Waitemata Endoscopy - Privacy Statement


Waitemata Endoscopy is committed to safeguarding the privacy of patient information. We have a legal obligation to comply with the Privacy Act 2020 and the Health Information Privacy Code 2020. Information about these laws is available on the website of the NZ Privacy Commission (www.privacy.org.nz).

Under the Act, organisations that are in possession of an individual's 'personal information' must observe certain restrictions and standards concerning the collection, use, disclosure, and security of that information. Personal information is defined by the Act as ‘information about an identifiable individual’.

This privacy statement details:

  • The type of personal information we collect and hold
  • How we collect and hold personal information
  • The purposes for which we collect personal information
  • How you can access and correct personal information we hold
  • How we will respond to a privacy breach

What information do we collect?

We collect personal, demographic and medical/health information, including; test results, letters, referrals and other relevant information prior to your admission, while you are being treated as a patient with us, and after your discharge, so that we can provide you with safe and appropriate medical treatment, follow-up care and advice.  

The personal information that we collect from patients generally includes; name, date of birth, NHI number, residency status, ethnicity, postal address, contact details (phone and email), name of GP, emergency contact information, health insurance details (if applicable), medical history and health information (including referrals, medical test results, treatment plans), and family history.

We only collect the information required for the purpose for which we are collecting it. 

How do we collect personal information?

If it is reasonable and practicable to do so, we will collect your information directly from you. This may take place when you complete a referral form via our website, when you complete admission and assessment forms and administrative paperwork via phone, email or in person, or information received via your referring Doctor.

Sometimes we may need to collect information from third parties if it is unreasonable or impractical to collect it from you. These third parties may include a relative, power of attorney, or another health services provider. In particular, we may need to access health information about you that is relevant to your current treatment (including pre-admission and after discharge) which may be held by us, other health professionals or other health organisations. 

We use Closed Circuit television Surveillance (“CCTV”) in certain parts of our hospitals to maintain the safety and security of property, patients, staff, and visitors. These CCTV systems may but not always, collect and store personal information.

Why is this information collected?

If you are to receive, or have received, a service from Waitemata Endoscopy we will collect and hold your personal information to:

  • Provide the required treatment, service and advice
  • Administer and manage those services including charging, billing and debt collection
  • Contact you to provide advice or information relating to your treatment
  • Conduct appropriate health insurance eligibility checks
  • Improve the quality of our services through research and development
  • Conduct regular surveys to gain an understanding of individual needs
  • Maintain and develop business systems and infrastructure to improve the services we provide

How do we use and disclose personal information?

We only use or disclose personal information:

  • For the purpose which it was collected or a purpose directly related to that purpose
  • For any other purpose for which you have authorised
  • Otherwise where we are permitted or required to do so by law

We will use and disclose your information for purposes directly related to your treatment and in ways you would reasonably expect for your ongoing care.  This may include, but is not limited to transfer of relevant information to your nominated General Practitioner, to another treating health service or hospital, to a specialist for a referral or for pathology tests and scans.

To facilitate continuation of your care following discharge, it is our practice to disclose personal information to your nominated general practitioner and/or referring Doctor. If you do not want your personal information disclosed, please let us know.

The main purpose of collecting information about you is to provide ongoing medical treatment and advice.  

We are required to disclose some information to Government agencies to comply with laws regarding the reporting of notifiable diseases and statistics.  Your personal information may be required as evidence in court when subpoenaed.

If there has been a break in the continuity of patient care, we might need to seek your consent before releasing information to a new doctor or health professional.  If the situation is an emergency, consent is not required.

We will not use your personal information for direct marketing purposes unless you provide authorisation.

Our staff may convey to your identified next of kin or a close family member, general information about your condition while in hospital, in accordance with accepted customs of medical practice, unless you request otherwise.

Our policies and procedures ensure our staff treat your information confidentially and discreetly.  We do not ordinarily disclose patient personal information to entities overseas.  However, you may direct us to do so if, for example, your health insurer is based outside of New Zealand.  Privacy regulations in other countries may not be as strict as in New Zealand.

In summary, we will only disclose your personal information to third parties: 

  • If you have given us your consent to do so
  • To people or entities such as: 
    • your medical practitioner or GP and/or other healthcare service provider
    • Government, law enforcement or statutory bodies
    • Treatment funders, where the information is required as part of a treatment settlement or associated audit
    • If the situation is an emergency and consent is not required
  • To any third party authorised by you
  • Where it is permitted by law

What are the consequences of not providing personal information?

As a patient you should note that by commencing or continuing your relationship with us, you are taken to have authorised the collection and disclosure of personal information, including health information, by us from and to third parties as detailed in this Privacy Statement. 

You do not have to provide us with personal information.  However, you will need to tell us so we can discuss any consequences this may have.  If you do not provide us with the requested personal information, this may impact on our ability to provide you with our services.

How do we store personal information?

We store personal information in a variety of ways including paper and electronic formats.  The security of information is important to Waitemata Endoscopy.  Our staff are responsible for maintaining the security of patient information from unauthorised access, misuse, loss and damage.

We are strongly committed to protecting your personal information and your privacy. We have information security policies and procedures in place to protect personal information held by us from misuse, interference, loss, and unauthorised access, modification or disclosure.  

It is considered usual practice for healthcare organisations to communicate with patients via email and ordinary post. Such communications may include personal or health information.

We use a secure disposal system for the destruction of hard copy records containing personal information that does not need to be retained. We store hard copy documents securely on site or offsite with an external record management company.  All electronic documents are retained securely in our system.

How do you access and correct your personal information?

You are entitled to request access to and/or correction of all personal information we hold, including your medical records. To enable us to process your request we ask you to apply for access in writing or by email. We may require you to provide proof of identification.

Access to the information will be either be in the form of copies or by allowing you to view the information.

Access to personal information may be declined in special circumstances, such as where giving access would put you or someone else as risk of harm, or would result in unwarranted disclosure of someone else’s information.  If access is declined we will provide an explanation of the reasons in writing or by email.

If you advise us that you believe the information we hold about you is incorrect we may choose not to amend the information we hold.  If we choose not to amend the information, you may request that your view be noted on the relevant record.

How do we respond to a privacy breach?

A privacy breach occurs when there is unauthorised or accidental access to personal information or disclosure, alteration, loss, or destruction of personal information.  If the privacy breach causes or is likely to cause serious harm to someone, we will notify the Officer of the Privacy Commissioner as soon as possible.  If a notifiable privacy breach occurs we will also notify the effected person or people.

How to contact us:

If you have questions about the privacy of your information, or if you have a complaint, you should contact us by writing to:

The Privacy Officer

Waitemata Endoscopy Limited

PO Box 101-488


Auckland 0745

If you are not satisfied with how we have dealt with your complaint, you can contact the Privacy Commissioner.

Changes to the privacy statement

This Privacy statement was created in March 2024 and is subject to ongoing review.