Our staff will comply with the following rules when collecting, using, storing or disclosing information about patients’ health or the treatment that they are receiving:
Personal information is considered confidential and sensitive by WCL and WCVI. When we collect health information from patients, we:
Before using patients’ health information we will do what you can to make sure that the information is accurate and up-to-date. The steps that we will take will vary depending on how old the information is and the risk of relying on inaccurate information in the circumstances.
We will only use patients' health information for the purpose for which we have collected the information, unless the patient has consented to us using the information for another purpose, or one of the other exceptions in the Health Information Privacy Code applies. We will consult our practice’s Privacy Officer (Dr Jonathan Christiansen) before using a patient’s health information without the patient's consent.
Waitemata Cardiology and their contractors employ all reasonable steps and security safeguards to ensure the protection of patient information. This means keeping the information safe from loss, as well as from unauthorised access, use, modification or disclosure.
All live patient data is exclusively stored locally on Waitemata Cardiology’s in-house servers, with backup data securely stored in offsite data storage. All patient data is retained in New Zealand.
When we transfer patients’ health information to someone else, we will do what we can to prevent unauthorised people from accessing or using that information.
Our practice will keep patients’ health information for as long as we need the information to treat those patients and for a minimum of 10 years from the date treatment was last provided.
Our practice will destroy patients’ health information in a way that ensures the confidentiality of the information. We use an accredited document destruction company for this purpose.
Patients are entitled to ask our practice to confirm whether we hold information about them and to access the information, unless we have lawful reasons for withholding the information (as outlined in The Privacy Act 1993).
Patients are also entitled to ask our practice to correct the information that we hold about them.
We will not disclose a patient's health information without his/her consent (or the consent of his/her representative) unless we reasonably believe that it is not possible for us to get the patient's consent, and:
We will consult with our practice’s Privacy Officer before disclosing a patient's health information without his/her consent.
Please contact our practice's Privacy Officer, Dr Jonathan Christiansen, if you have any queries about this policy.