PRIVACY POLICY

PRIVACY POLICY

Maintaining the privacy of your health information is a vital part of our practice. If you have any questions about our Privacy Policy, you can contact our Privacy Officer at NeuroHealth.

We also encourage you to check out the Privacy Commissioner’s webpage, including their Privacy and Health webpage, for more information about Health Information Privacy in New Zealand.

NeuroHealth Privacy Policy

We respect the confidentiality of our client’s personal information and take privacy seriously.

As a healthcare provider, NeuroHealth may collect, use, and disclose personal information relating to its clients to provide healthcare services and information relating to contractors, suppliers, and employees in the performance of its business activities. 

NeuroHealth manages the personal information we collect in a fair and transparent manner. We appreciate the sensitive nature of personal information and place a high importance on managing it in accordance with relevant legislation, particularly the Health Information Privacy Code 2020, the Privacy Act 2020, other relevant legislation, and the Information Privacy Principles in relation to the collection, storage, use, and disclosure of records containing individuals’ Personal Information.

Definitions 

  • Personal Information means information about an identifiable individual. 

  • Collection of personal information: 

    • NeuroHealth may collect Personal Information for a lawful purpose connected with a function or activity of NeuroHealth.  

    • A person who collects Personal Information on behalf of NeuroHealth must comply with this statement.  

    • Collecting personal information allows us to confirm the identity of our clients and the people we communicate with for business. This information allows our clients to securely access our online services, book services with ease and communicate with us about their health needs.  

  • Sensitive information is a sub-set of personal information that is given a higher level of protection. Sensitive information can include information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information.

Personal information that may be collected 

The type of personal information collected will likely vary depending on the business purpose, activity, funding type and/or services for which you are engaged with NeuroHealth. We only collect information required for us to perform one or more of our functions or activities, as outlined in the Collection of Personal Information below. 

Personal information collected by us may include:  

  • Contact information – name, date of birth, address, email address, telephone numbers, next of kin/emergency information.   

  • Unique identifiers – an identifier assigned to an individual by another agency, such as ACC claim numbers, NHI numbers, etc.   

  • Employment information – employment history, work performance.   

  • Information to assist with the management of client and business relationships. 

Sensitive information that may be collected 

The types of sensitive information we collect includes information about your health, including:

  • Your medical history,

  • Information about any health services that are being provided, or have been provided, to you; or

  • Information about you which is collected before or in the course of, and incidental to, the provision of any of our Services to you.

How information is collected by NeuroHealth 

Personal information will be collected from the individual it relates to and in compliance with the Privacy Act and HIPC 2020. An exception would be where you (the individual) have provided authority/consent to collect the information from someone else.  

How we collect personal information will vary depending on the business purpose, activity, funding type and/or services for which you are engaged with NeuroHealth.  

Personal information may be collected through the following means:  

  • Face-to-face and over the phone from you 

  • When you enquire about a service through our website  

  • When you send an email or enquiry to us 

We may also collect information about you from another source if:  

  • You have given authority for us to collect your information from another source or  

  • You have given consent/authority to another source to share the information with us, e.g., as part of your rehabilitation or pre-employment assessment (ACC, third-party insurers, other rehabilitation providers) or  

  • The information will not be used in a form that identifies you or  

  • The Privacy Commissioner has authorised the collection of information in this manner.   

In addition to collecting and storing necessary information to communicate with our clients about their health concerns, NeuroHealth also stores names, addresses and contact details of contractors, suppliers, employees, and other parties we interact with related to business activities. The same privacy statement applies to this information.  

Automatic collections of personal information 

When you visit our websites or use our services, some information about you is automatically collected.  For example, to improve the usefulness of our website, our servers may collect your browser type, operating system, Internet Protocol (IP) address, domain name, and/or date/time stamp for your visit. Some of this information is also collected using cookies and similar technologies, including Google Analytics. The Google website provides more information about how cookies operate, how Google uses your data, and how you can opt out.  We recommend you accept the use of cookies, if you reject or erase the cookies, some of our services may not function properly or be fully available.

Possible uses of personal information at NeuroHealth

Personal information allows us to confirm the identity of our clients and people we communicate with for business. This information is used to verify your identity, assist in the safe provision of services, and is meant to satisfy our contractual, professional and legal obligations.  

