Privacy Statement for Clinical Workstation

Southern Cross Hospitals Limited

Introduction

Southern Cross Healthcare Limited ("we", "our" or "us") has a legal obligation to comply with the Privacy Act 1993 (”the Act”), the New Zealand Privacy Principles ("NZPPs"), and where health information is involved, the Health Information Privacy Code 1994 (“the Code”).

Under the Act, organisations that are in possession of an individual's 'personal information' must observe certain restrictions and standards concerning the collection, use, disclosure, and security of that information.

Personal information is defined by the Act as ‘information about an identifiable individual’.

We may collect certain personal information from you in the course of providing our services to you.

We have an obligation to collect personal information about you directly from you, unless it is unreasonable or impracticable to do so. If we have collected personal information about you, we must take steps as are reasonable in the circumstances to ensure that you are aware that we have collected your information and what we intend to do with it.

We have developed this Privacy Statement for medical practitioners who are credentialed with us and who wish to use Clinical Workstation to inform you about:

  • the kind of personal information that we collect and hold;
  • how we collect and hold personal information;
  • the purposes for which we collect, hold, use and disclose personal information;
  • how you can gain access to personal information we hold and seek its correction;
  • how you may complain about possible breaches of privacy, and how that complaint will be handled; and
  • whether we are likely to disclose your information overseas, and if so, to which countries we are likely to disclose your information.


How do we use your personal information?

We use personal information for the following purposes:

  • to confirm your identity;
  • to enable you, as a credentialed medical practitioner to work within our hospitals and treat our patients;
  • to offer applications (often referred to as an ‘App’) containing patient health information to medical practitioners, in order for that medical practitioner to review their patient’s health information and enable either our clinical staff, or a patient’s medical practitioner to provide timely medical treatment to their patient (note that any mobile App has a secure user consent process to enable those persons to access such data);
  • to generate bills;
  • to investigate and resolve complaints concerning the provision of services;
  • to comply with legislative and regulatory requirements and provisions; and
  • to perform administrative functions including accounting, risk management and record keeping.


What personal information do we collect?

The personal information that we collect to enable medical practitioners to utilise applications such as Clinical Workstation and the mobile app CWS Lite generally includes:

  • your name, your email address and your user name and log in to enable you to have online access to such applications


How do we collect personal information?

Information collected from you

When it is reasonable and practicable to do so, we will collect your information from you directly. We will do this:

  • when you, as one of our credentialed medical practitioners apply to become credentialed with us, so as to enable you to treat patients within our hospitals;
  • when we issue you with your user name and log in details for using Clinical Workstation and/ or the CWS Lite app.


When do we disclose your personal information?

We will only disclose your personal information to third parties:

  • if you have given us your consent to do so;

There may be occasions when your information is used or disclosed in other circumstances which are permitted by the Act, the Code or other laws.


Your consent

By commencing or continuing your relationship with us, you are taken to have consented to the collection of personal information.

You should note that you may withdraw this consent at any time simply by notifying us. However, depending on the circumstances, this may prevent us from being able to provide application services to you.


How personal information is held / security

We are strongly committed to protecting your personal information and your privacy. We have strict information security policies and procedures in place to protect personal information held by us from misuse, interference, loss, and unauthorised access, modification or disclosure.

Personal information may be stored in either hardcopy documents or as electronic data. All our hard copy documents are securely stored within our hospitals with access limitations. Our computer based information is protected through the use of access passwords on each computer. Data is backed up daily and stored in a secure data facility.

We use a secure disposal system for the destruction of hard copy records containing personal information that does not need to be retained. All electronic documents are retained securely in our system.

Our security procedures and policies are audited on a regular basis to ensure they are updated and in accordance with legal requirements and current levels of information security standards and practices.

We will take all reasonable steps to protect the personal information of our customers from misuse, interference, loss, unauthorised access, modification or disclosure in accordance with the Act and the Code.

When we no longer need your personal information for a purpose for which it may be used or disclosed by us, we will take steps that are reasonable in the circumstances to destroy that information or make sure it is anonymised. We do not need to destroy or anonymise information that we are required to retain by a New Zealand law or a court/tribunal order.


Access and Correction

You may request access to and/or correction of any of the personal information that we hold about you. To enable us to process your request, we ask that you email us and state:

  • your name;
  • your date of birth; and
  • the kind or type of information that you are requesting access to.

The type of information held generally includes the following: details relating to your credentialing with us, if you are a medical practitioner working within our hospitals;

Details of what kind of information we hold and for what purpose can be obtained by emailing us. You can also request information as to how we collect, use, store, and disclose your information.

We will acknowledge a request for access and endeavour to respond within a reasonable time. We may recover from you the reasonable costs of providing access to your personal information. We do not charge you for receiving or processing a request to correct or update your personal information. Access to the information will either be in the form of copies or by allowing you to view the information.

Where your access request may result in disclosure of personal information and, in particular sensitive information, about other individuals, the request for access must be in writing with appropriate consents or a declaration that consent has been given before the personal information is released.

If you establish that the personal information we hold about you is not accurate, complete or up-to-date, we will take reasonable steps to correct the information on being provided sufficient evidence to correct or change the information. Please assist us to keep accurate details by informing us whenever your personal details change or whenever you become aware that our records are inaccurate.

In limited circumstances, a request for access may be denied, or restricted access given. We will provide reasons in writing for the denial or limitation on access and the options available to you to dispute the refusal, and we will inform you of any exceptions relied on under the Act.


Overseas Storage of Data

Due to the way in which we store electronic data, in some cases your information is transferred overseas. By signing our patient admission form, you are consenting to us transmitting using secure connections, your information to overseas parties, in appropriate circumstances, if required.

As personal information is often transferred over the internet we cannot guarantee that a transmission of information is always secure, and while we maintain the highest security measures we cannot ensure information sent by you is secure and therefore it is transmitted at your own risk.


No Marketing

We do not rent, sell or lease our customer information to third parties.


Privacy Complaints

You should first direct any complaint of an alleged breach of the Privacy Act to our Privacy Officer. The contact details are as follows:

Southern Cross Healthcare Limited
Level 14, ANZ Centre,
23-29 Albert Street,
Auckland 1010
New Zealand

If you are not satisfied with how we have dealt with the complaint, you may contact the Privacy Commissioner at:

Privacy Commissioner
Level 13, WHK Tower
51-53 Shortland Street
Auckland 1140
New Zealand

Telephone 0800 803 909

Email enquiries@privacy.org.nz