Patient Privacy Policy

Waitemata Cardiology Ltd (WCL) and Waitemata Cardiovascular Imaging Ltd (WCVI) are committed to the protection of patients’ personal information and will comply with their obligations under the Privacy Act 1993.

For the purposes of the Patient Privacy Policy, WCL and WCVI are agencies and encompass:

  • WCL
  • WCVI
  • The individual cardiologists, and
  • The above companies' employees and contractors, including technical, nursing and administrative staff

Our staff will comply with the following rules when collecting, using, storing or disclosing information about patients’ health or the treatment that they are receiving:

Collecting of personal information

Personal information is considered confidential and sensitive by WCL and WCVI. When we collect health information from patients, we:

  • will only collect information for the purpose of treating the patient or for some other lawful purpose;
  • will collect the information directly from the patient unless he/she has consented to us collecting the information from someone else or where the information is publicly available; and
  • we will let the patient know why we are collecting the information, who will have access to the information and that the patient is entitled to access and correct the information. We will not tell patients this if we have collected the same type of information from them before. From time to time we access patients’ information from the Waitemata District Health Board files for clinical care, if necessary.

Using patients' health information

Before using patients’ health information we will do what you can to make sure that the information is accurate and up-to-date. The steps that we will take will vary depending on how old the information is and the risk of relying on inaccurate information in the circumstances.

We will only use patients' health information for the purpose for which we have collected the information, unless the patient has consented to us using the information for another purpose, or one of the other exceptions in the Health Information Privacy Code applies. We will consult our practice’s Privacy Officer (Dr Jonathan Christiansen) before using a patient’s health information without the patient's consent.

Storage and protection of patients' health information

Waitemata Cardiology and their contractors employ all reasonable steps and security safeguards to ensure the protection of patient information. This means keeping the information safe from loss, as well as from unauthorised access, use, modification or disclosure.

All live patient data is exclusively stored locally on Waitemata Cardiology’s in-house servers, with backup data securely stored in offsite data storage. All patient data is retained in New Zealand.

When we transfer patients’ health information to someone else, we will do what we can to prevent unauthorised people from accessing or using that information.

Our practice will keep patients’ health information for as long as we need the information to treat those patients and for a minimum of 10 years from the date treatment was last provided.

Our practice will destroy patients’ health information in a way that ensures the confidentiality of the information. We use an accredited document destruction company for this purpose.

Access to and correction of personal information

Patients are entitled to ask our practice to confirm whether we hold information about them and to access the information, unless we have lawful reasons for withholding the information (as outlined in The Privacy Act 1993).

Patients are also entitled to ask our practice to correct the information that we hold about them.

Disclosing health information

We will not disclose a patient's health information without his/her consent (or the consent of his/her representative) unless we reasonably believe that it is not possible for us to get the patient's consent, and:

  • the disclosure is for the purposes of the patient’s treatment (e.g. a referral);
  • the disclosure is to the patient’s caregiver and the patient hasn’t objected to the disclosure;
  • it is necessary for us to disclose the information to prevent a serious and immediate threat to the patient or another person’s life or health;
  • the disclosure is made for the purposes of a criminal proceeding;
  • the patient is, or is likely to become dependent on a drug that you need to report under the Misuse of Drugs Act or the Medicines Act;
  • the disclosure is to a social worker or the police and concerns suspected child abuse;
  • the disclosure is made by a doctor to the Director of Land Transport Safety and concerns the patient’s ability to drive safely;
  • the use or disclosure is authorised by the Privacy Commissioner; or
  • the information is disclosed in a non-identifiable manner.

We will consult with our practice’s Privacy Officer before disclosing a patient's health information without his/her consent.

Please contact our practice's Privacy Officer, Dr Jonathan Christiansen, if you have any queries about this policy.