Gribbles Pathology Privacy Statement
This privacy statement explains how Gribbles manages the personal and health information we collect. Gribbles is a part of the Healthscope New Zealand (“Healthscope”) group, which incorporates SCL, Wellington SCL, Northland Pathology, Southern Community Labs, Medlab South, Medlab Hamilton, Drugs and Substance Testing New Zealand and Gribbles Veterinary and Gribbles Analytical. Healthscope provides group information management services, so when you deal with us, you are also dealing with Healthscope.
Gribbles facilitates the safe requesting, generation and sharing of lab test results and we are committed to protecting this information in accordance with the law and with the expectations of health consumers and providers. We take our role as a custodian of health information seriously and know that privacy is an important component of consumer and provider trust in our services.
We may update this privacy statement from time to time, to reflect changes to privacy law or our business operations. This privacy statement was last updated in April 2019.
Collecting your information
We need to collect and generate health information about you to deliver lab test services. We always ensure that we collect only the health information we really need to do our job and where we can we make sure you can deal with us anonymously (for example when you make general enquiries about our services).
How we collect your information
Most of the health information we collect is provided to us by your healthcare provider when they request our services on your behalf. We also collect health information from you directly when you complete a lab test request form or make contact with us to discuss your tests. Of course, we also generate health information about you when we’re processing your request and preparing the results.
Information we collect or generate about you to deliver services
We may collect or generate the following health information about you:
- Date of birth
- Address (postal and email)
- Telephone numbers
- Contact information
- Other information relevant to providing laboratory services to you
Information we collect about you when you visit our website
We may provide third parties with aggregated statistics about website visitors, traffic patterns and related information that we have generated using the cookies mentioned above. We do not link the information to a specific user.
Our website may contain links to websites operated by third parties. We have no control over the privacy practices of these third parties, so we would recommend that you read the privacy statements of those third parties before using their websites or services.
Where you submit health information via our website, for example by using eHealth applications, we will handle that information in the same way as any other health information we receive, and in accordance with this privacy statement.
Using your health information to deliver lab test services
In order to deliver effective and efficient lab test services, we must use and the share the health information we collect about you. We make sure that your information is used and shared only in ways that support our core purpose, to facilitate the requesting, generation and appropriate sharing of lab test results. Where we need to use your information for wider purposes, such as improving our business or meeting our reporting requirements, we usually anonymise it first.
How we use your information
We will use your health information to:
- understand your needs so we can deliver the right services to you
- complete the services you need
- contact you to provide advice or information in relation to the services requested
- otherwise administer and manage the services requested, including managing any debts related those services
- improve the quality of all Gribbles services
- meet our reporting requirements, including to our funding organisations such as MPI
- market or promote our services (with your consent), including contacting you about services we think you might be interested in (though you can opt out of this at any time)
When we share your information
As a responsible custodian of information, we take data security very seriously.
We are an important part of the Primary Sector, and we have developed safe processes and systems to share information where necessary. We will only share information in the ways set out here and if we need to share information for wider statistical or research purposes, we will aggregate and anonymise it first.
We may disclose information about you to or your clients:
- our funding agencies, including MPI
- our trusted service providers, including data storage providers
- third party auditors or accreditors, as part of ongoing quality assurance activities
- government or law enforcement agencies where required by law
- a court or tribunal where necessary for the purposes of legal proceedings
- debt collection agencies where required to recover a debt (we will never disclose medical details as part of this process)
- agencies responsible for managing public health and safety or the health and safety of our staff and contractors
We operate and communicate with organisations throughout New Zealand and overseas, and so we may be required to disclose health information to agencies outside New Zealand. Gribbles will only disclose health information to a country which has a substantially similar privacy regime in place.
Storing and safeguarding your information
Keeping it safe
Gribbles stores health information in different ways, including in paper and electronic form. The security of health information is important us and we take all reasonable steps to protect it from loss, misuse or unauthorised access, modification or disclosure. Our security safeguards include:
- Safe data: All the information we hold is protected with various layers of security
- Safe transmission: We encrypt information before we share it or only share it over secure network connections
- Safe systems: Our systems are protected by complex firewalls that strictly manage access and defend our data and servers
- Access controls: We carefully manage both staff and healthcare provider access to our systems and data, using user validation and access control systems
We retain information only for as long as we have a lawful purpose to use it. We securely destroy information we no longer have a lawful purpose to use.
Making sure it’s accurate
Gribbles takes all reasonable steps to ensure that the information we collect, use and disclose is accurate, complete and up to date. However, we also rely on the people who give information to us – including you and your healthcare provider – to ensure that it is accurate. For this reason, we need you to:
- let us know if there are any errors in your health information
- keep us updated on any changes to your contact details or healthcare provider
You can keep us updated by following the steps set out below at Contacting us about your information.
Contacting us about your information
To make a privacy request, ask about our privacy practices, or update your information, please:
- call us on 06 356 7100
- email us at email@example.com
- write to us at The Privacy Officer, PO Box 12049, Penrose, Auckland 1042
Accessing or correcting your information
You have the right to ask us for a copy of the information we hold about you, or to correct it if you think it’s wrong (in fact, we really want you to tell us if you think it’s wrong).
Ask your healthcare provider
The best way to obtain a copy of your test results is to ask your healthcare provider, as we send them a copy as soon as they’re ready. However, if you self-requested a test or you want a copy of other information we might hold about you, then you can ask us directly.
If we think that your healthcare provider would be better placed to handle your information request – for example where test results indicate a serious or particularly sensitive health issue – we may transfer your request to your healthcare provider. If we need to do this, we’ll tell you as soon as possible.
Help us identify you
We will need to verify your identity before releasing information to you or correcting information, so please be patient and provide us with the information we need to do this. You can ask someone (like a representative or family member) to make a request on your behalf, but we will need to see a written authorisation from you and we may contact you directly if we’re unsure.
We may need to charge
We will be as open as we can with you, but if we need to withhold any information from you – for example where information is legally privileged, commercially sensitive or also relates to someone else – we will explain why. Where you have requested information that is expensive to reproduce we may charge you a reasonable fee for this. Again, we will explain this to you.
Complaints and queries about our privacy practices
If you have any concerns about the way we’ve collected, used or shared your health information, or you think we have refused a request for information wrongly, then please let us know and we’ll try our best to resolve them.
If we can’t resolve your concerns, you can also make a complaint to the Office of the Privacy Commissioner by:
- completing an online complaint form at www.privacy.org.nz
- writing to the Office of the Privacy Commissioner, PO Box 10-094, The Terrace, Wellington 6143