Asia Pacific Healthcare Group Privacy Statement
This privacy statement explains how Asia Pacific Healthcare Group (‘APHG’) manages the personal and health information we collect. APHG incorporates Labtests, Wellington SCL, Northland Pathology, Southern Community Labs, Medlab South, Medlab Hamilton, Taranaki Pathology Services and Gribbles Veterinary and Gribbles Analytical. APHG provides group information management services, so when you deal with any of the group you are also dealing with APHG.
APHG facilitates the safe requesting, generation and sharing of lab test results and we are committed to protecting this information in accordance with the law and with the expectations of health consumers and providers. We take our role as a custodian of health information seriously and know that privacy is an important component of consumer and provider trust in our services.
We may update this privacy statement from time to time, to reflect changes to privacy law or our business operations. This privacy statement was last updated in March 2021.
Collecting your information
We need to collect and generate health information about you to deliver lab test services. We always ensure that we collect only the health information we really need to do our job and, where we can, we make sure you can deal with us anonymously (for example when you make general enquiries about our services).
How we collect your information
Most of the health information we collect is provided to us by your healthcare provider when they request our services on your behalf. We also collect health information from you directly when you request our services yourself, complete a lab test request form or make contact with us to discuss your tests. Of course, we also generate health information about you when we’re processing your request and preparing the results.
Information we collect or generate about you to deliver services
We may collect or generate the following health information about you:
> Date of birth
> Address (postal and email)
> Telephone numbers
> Medical history, previous test results and other relevant health information
> Information about your healthcare provider
> Test results prepared in relation to your current request
Information we collect about you when you visit our websites
We may provide third parties with aggregated statistics about website visitors, traffic patterns and related information that we have generated using the cookies mentioned above. We do not link the information to a specific user.
Our websites may contain links to websites operated by third parties. We have no control over the privacy practices of these third parties, so we would recommend that you read the privacy statements of those third parties before using their websites or services.
Where you submit health information via our websites, for example by using eHealth applications, we will handle that information in the same way as any other health information we receive, and in accordance with this privacy statement.
Using your health information to deliver lab test services
In order to deliver effective and efficient lab test services, we must use and share the health information we collect about you. We make sure that your information is used and shared only in ways that support our core purpose, to facilitate the requesting, generation and appropriate sharing of lab test results. Where we need to use your information for wider purposes, such as improving our business or meeting our reporting requirements, we usually anonymise it first.
How we use your information
We will use your health information to:
> understand your needs so we can deliver the right services to you
> complete the services you need
> contact you to provide advice or information in relation to the services requested
> otherwise administer and manage the services requested, including managing any debts related those services
> improve the quality of all APHG services
> meet our reporting requirements and to the Ministry of Primary Industries
> market or promote our services (with your consent), including contacting you about services we think you might be interested in (though you can opt out of this at any time)
When we share your information
As a responsible custodian of health information, we take data security very seriously. However, the health system depends on responsible and legitimate sharing of health information to ensure that health providers have the information they need to treat and protect health consumers. We are required by the Health Act to provide health information to healthcare providers with a legitimate role in your care, on request.
We are an important part of the health system, and we have developed safe processes and systems to share health information where necessary. We will only share health information in the ways set out here and if we need to share information for wider statistical or research purposes, we will aggregate and anonymise it first.
We may disclose health information about you to:
> the healthcare provider who requested your lab tests
> other healthcare providers with a role in your care, either on request from the provider or by uploading your results to shared clinical databases
> other lab testing facilities, including overseas, where necessary to obtain tests that are not available at our labs
> your representative, or family/whanau where you have authorised this or in accordance with accepted medical practice (you can veto this)
> the Ministry of Primary Industries or other health agencies as part of statistical reporting or health research activities
> our trusted service providers, including data storage providers
> third party auditors or accreditors, as part of ongoing quality assurance activities
> government or law enforcement agencies where required by law
> a court or tribunal where necessary for the purposes of legal proceedings
> a health agency’s legal representative or insurer as part of liability indemnity arrangements
> debt collection agencies where required to recover a debt (we will never disclose medical details as part of this process)
> agencies responsible for managing public health and safety or the health and safety of our staff and contractors
We operate and communicate with organisations throughout New Zealand and overseas, and so we may be required to disclose health information to agencies outside New Zealand. APHG will only disclose health information to overseas recipients if we have a reasonable basis to believe they are subject to comparable privacy safeguards as we are or, if we cannot establish this, with your consent.
Storing and safeguarding your information
Keeping it safe
APHG stores health information in different ways, including in paper and electronic form. The security of health information is important us and we take all reasonable steps to protect it from loss, misuse or unauthorised access, modification or disclosure. Our security safeguards include:
> Safe data: All the health information we hold is protected with various layers of security
> Safe transmission: We encrypt health information before we share it or only share it over secure network connections
> Safe systems: Our systems are protected by complex firewalls that strictly manage access and defend our data and servers
> Access controls: We carefully manage both staff and healthcare provider access to our systems and data, using state of the art user validation and access controls
We retain health information only for as long as we have a lawful purpose to use it. We are a health agency, and this means we must retain health information for at least 10 years after our last contact with you. We securely destroy health information we no longer have a lawful purpose to use.
Making sure it is accurate
APHG takes all reasonable steps to ensure that the health information we collect, use and disclose is accurate, complete and up to date. However, we also rely on the people who give information to us – including you and your healthcare provider – to ensure that it is accurate. For this reason, we need you to:
> let us know if there are any errors in your health information
> keep us updated on any changes to your contact details or healthcare provider
> You can keep us updated by following the steps set out below at Contacting us about your information.
Contacting us about your information
To make a privacy request, ask about our privacy practices, or update your information, please:
> call us on 09 574 7399
> email us at email@example.com
> write to us at The Privacy Officer, PO Box 12049 Penrose, Auckland
Accessing or correcting your information
Ask your healthcare provider
The best way to obtain a copy of your test results is to ask your healthcare provider, as we send them a copy as soon as they’re ready.
Help us identify you
We will need to verify your identity before releasing information to you or correcting information, so please be patient and provide us with the information we need to do this. You can ask someone (like a representative or family member) to make a request on your behalf, but we will need to see a written authorisation from you and we may contact you directly if we’re unsure.
We may need to charge
We will be as open as we can with you, but if we need to withhold any information from you – for example where information is legally privileged, commercially sensitive or also relates to someone else – we will explain why. Where you have requested information that is expensive to reproduce we may charge you a reasonable fee for this. Again, we will explain this to you.
Complaints and queries about our privacy practices
If you have any concerns about the way we’ve collected, used or shared your health information, or you think we have refused a request for information wrongly, then please let us know and we’ll try our best to resolve them.
If we can’t resolve your concerns, you can also make a complaint to the Office of the Privacy Commissioner by:
> completing an online complaint form at www.privacy.org.nz
> writing to the Office of the Privacy Commissioner, PO Box 10-094, The Terrace, Wellington 6143