Patient Privacy Notice

We cannot provide the thorough and personalised care expected of us if we do not know our patients well. Below, we explain how we manage the health information we need to collect about our patients in order to provide the best and safest healthcare possible.

We take a patient-focused approach to delivering services and to managing health information. We are custodians of this information and we are committed to ensuring that we use and share it in accordance with the law and the expectations of our patients.

You can read our full privacy notice below or print a PDF, but here’s a summary of the important points:

  • We collect or create only the information we really need to treat you
  • We use your information to deliver the best and safest healthcare possible
  • We only share your information when we really need to
  • We take all reasonable steps to protect your information
  • You can ask us for a copy of your information at any time – just contact us

We may update this privacy notice from time to time, to reflect changes to privacy law or our practice operations. This privacy notice was last updated in February 2019.

We need to collect and create health information about you to deliver health services, but we always ensure that we keep this information to a minimum. 

It’s not generally mandatory that you provide us with information, but we may not be able to properly understand your needs or provide you with treatment if you do not provide us with the information we need. If you have any concerns about providing us with certain information, talk to us about it. We can help you understand why we need it.

We collect your health information from you directly, for example when you interact with us during consultations. We receive health information from your healthcare provider when they refer you to us for specialist care. We may also collect health information from other third parties where required and usually with your authorisation, such as your family or other healthcare providers.

Of course, we also create health information about you when we’re delivering services, such as preparing treatment plans or prescribing medications for you.

We may collect or create the following health information about you:

  • General information – your name, contact details (address, email and phone number), date of birth, gender, ethnicity and residency status
  • Other provider information – your primary healthcare provider, health insurer (where appropriate), ACC details (where appropriate), or carer/guardian
  • Relevant medical history – medical conditions, allergies, medications, previous consultation notes, and previous diagnostic reports (including test results and x-rays)
  • Health information we create about you – our consultation notes, diagnoses, treatment plans, monitoring, and prescriptions
  • Interaction information – correspondence with you, your healthcare provider or your family
  • Payment information – bills, payment records

We use and sometimes share the health information we hold about you to deliver the best and safest healthcare possible. We make sure that your information is used and shared only in ways that support your treatment. Where we need to use your information for wider purposes, such as medical research or statistical analysis, we anonymise it first. 

How we use your information

We will use your health information to:

  • understand your needs, so we can deliver the right treatment and services 
  • assess the urgency of appointments
  • diagnose and treat your medical conditions
  • prescribe medications
  • make onwards referrals where required
  • otherwise administer and manage the delivery of healthcare services to you, including working with ACC or your health insurer to manage payment
  • contact you about your care and treatment
  • meet our legislative reporting requirements, including to the Ministry of Health
  • conduct medical research and statistical analysis (with anonymised information)

When we share your information

The health system depends on responsible and legitimate sharing of health information to ensure that health providers have the information they need to provide the right care and treatment to their patients. As part of providing you with healthcare services, we may disclose health information about you to: 

  • the healthcare provider who referred you to us, who will usually be your General Practitioner
  • other healthcare providers with a legitimate role in your care, such as physiotherapists or other specialists
  • your carer, guardian, or family/whanau, where you have authorised this or in accordance with accepted medical practice
  • your health insurer, where you have authorised this as part of your claim process
  • ACC, where your treatment is provided as part of a claim
  • the Ministry of Health or other health agencies as part of statistical reporting or health research activities, in aggregated and anonymised format 
  • our trusted service providers, including data storage providers and clinical typists
  • government or law enforcement agencies where required by law 

We are required by law to retain your health information for at least 10 years after the last contact we have had with you. We store all the health information we hold on a secure cloud-based data storage platform hosted on a virtual private server. All paper records we collect or create are scanned and uploaded to this secure platform. 

We take all reasonable steps to protect health information from loss, misuse or unauthorised access, modification or disclosure. For example:

  • Only our treating clinicians and practice manager have access to health information
  • Our data storage platforms are protected by firewalls and are password-protected
  • We ensure that no clinical information is stored in our billing platform
  • We use the secure HealthLink system to share health information – both the information and the pathway are encrypted

You have important rights in relation to your information, and we respect these. To make a privacy request, update your information, or tell us about any concerns, please:

  • call us on 07 856 1115
  • email us at 
  • write to us at The Practice Manager, Doug White Rheumatology, PO Box 24148, Abels, Hamilton, 3245 

Accessing or correcting your information

You have the right to ask us for a copy of the information we hold about you, or to correct it if you think it’s wrong. 

We will need to verify your identity before releasing or correcting your information. If you ask someone (like your carer or a family member) to make a request on your behalf, we will need to see written authorisation from you and we may give you a call to check if we’re unsure. Please understand that all these steps are intended to protect your privacy. 

We will always be open with you about the health information we hold about you, particularly if we have created it. Sometimes we may hold health information about you that we received from another healthcare provider. If we think that this other healthcare provider would be better placed to handle your request – for example if we’re not sure that provider has previously discussed it with you – we may transfer your request to the other provider. If we need to do this, we’ll tell you as soon as possible. 

Concerns about your information

If you have any concerns about the way we’ve collected, used or shared your health information, or you think we have refused a request for information without a proper basis, then please let us know and we’ll try our best to resolve them. If we can’t resolve your concerns, you can also make a complaint to the Office of the Privacy Commissioner by:

  • completing an online complaint form at  
  • writing to the Office of the Privacy Commissioner, PO Box 10-094, The Terrace, Wellington 6143