Privacy statement

Southern Cross Healthcare Limited

Your privacy is important to us

Visitor help

Send a greeting
Click here to send a greeting

How to find us
Click on the map below

How to find us

Privacy Statement

Manuka Street Hospital (MSH) (“we”, “our” or “us”) is committed to safeguarding the privacy of patient information. We have a legal obligation to comply with the Privacy Act 2020 (”the Act”), the Information Privacy Principles (“IPPs”) under that Act, and where health information is involved, the Health Information Privacy Code 2020 (“the Code”). More information regarding these laws available on the NZ Privacy Commission website (www.privacy.org.nz).

Under the Act, organisations that are in possession of an individual’s ‘personal information’ must observe certain restrictions and standards concerning the collection, use, disclosure, and security of that information. Personal information is defined by the Act as ‘information about an identifiable individual’.

What we are allowed to collect and why

Personal details, medical history, and test results so that we can provide medical treatment and advice while you are being treated as a patient and potentially after discharge if needed. Unless unreasonable or impractical to do so.
Personal details include: your name, email and postal address, date of birth, contact details, occupation, the name of your GP, emergency contact details, and other personal details (such as health insurance details if applicable), your NHI number, medical history, family medical history and health information such as medical test results, diagnosis and treatments in order for us to open a hospital record.

For credentialled and independent medical practitioners

We collect personal information such as name, contact details, competency, experience, relevant health information, professionalism and performance to ensure practitioners are sufficiently qualified and safe to operate on patients.

How we protect your information

  • Development of this Privacy Statement to ensure you are aware of the information that is collected
  • How we store the information
  • The purpose for which we collect, hold, and disclose personal information
  • How you can gain access to personal information we hold and seek its correction
  • How you may complain about possible breaches of privacy, and how complaints will be handled

Health and safety

Some information such as contact details, are collected for health and safety purposes and assist in helping us keep the safety and security withing the hospital.

  • Staff members use the Kronos clock to record how long and when they are on the hospital site.
  • Contractors use the Health Safe Source Pass system to record how long and when they are on the hospital site.

How do we use personal information

Personal information is only disclosed for the purpose in which it was collected or if you have authorised the information to be shared or permitted/required to do so by law.

Your personal information is used for:

  • Confirm your identity
  • Provide you with clinical treatment
  • Enable credentialled and independent medical practitioners to practice within MSH
  • Paying accounts, invoices or generating bills
  • Investigate and resolve complaints concerning the provision of services
  • To comply with legislative and regulatory requirement and provisions
  • Perform administrative functions including accounting, risk management and record keeping

How do we collect personal Information

When it is reasonable and practicable to do so, we will collect your information from you directly, through telephone contact, email, form that you have completed and submitted back to us, and visits to MSH.

As one of our credentialled medical practitioners this occurs through applying to become credentialled with us, so as to enable you to treat patients within our hospitals; and through the use of your user name and log in details to use electronic patient records.

As an staff member of Southern Cross Healthcare Limited, or if you apply for employment with us. When you browse our website, you may do so without providing any personal information. However, where you voluntarily provide personal information (e.g. via an email to us or by completing a request online via our website) we are required to manage your information safely and with respect as per the Act and the Code.

We use Closed Circuit television Surveillance (“CCTV”) in certain parts of our hospitals to maintain the safety and security of property, patients, staff and visitors. These CCTV systems may but not always, collect and store personal information.

Third Party Information

To assist in providing your clinical care personal information my by collected from medical practitioners and/or other healthcare service providers/external agencies, your treatment funder, and any other third party authorised by you (whanau, power of attorney).

When we collect personal information about you from a third party (such as another health services provider) you will have already given that third party your consent to share personal information with us for the purposes of carrying out your treatment, or we may contact you directly to obtain your consent to access this information.

If you do not provide the personal information we request or do not consent to our collecting that personal information from third parties, then depending upon the type of personal information concerned, we may not be able to provide you with appropriate treatment or care.

Use and disclosure of personal information

We will disclose your personal information for purposes directly related to your treatment and ongoing care. This may include, but is not limited to, your nominated general practitioner (GP), another treating health service/hospital, specialist for a referral, for pathology tests and x-rays.

If you do not want your personal information disclosed to your nominated GP, please let us know.

By law, if subpoenaed, we would be required to provide your personal information as evidence in court.

We cannot use your personal information for direct marketing purposes unless authorised by you.

Staff may convey general information about your condition while in hospital to your next of kin, in accordance with the accepted customs of medical practice, unless you request otherwise.

Our policies and procedures ensure our staff treat your personal information confidentially and discreetly.

In summary, we will only disclose your personal information to third parties:

  • if you have given us your consent to do so;
  • to people or entities such as:
    • (if you are a patient) your medical practitioner or GP and/or other healthcare service provider;
    • government, law enforcement or statutory bodies;
    • treatment funders, where the information is required as part of a treatment settlement or associated audit;
    • if the situation is an emergency and consent is not required.
  • to other Southern Cross branded businesses for the sole purposes of: (a) fraud prevention, detection and investigation; and (b) redirecting claims and other correspondence that we reasonably believe to be intended for another Southern Cross branded business;
  • to any third party authorised by you; and
  • where it is permitted by law.

