The Comprehensive Care privacy statement sets out what personal information we collect and what we will use it for; all in accordance with Principle 3 of the Privacy Act 2020 says that when an organisation, business, or agency collects information from an individual, it should ensure that the individual is informed about what information is being collected and the purpose it is to be used for.
Comprehensive Care, as a Primary Health Organisation (PHO), ensures that persons enrolled with the PHO receive necessary direct healthcare services, typically through general practices and other healthcare providers.
Therefore, personal information may be collected directly from a user when a person:
- Enrolled with a practice/Comprehensive Care
- a user registers to use the Website or online Portal;
- Emails an enquiry or contacts Comprehensive Care;
- Adds a comment to any of Comprehensive Care’s social network accounts;
- Registers or attends an event;
- Uses a Comprehensive Care service;
- Subscribes to Comprehensive Care’s news feeds;
- Gives feedback;
- Lodges a complaint
We collect personal identifiable and sensible information from you, including:
- Patient’s NHI number
- Patient’s internal practice identifier
- Identifiable data such as the patient’s name, DOB and address
- The details of the doctor or other practice staff member(s)
- Clinical or health information to support the service and/or claim
Comprehensive Care also collects non-identifiable information about users’ interaction with Comprehensive Care’s information technology systems. It includes using the Website and web services and emails sent to/from Comprehensive Care’s information technology systems.
We may collect statistical information about visits to the Website; however, the data is aggregated, and no one can be identified by it. Analytics will also respect any “do not track” settings on web browsers and employ masked IP addresses so they cannot be used to track down specific users.
We collect your personal information to:
- To enable the PHO to access funding for the delivery of care
- ensuring that enrolled patients have equitable access to and get all available services
- focussing the resources we have on particular “at-risk” or “at-need” groups
- make sure that the funds we receive are directed into the specific regions and populations for whom it is intended.
- paying the health care facility for patient services provided
- continuously monitoring our health targets and the quality and performance improvement programme.
- administering and/or improving the Website;
- providing and improving Comprehensive Care’s services;
- market research and data analysis;
- communicating with users;
- investigating and/or responding to a user’s complaint or enquiry;
- future marketing, promotional, and publicity purposes;
- To provide further information to Users about other websites and services that Comprehensive Care considers may be of interest to Users, and/or such other use as a user authorises.
Besides our staff, we share this information:
- Reporting back anonymous/aggregate and identifiable data as required to the District Health Board Management and leadership teams support service provision and contractual requirements.
- We are meeting our health target and IPIF reporting requirements.
- Prompting or reporting to practice staff to specific services available to individual patients
- Shared care records and systems for specific projects (TestSafe, after-hours, Whanau Ora, shared care planning)
- Contribute with relevant research in the context of the primary care
- To take appropriate actions for the health services delivery and supporting the health care system to address equity, safety, quality, access and cost of services.
Comprehensive care will maintain procedures and take all necessary precautions to prevent unauthorised access to or use of the personal information and other data Comprehensive Care collects. In most cases, Comprehensive Care uses the HTTPS protocol for secure communication of Comprehensive Care pages over the Internet. In most cases, data transfer is carried out securely and does not go over the Internet as systems are connected on the Connected Health network. We receive various MOH data feeds via SFTP and we use HealthSafe for data sharing in the Metro Auckland Group. HealthSafe data transfer is by SSL/HTTPS and access is via a signed agreement, and access is further protected by 2-Factor Authentication (2FA).
Any personal information provided to Comprehensive Care will be collected and held by, or on behalf of, Comprehensive Care at Comprehensive Care, 42A Tawa Drive, Albany; or at cloud service providers or data centres used by Comprehensive Care (Comprehensive Care may use cloud service providers or data centres (whether in New Zealand or abroad), to handle and keep track of the private information it gathers, and will make sure that any storage on such a platform comes with sufficient security safeguards).
The privacy laws of New Zealand were deemed sufficient by the European Commission. When Comprehensive Care sends your information outside of New Zealand, it takes precautions to make sure that it is done so in line with applicable privacy laws and to third parties or nations with sufficient safeguards.
Some of the information is kept for ten years, after which we securely erase patient clinical data and personal identifiers.
Comprehensive Care will give users access to any information held about them upon request. If such information is inaccurate, Comprehensive Care will correct it. In addition to the rights listed above, if you are in the European Economic Area (EEA), you also have rights to:
- Know what personal information Comprehensive Care holds about you, and make sure it’s correct and up to date
- Please request a copy of your personal information or ask Comprehensive Care to restrict the processing of or delete it.
- Object to Comprehensive Care’s continued processing of your personal information, and ask Comprehensive Care to delete all personal information held about you.
If patients are ineligible or choose to opt out of information collection, we can generally not provide funding for these services. However, in all cases, we expect our medical practices to be able to offer medical services to all patients. Still, patients may have to pay additional co-payments (i.e. be treated as a casual, registered or visitor, not as an enrolled patient). If practices have specific sensitive cases, we can confidently discuss these with our practice support and locality manager teams; we can often make alternative arrangements.
Please see our contact details below to contact Comprehensive Care for access or correction.
- Privacy Officer
- Email: email@example.com
- Address: 42A Tawa Drive, Albany, Auckland, New Zealand.