Privacy Policy

---

HEALTH INFORMATION PRIVACY STATEMENT

This practice is a member of Tū Ora Compass Health Primary Health Organisation (PHO).

This statement explains how we collect, use, store, and share your health information, and the rights you have in relation to that information. We are required to keep your information accurate, up to date, relevant for your treatment and care, and secure.

Your health record belongs to you. You can see it, ask us to correct it, and find out how it’s

been used.

You directly consent to your health information being collected when you sign an enrolment form to register with this practice.

When we collect your information

We collect health information about you when:

• You enrol with this practice

• You attend an appointment or receive care

• We receive information about you from other health services involved in your care

What information we collect

We may collect the following information:

• Demographic information – such as your name, date of birth, gender, address, ethnicity, citizenship status, and National Health Index (NHI) number

• Health information – such as medical conditions, medications, allergies, immunisations, test results, and clinical notes

• Information about health care and treatment you have received, are receiving, or have been referred for

• Information about financial transactions with the practice

How we collect information

Information collected directly from you

We usually collect information directly from you. We will explain why the information is needed, how it will be used, and any choices you have about it’s use.

Information collected from other sources

We may also collect health and personal information about you from other sources where this is lawful, appropriate, and necessary for your care.

These sources may include:

• Other health care providers involved in your care (such as hospitals, specialists, urgent care centres, telehealth services, midwives, allied health providers, Well Child/Tamariki Ora providers, laboratories, and radiology services). This may use the HealthOne information platform (see below for further information)

• National health information systems, such as the National Enrolment Service (NES), Aotearoa Immunisation Register, National Screening Unit (cervical, bowel, breast and newborn screening programmes), and e‑prescribing systems

• Pharmacists and pharmacy services, including information about medicines prescribed or dispensed

• Public health authorities, where reporting is required by law (for example, notifiable conditions)

• Whānau, carers, or support people, where you have given consent or where this is necessary for your care and safety

• Government agencies or authorised organisations, where collection is permitted or required by law (such as police notification of firearms license)

If you provide a service with our details as your medical centre (for example, audiology, optometry, dentistry, or physiotherapy), we may receive information about your health care from that service.

If we receive information about you indirectly that is not included in the scenarios above, and it isn’t clear you know it has been shared with us, then we will take reasonable steps to inform you about what we have received.

How we use your information

Your health information may be used to:

• Provide you with safe and effective health care

• Assign and manage your National Health Index (NHI) number

• Check eligibility for publicly funded health services

• Support and delivery of PHO and publicly funded health programmes (such as screening, immunisation, and chronic condition management)

• Support health service planning, funding, reporting, and quality improvement

• Process funding claims and payments

Who we share your information with

We may share relevant health information with:

• Other health providers involved in your care, such as pharmacies, hospitals, specialists, laboratories, and radiology services. 

• Tū Ora Compass Health PHO, Health New Zealand, Ministry of Health for planning, funding, and delivery of health services

• ACC, with your consent or where it is permitted by law

• Government agencies that assess eligibility for publicly funded services

• Auditors, to confirm services and funding claims

• Other organisations at your request, such as insurers or agencies requiring medical reports

• Other parties where sharing is required or permitted by law under the Health Information Privacy Code

Information shared for planning, funding, or statistical purposes is not allowed to be published in a way that could reasonably identify you.

Research

Health information that does not identify you may be used for research that has been approved by an Ethics Committee

Shared health records

This practice contributes to an electronic shared health record that allows authorised health providers to access a summary of your health information when needed for your care.

You can choose to:

• Opt off the shared record entirely

• Exclude information from specific providers

• Exclude specific information (such as a condition or medication)

• Please talk to us if you would like to limit what is shared in this record. Opting out may mean clinicians have less information in urgent situations.

Artificial Intelligence

We may use AI‑supported tools to assist clinicians with tasks such as making clinical notes during your consultation. These tools do not make decisions about your care. Information processed by AI is secure and reviewed by a clinician before being added to your record. You can ask for more information about the AI tools we use, or for these tools to be turned off during your consultation.

Your choices

You can talk to us if you want to limit how your information is used. Some uses are required by law or necessary for safe care, and we will explain any impacts on your care or access

to services.

For people under 16, we follow health and privacy laws to decide when information can be shared with parents or caregivers. Information may be withheld if sharing would place a young person at risk.

Visiting another practice

If you are under 18, or have a High User Health Card, or Community Services Card, and you visit a GP who is not your regular doctor, the place you are enrolled with for usual care will be informed of the date of that visit. The name of the practice you visited and the reason for the visit will not be disclosed unless you have agreed to this.

Accessing and correcting your information

You have the right to:

• Access the health information we hold about you

• Request corrections if information is incorrect or incomplete

We may need to confirm your identity before releasing information. If we cannot make a requested correction, we will explain why and add a note to your record.

If you ask for a second copy of the same information within 12 months, there may be an administration fee.

Storage, security, and retention

Your health information is stored in our practice management and IT systems. When information is shared with organisations such as the PHO, shared health records, or Health New Zealand, we use secure systems that meet the HISO 10029:2022 Health Information Security Framework.

We keep your information for as long as required by law. Paper records may be securely destroyed once they have been safely digitised.

If something goes wrong

If a privacy breach occurs that could affect you, we will notify you and, where required, the Office of the Privacy Commissioner.

Questions or concerns

If you have questions or concerns about how your information is handled, please talk to

us. If you are not satisfied, you can contact the Office of the Privacy Commissioner on

0800 803 909 or visit www.privacy.org.nz.

This statement may be updated from time to time. The most current version will be available at the practice and on our website.

April 2026