Any use of your information by that third party is limited solely to the purpose of that third party.

There may be occasions when your information is used or disclosed in other circumstances which are permitted by the Act, the Code or other laws.

Your Consent

As a patient you should note that by commencing or continuing your relationship with us, you are taken to have authorised the collection and disclosure of personal information, including health information, by us from and to third parties as detailed in this Privacy Statement. You do not have to provide us with your personal information. However, depending on the circumstances, this may prevent us from being able to provide our services to you.

Credentialled and medical practitioners, do not have to provide us their personal information, however this will prevent us from being able to provide you access and the ability to practice within our hospital.

Storage of information

Personal Information is stored in a variety of ways, including paper and electronic formats. Access is controlled through identity and access management. By law we are required to hold all health information for a period of 10 years. We store all electronic data in secure data facilities located in either NZ or Australia, these facilities are either owned by Southern Cross or our external service providers. All personal information is held in secure locations with access limitations. Our computer-based information is protected through the use of access passwords on each computer. Data is backed up daily. We employ firewalls, intrusion detection systems and virus scanning tools to protect against unauthorised persons and viruses entering our systems.

Where personal information is transferred by you to us over the internet, we cannot guarantee that a transmission of information is always secure, and while we maintain the highest security measures, we cannot ensure information sent by you is secure and therefore it is transmitted by you at your own risk.

We use a secure disposal system for the destruction of hard copy records containing personal information that does not need to be retained. All electronic documents are retained securely in our system.

We will take all reasonable steps to protect the personal information of patients and credentialled medical practitioners from misuse, interference, loss, unauthorised access, modification or disclosure in accordance with the Act and the Code.

When we no longer need your personal information for a purpose for which it may be used or disclosed by us, we will take steps that are reasonable in the circumstances to destroy that information or make sure it is anonymised. We do not need to destroy or anonymise information that we are required to retain by a New Zealand law or a court/tribunal order.

Access and Correction

You may request access to and/or correction of any of the personal information, including your medical records that we hold about you. To enable us to process your request, we ask that you contact us in writing or by email and state:

  • your name;
  • your date of birth; and
  • the kind or type of information that you are requesting access to.

If you wish to correct that information, we may require proof that we have incorrect information held about you (i.e. such as statement from a doctor).

The type of information held generally includes the following:

  • a record of your hospital procedures and medical history, and;
  • the name of your medical practitioner who is providing or has provided treatment to you, if you are our patient;
  • details relating to your credentialling with us, if you are a medical practitioner working within our hospitals;
  • for some people, information relating to their treatment insurance cover and audit requirements.

Details of what kind of information we hold and for what purpose can be obtained by emailing us. You can also request information as to how we collect, use, store, and disclose your information.

We will acknowledge a request for access and respond to your request as soon as reasonably practicable and no later than 20 working days from the date the request is received unless we have extended the time limit for responding to your request in accordance with the provisions of the Privacy Act. We may recover from you the reasonable costs of providing access to your personal information. We do not charge you for receiving or processing a request to correct or update your personal information. Access to the information will either be in the form of copies or by allowing you to view the information.

Where your access request may result in disclosure of personal information and, in particular health information, about other individuals, the request for access must be in writing with appropriate consents or a declaration that consent has been given before the personal information is released.

If you establish that the personal information, we hold about you is not accurate, complete or up-to-date, we will take reasonable steps to correct the information on being provided sufficient evidence to correct or change the information. Please assist us to keep accurate details by informing us whenever your personal details change or whenever you become aware that our records are inaccurate.

There are certain circumstances permitted under the Privacy Act where we might not be able to fulfil your request. If that happens, we will provide reasons in writing for the denial or limitation on access and the options available to you to dispute the refusal, and we will inform you of any exceptions relied on under the Act. If we don’t allow you to access or correct your personal information, and you disagree with our decision, please contact us using the contact details set out at the end of this Privacy Statement.

We will investigate your complaint and respond to you as quickly as possible (usually within 30 days of hearing from you). If your complaint takes longer to resolve, we’ll let you know how the investigation is progressing.

No Marketing.

We do not rent, sell or lease our customer information to third parties.

Privacy complaints

Any complaint of an alleged breach of the Privacy Act should be directed to our Privacy Officer or Quality Risk and Safety Manger. The Privacy Officer for MSH is the Chief Executive Officer (CEO).

Complaint can be emailed to MSH at: admin@manukastreet.org.nz Attention: QRSM or CEO.

If you are not satisfied with how we have dealt with the complaint, you may contact the Privacy Commissioner at:
Privacy Commissioner
Level 13, WHK Tower
51-53 Shortland Street
Auckland 1140
New Zealand
Telephone 0800 803 909
Email enquiries@privacy.org.nz

Changes to the Privacy Statement

This Privacy Statement was last updated in August 2024 and is subject to ongoing review. You may also obtain a copy of this statement on the Manuka Street Hospital website.