Personal information may be used under the following conditions:  

  • For the safe and complete delivery of services related to your clinical care.  

  • In the performance of NeuroHealth’s business activities. 

We also collect, use and store personal information to enable us to;  

  • Comply with various contractual, professional, and legal obligations. 

  • Assess and manage risks to the health, safety and wellness of our workers, clients, and the wider community. 

  • Provide services and business activities associated with these services.  

    • Neuropsychological Assessment

    • Injury Rehabilitation and Assessment 

    • Psychology and Counselling  

Possible uses of sensitive information at NeuroHealth

We only collect, hold, use and disclose sensitive information for the following purposes:

  • Any purposes you consent to;

  • The primary purpose for which it is collected, which is to provide our Services to you;

  • Secondary purposes that are directly related to the primary purpose for which it was collected, including disclosure to the below listed third parties as reasonably necessary to do business with you;

  • To contact emergency services, or to speak with your family, partner or support person where we reasonably believe there is a serious risk to the life, health or safety of you or another person and it is impracticable for us to obtain your consent; and

  • If otherwise required or authorised by law.

Disclosure or sharing of personal information

NeuroHealth will only share personal information if we are using it for the reason we collected it if you’ve given your authorisation, or where there are other legal or compliance reasons.  

We will only disclose your personal information where we reasonably believe one of the following applies:  

  • The disclosure is in connection with, or directly related to, one of the purposes for which it was obtained. 

  • The disclosure is to you or authorised by you. 

  • The disclosure is necessary to facilitate the sale of a business as a going concern.  

  • The information is to be used in a form in which you are not identified. 

  • The disclosure is necessary for court proceedings. 

  • The disclosure is required or authorised by law. 

  • The information was obtained from a public source. 

  • We reasonably believe that the disclosure is necessary to prevent or lessen a serious and/or imminent threat to the public or any person. 

  • The disclosure is authorised and conducted in accordance with the guidelines approved by the Privacy Commissioner.  

Examples of disclosures of personal information (depending on the services under which you are engaged or enrolled) may include disclosures to:  

  • Your authorised health practitioners 

  • Limited disclosure to our professional advisors (such as accountants and lawyers) 

  • Government or third-party service partners (such as ACC, Apex NZ, Cliniko) in relation to carrying out the service you've requested and take actions connected to the purpose of collection 

We may de-identify personal information we have collected for use and disclosure to organisations outside of NeuroHealth for the purposes of analysing our service quality and timeliness, marketing and compilation or analysis of statistics comprised of, or related to the information you provide us. De-identified information may also be used internally for business analysis and educational purposes. While we store personal information in New Zealand, where we disclose your personal information to the third parties listed above, these third parties may store, transfer or access personal information outside of New Zealand, including but not limited to, Australia. We will only disclose your personal information overseas in accordance with the New Zealand Privacy Principles.

HealthOne

As of the 14th of November 2024, please note that this organisation is contributing to and accessing healthcare information from HealthOne.  

 What is HealthOne?

  • HealthOne is a South Island based secure electronic record that allows registered healthcare providers directly involved in your healthcare, to quickly access information such as your test results, allergies, medications, GP summaries and hospital information. HealthOne adheres to the principles of the Privacy Act 2020 as well as the Rules set out in the Health Information Privacy Code 2020.  Access is only possible via an approved highly secure healthcare information network which is regularly audited and tested.  Privacy auditing is used to check that only those directly involved in your care are accessing your information. 

  • To find out more about HealthOne please visit https://healthone.org.nz/.  Please note that you are entitled to restrict the sharing of your healthcare records by contacting 0508 837 872 or emailing HealthOne.privacy@pegasus.health.nz  

Other people’s information which you provide to us 

If you provide personal information to us about someone else, you must ensure that you are entitled to disclose that information to us and that, without us taking any further steps required by privacy laws, we may collect, use, and disclose such information for the purposes described above. For example, you should take reasonable steps to ensure the individual concerned is aware of the various matters detailed in this policy as those matters relate to that individual, including our identity, how to contact us, our purposes of collection, our information disclosures practices, the individual’s right to obtain access to the information and the consequences for the individual if the information is not provided. 

