Private and Policy

Private and Policy

Canterbury SCL Pathology Privacy Statement

This privacy statement explains how Canterbury SCL manages the personal and health information we collect. Canterbury SCL is a part of the Healthscope New Zealand (“Healthscope”) group, which incorporates SCL, Wellington SCL, Northland Pathology, Southern Community Labs, Medlab South, Medlab Hamilton, Drugs and Substance Testing New Zealand and Gribbles Veterinary and Gribbles Analytical. Healthscope provides group information management services, so when you deal with us, you are also dealing with Healthscope.

Canterbury SCL facilitates the safe requesting, generation and sharing of lab test results and we are committed to protecting this information in accordance with the law and with the expectations of health consumers and providers. We take our role as a custodian of health information seriously and know that privacy is an important component of consumer and provider trust in our services.

We may update this privacy statement from time to time, to reflect changes to privacy law or our business operations. This privacy statement was last updated in April 2019.

Collecting your information

We need to collect and generate health information about you to deliver lab test services. We always ensure that we collect only the health information we really need to do our job and where we can we make sure you can deal with us anonymously (for example when you make general enquiries about our services).

How we collect your information

Most of the health information we collect is provided to us by your healthcare provider when they request our services on your behalf. We also collect health information from you directly when you complete a lab test request form or make contact with us to discuss your tests. Of course, we also generate health information about you when we’re processing your request and preparing the results.

Information we collect or generate about you to deliver services

We may collect or generate the following health information about you:

  • Name
  • Date of birth
  • Gender
  • Occupation
  • Address (postal and email)
  • Telephone numbers
  • Emergency contact information
  • NHI, health fund and health insurance cover details
  • Medical history, previous test results and other relevant health information
  • Information about your healthcare provider
  • Test results prepared in relation to your current request

Information we collect about you when you visit our website

In general, you can visit our website without having to provide us with any personal information. We use cookies (text files that are placed on your hard disk by our web server) to understand the way you use our website and online services. You have the ability to accept or decline cookies. Most browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of our website.

We may provide third parties with aggregated statistics about website visitors, traffic patterns and related information that we have generated using the cookies mentioned above. We do not link the information to a specific user.

Our website may contain links to websites operated by third parties. We have no control over the privacy practices of these third parties, so we would recommend that you read the privacy statements of those third parties before using their websites or services.

Where you submit health information via our website, for example by using eHealth applications, we will handle that information in the same way as any other health information we receive, and in accordance with this privacy statement.

Using your health information to deliver lab test services

In order to deliver effective and efficient lab test services, we must use and the share the health information we collect about you. We make sure that your information is used and shared only in ways that support our core purpose, to facilitate the requesting, generation and appropriate sharing of lab test results. Where we need to use your information for wider purposes, such as improving our business or meeting our reporting requirements, we usually anonymise it first.

How we use your information

We will use your health information to:

  • understand your needs so we can deliver the right services to you
  • complete the services you need
  • contact you to provide advice or information in relation to the services requested
  • otherwise administer and manage the services requested, including managing any debts related those services
  • improve the quality of all Canterbury SCL services
  • meet our reporting requirements, including to our funding organisations (such as District Health Boards) and to the Ministry of Health
  • market or promote our services (with your consent), including contacting you about services we think you might be interested in (though you can opt out of this at any time)

When we share your information

As a responsible custodian of health information, we take data security very seriously. However, the health system depends on responsible and legitimate sharing of health information to ensure that health providers have the information they need to treat and protect health consumers.

We are an important part of the health system, and we have developed safe processes and systems to share health information where necessary. We will only share health information in the ways set out here and if we need to share information for wider statistical or research purposes, we will aggregate and anonymise it first.

