where the patient’s health is potentially at risk and his/her personal information is needed to provide them with emergency medical treatment.
We endeavour to store and retain a patient’s personal information securely either using our own facilities or with the assistance of our service providers. This includes:
- In paper-based form and other hard copy documents located securely within the practice and at secure storage facilities; and
- In electronic records in a secure environment
4. PURPOSES OF COLLECTION, USE & DISCLOSURE OF PERSONAL INFORMATION
Personal information is important to our ability to provide health care. For example, we may need to collect, use, and disclose your personal information for the purpose of:
- Assessing your health status
- Providing a diagnostic imaging report about your health
- Working with and referrals involving other healthcare providers in connection with your medical care, including medical practitioners, nurses, allied health professionals, pathology services, physiotherapists and outpatient or community health services
We may also collect, use, and disclose personal information for other purposes including:
- Sending out appointment reminders
- Invoicing, billing, account management and debt recovery
- Verifying your identity and personal information
- Maintaining and updating our records
- Other administration, management, quality control and improvement of our services and operations including accreditation, audits, risk and claims management, patient satisfaction surveys and staff education and training
- Medico-legal matters including medical indemnity insurance
- Conducting research in accordance with privacy requirements (which may involve, for example, consent, de-identification, or ethics committee approvals)
- Recruiting and managing our staff, including considering job applicants for alternative and subsequent positions
- Facilitating acquisitions and potential acquisitions of our business, and
- With your consent or where otherwise required or authorised by the law
- Medico-legal matters including medical indemnity insurance
- Conducting research in accordance with privacy requirements (which may involve, for example, consent, de-identification, or ethics committee approvals)
- Recruiting and managing our staff, including considering job applicants for alternative and subsequent positions
- Facilitating acquisitions and potential acquisitions of our business, and
- With your consent or where otherwise required or authorised by the law
In addition to healthcare providers as described above, we may provide your personal information to other third parties. These third parties may include:
- Parent(s) – (if the patient is under the age of 18)
- Guardians
- A person exercising a patient’s power of attorney under an enduring power of attorney
- Insurers including private health funds
- Government agencies such as the Ministry of Health and WorkSafe as appropriate
- Community and government cancer and disease screening programs
- Our service providers including providers of archival, auditing, accounting, legal, banking, payment, debt collection, delivery, data processing, data analysis, document management, information broking, research, investigation, insurance, website, and technology services
Additionally, in relation to job applicants and staff:
- Academic institutions
- Referees
- Screening check providers (including law enforcement agencies)
- Professional and trade associations
- Your current, previous, and prospective employers
- Providers of payroll, superannuation and KiwiSaver, staff benefits, surveillance, and training services
Some of the third parties described above may be in other countries. We are required to comply with strict privacy requirements where we disclose personal information to recipients outside New Zealand.
We are subject to many laws in providing our services, and sometimes we may collect, use, and disclose personal information as required or authorised by or under those laws including the Privacy Act 2020. We may also need to respond to subpoenas and comply with mandatory reporting and disclosure requirements pursuant to applicable law.
5. HEALTHONE
South Island Patients Only – please note that this organisation is accessing healthcare information from HealthOne.
HealthOne is a South Island based secure electronic record that allows registered healthcare providers directly involved in your healthcare , to quickly access information such as your test results, allergies, medications, GP summaries and hospital information. HealthOne adheres to the principles of the Privacy Act 2020 as well as the Rules set out in the Health Information Privacy Code 2020. Access is only possible via an approved highly secure healthcare information network which is regularly audited and tested. Privacy auditing is used to check that only those directly involved in your care are accessing your information. To find out more about HealthOne please visit https://healthone.org.nz/ . Please note that you are entitled to restrict the sharing of your healthcare records by contacting 0508 837 872 or emailing HealthOne.privacy@pegasus.health.nz
6. OUR WEBSITE
If you use our website to read, browse or download information, our system may record information such as the date and time of your interaction, the pages accessed, and any information downloaded. This information is used for statistical, reporting and website administration and maintenance purposes.
Like many other websites, our website may use ‘cookies’ from time to time. A cookie is a piece of information that allows our system to identity and interact more effectively with your browser. The cookie helps us to maintain our continuity of your browsing session and remember your details and preferences when you return. You can configure your web browser software to reject cookies however some parts of our website may not have full functionality in that case.
Our website may use Google services such as Google analytics from time to time. For more about how Google collects and processes data, please see Google’s privacy policy and their information at: www.google.com/policies/privacy/partners/.
Our website may contain links to other sites. We are not responsible for the privacy practices or policies of those sites.
Please be aware that there are inherent risks in transmitting information across the internet and we cannot guarantee the security of information sent to us online. If you are concerned about sending information of a sensitive nature to us online, you may prefer to contact us by telephone or mail.
7. ACCESS AND CHANGES TO PERSONAL INFORMATION
You can contact us to request access or changes to your personal information that we hold. Please provide as much details as you can about the information you seek, to help us locate it.
We will respond within a reasonable period and may need to verify your identity
We may charge reasonable expenses in supplying the requested information, subject to legal requirements.
We will provide our reasons if we deny any request for access or to correction of personal information where we decide not to make a requested correction with the information.
8. COMPLAINTS HANDLING
Should you wish to make a complaint about how we have treated your personal information or privacy generally, please contact us.
Your complaint will be investigated, and a response will be sent to you as quickly as possible. We will endeavour to respond to you promptly, generally within 14 days. We may request additional details from you about your complaint and may need to engage or consult with other parties to investigate and deal with your issue. We will keep records of your complaint and any resolution.
If you are dissatisfied with the response provided, you can refer the matter to the Office of the Privacy Commissioner via investigations@privacy.org.nz or https://privacy.org.nz/your-rights/making-a-complaint/complaint-form/.
9. REVIEW OF POLICY
We may modify or amend this policy at any time and for any reason, including to address any legislative change. Any material changes to this policy will be posted prior to their implementation.
Updates to this policy will be published on our website (beyondradiology.co.nz) for our patients and staff.
Last updated: December 4, 2024
Beyond Radiology NZBN 50002250340