Keeping your personal information safe and secure 

NeuroHealth will take all reasonable steps to ensure that data is secure and will maintain generally accepted standards of technology and operational security to protect Personal Information from loss, misuse, alteration, or destruction. Any person acting on behalf of NeuroHealth will not transfer Personal Information to an individual without first establishing the identity of the recipient using a personal identifier and/or cross-check.   

All personal information is stored securely in specialised software in the cloud or in a secure server environment. Information is only accessed by authorised persons for the purposes related to the services provided or anonymised reporting.  

NeuroHealth will take reasonable steps to destroy or permanently de-identify personal information (such as a job applicant's resume) if it is no longer needed. NeuroHealth will comply with all legislations that mandate certain time periods that we must hold your information for.  

If you want to request access to your personal information 

If NeuroHealth holds Personal Information about you, we will comply with legislative obligations to let you know what information we have on record.  You can request access to your personal information or someone else’s personal information (as long as you have the correct authority). Requests will be acknowledged as soon as possible but within 20 working days.  

You can contact us to request access by: 

Upon requesting access to your personal information, you will be sent a form requesting a photo identification. We must be able to verify your identity to provide you with access to your information.  

If the requested information is more clearly connected to another agency's functions and activities, the request will be transferred (within ten working days) to that agency.

In limited situations, a request for access may be denied or restricted access given. We will provide reasons in writing for any refusal or limitation of access with information on how to complain. Grounds for refusal could include: 

  • Where providing access will pose a serious threat to life or health of any individual or pose an unreasonable impact on the privacy or an individual; 

  • Your request for access is frivolous or vexatious; 

  • Where the information relates to existing legal proceedings between NeuroHealth and you, and the information would not be discoverable in the process of those legal proceedings; 

  • Where providing access would be unlawful, may prejudice an investigation of possible unlawful activity, may prejudice enforcement of laws, or denying access is specifically authorised by law. 

If you have any concerns regarding the above, you can email our Privacy Officer at  admin@neurohealth.co.nz

Requesting a correction of your personal information 

NeuroHealth takes reasonable steps to ensure that the Personal Information we collect, use, or disclose is accurate, complete, and up to date. If the information we have on record for you is not accurate, complete, and up to date, we will take reasonable steps to correct it. We may require evidence that the information we have is inaccurate, incomplete, or out-of-date.  

You can request us to correct your information by:   

We will respond to your request within 20 working days. If the information we hold is confirmed to be factually incorrect, we will: 

  • Update the information on your file. 

  • Send the corrected information to any third party who may have received the incorrect information.  

  • Let you know we’ve made the change.   

Sometimes, we may not be able to make the change you’ve requested. This is usually because it relates to clinical opinion, e.g., medical assessment or psychological formulation. In this instance, we will:  

  • Provide you with written information on why we can’t make the change and provide you with information on how to complain.  

If we cannot make the change you requested, you can choose to provide a written statement of correction, which we will attach to your file. This will record your request for correction, but we have not made the change. 

If you have any concerns regarding the above, you can email our Privacy Officer at  admin@neurohealth.co.nz

Privacy concerns or complaints 

We are happy to discuss with you any concerns regarding the management of personal information or any information about our privacy statement.  

You are entitled to complain if you think we have breached the Privacy Act, Information Privacy Principles, or Health Information Privacy Code 2020.  

Let us know of your concerns or complaints by: 

  • Phoning us on 0272250229

  • Using our website contact portal for NeuroHealth here.

  • Emailing our Privacy Officer at admin@neurohealth.co.nz.   

We will acknowledge your complaint within 5 working days.   

We will investigate the complaint and attempt to resolve it within 10 working days of receiving it. If we cannot conclude the complaint within this timeframe, we will provide you with information on how long we think it will take to investigate and respond and keep you updated regularly. 

If you are not satisfied with the response or the outcome of the complaint, you can appeal to the Privacy Commissioner. 

Updates to NeuroHealth privacy policy

We may amend or update this Privacy Policy from time to time with or without notice to you. 

Last updated: 14.11.2024