We may disclose health information about you to:

  • the healthcare provider who requested your lab tests, and any other provider with a legitimate role in your care and treatment (we won’t do this if you have self-requested a test, unless you ask us to)
  • other healthcare providers with a role in your care, by uploading your results to shared clinical databases, including TestSafe and Eclair
  • your representative, or family/whanau where you have authorised this or in accordance with accepted medical practice (you can veto this)
  • your health insurer where you have authorised this
  • our funding agencies, including District Health Boards
  • the Ministry of Health or other health agencies as part of statistical reporting or health research activities
  • our trusted service providers, including data storage providers
  • third party auditors or accreditors, as part of ongoing quality assurance activities
  • government or law enforcement agencies where required by law
  • a court or tribunal where necessary for the purposes of legal proceedings
  • a health agency’s legal representative or insurer as part of liability indemnity arrangements
  • debt collection agencies where required to recover a debt (we will never disclose medical details as part of this process)
  • agencies responsible for managing public health and safety or the health and safety of our staff and contractors

We operate and communicate with organisations throughout New Zealand and overseas, and so we may be required to disclose health information to agencies outside New Zealand. Canterbury SCL will only disclose health information to a country which has a substantially similar privacy regime in place.

Storing and safeguarding your information

Keeping it safe

Canterbury SCL stores health information in different ways, including in paper and electronic form. The security of health information is important us and we take all reasonable steps to protect it from loss, misuse or unauthorised access, modification or disclosure. Our security safeguards include:

  • Safe data: All the health information we hold is protected with various layers of security
  • Safe transmission: We encrypt health information before we share it or only share it over secure network connections
  • Safe systems: Our systems are protected by complex firewalls that strictly manage access and defend our data and servers
  • Access controls: We carefully manage both staff and healthcare provider access to our systems and data, using user validation and access control systems

We retain health information only for as long as we have a lawful purpose to use it. We are a health agency, and this means we must retain health information for at least 10 years after our last contact with you. We securely destroy health information we no longer have a lawful purpose to use.

Making sure it’s accurate

Canterbury SCL takes all reasonable steps to ensure that the health information we collect, use and disclose is accurate, complete and up to date. However, we also rely on the people who give information to us – including you and your healthcare provider – to ensure that it is accurate. For this reason, we need you to:

  • let us know if there are any errors in your health information
  • keep us updated on any changes to your contact details or healthcare provider

You can keep us updated by following the steps set out below at Contacting us about your information.

Contacting us about your information

To make a privacy request, ask about our privacy practices, or update your information, please:

  • call us on 04 381 5900
  • email us at privacy-officer@healthscope.co.nz
  • write to us at The Privacy Officer, PO Box 12049, Penrose, Auckland 1042

Accessing or correcting your information

You have the right to ask us for a copy of the information we hold about you, or to correct it if you think it’s wrong (in fact, we really want you to tell us if you think it’s wrong).

Ask your healthcare provider

The best way to obtain a copy of your test results is to ask your healthcare provider, as we send them a copy as soon as they’re ready. However, if you self-requested a test or you want a copy of other information we might hold about you, then you can ask us directly.  

If we think that your healthcare provider would be better placed to handle your information request – for example where test results indicate a serious or particularly sensitive health issue – we may transfer your request to your healthcare provider. If we need to do this, we’ll tell you as soon as possible.

Help us identify you

We will need to verify your identity before releasing information to you or correcting information, so please be patient and provide us with the information we need to do this. You can ask someone (like a representative or family member) to make a request on your behalf, but we will need to see a written authorisation from you and we may contact you directly if we’re unsure.

We may need to charge

We will be as open as we can with you, but if we need to withhold any information from you – for example where information is legally privileged, commercially sensitive or also relates to someone else – we will explain why. Where you have requested information that is expensive to reproduce we may charge you a reasonable fee for this. Again, we will explain this to you.

Complaints and queries about our privacy practices

If you have any concerns about the way we’ve collected, used or shared your health information, or you think we have refused a request for information wrongly, then please let us know and we’ll try our best to resolve them.

If we can’t resolve your concerns, you can also make a complaint to the Office of the Privacy Commissioner by:

  • completing an online complaint form at www.privacy.org.nz  
  • writing to the Office of the Privacy Commissioner, PO Box 10-094, The Terrace, Wellington 6143