Privacy Policy

Introduction

CAMRI is a division of Auckland UniServices Limited (UniServices). UniServices is the wholly-owned subsidiary of the University of Auckland (the University). This Privacy Policy sets out generally how we collect, use, store and disclose personal information

From time to time, we review and update our Privacy Policy. Updates are uploaded to the website and take effect from that date. Please ensure that you are aware of the most recent version of this Privacy Policy. This Privacy Policy was last updated on: 16 March 2021

CAMRI means the Centre for Advanced MRI, a UniServices Business Unit, of Building 505, Faculty of Medical and Health Sciences, University of Auckland, 85Park Road, Grafton, Auckland 1023.

Health information has the meaning given in the Health Information Privacy Code 2020, (a code written by the Privacy Commissioner under the Privacy Act, for the health sector).

Personal information has the meaning given under the Privacy Act. Generally it means information about an identifiable individual, and it includes health information obtained or generated by CAMRI in the course of providing imaging services.

Privacy Act means the Privacy Act 2020 or any replacement legislation.

Privacy Policy means this policy, as updated from time to time.

UniServices, we, or us means Auckland UniServices Limited, a New Zealandcompany of Level 10, 49 Symonds Street, Auckland, company number 373821.

University means the University of Auckland, a university constituted under the University of Auckland Act 1961 and a tertiary education provider under the Education and Training Act 2020.

We collect different types of personal information for different purposes, depending on the  nature of your relationship with us. Generally, we collect personal information about the following types of people:

Patients, usually referred to us from DHBs or clinicians in private practice, including via online referral platforms

Individuals who are participants in research studies, which may be carried out by UniServices, the University or third party researchers; and

Clinicians and other health professionals who engage with us, either when referring patients, or in connection with providing reports on images generated by our services

If you are a patient who has been referred to us, we will collect some or all of the following information for the stated purposes:

Name, address(es), date of birth, gender, NHI number, phone and email contacts, contact person’s name (if different, e.g. a parent or guardian of a child), for administrative and billing purposes (e.g. to contact you to carry out our necessary pre-screening checks, or to discuss any queries with you) and so that we can ensure we match information from different sources with the right person

Detailed health information including gender, weight, age and medical history, to protect your health and safety (e.g. by ensuring that health risks for imaging are identified and managed appropriately) and to enable us to provide the requested imaging services to the best quality that we can; and

Where applicable, ACC claim number, and/or details of your insurance provider, for billing and payment purposes, assisting with insurance pre-approvals (where you have asked us to do so), and responding to queries from your insurer or from ACC.

We may collect some of the information about you from third parties rather than from you directly. We do so where we reasonably believe that you have authorised that collection(e.g. because it is reasonable to assume that you have authorised that third party to disclose that information to us, such as when your clinician has referred you to us for imaging services) or it is impractical to collect the information directly from you (e.g. where we need detailed medical information to provide our services to you safely, and your referring clinician holds that information).

We will take reasonable steps to verify the information with you when we engage with you by phone or when you come to our clinic for your imaging services.

We also collect newly generated health information about you from our consultant radiologists who review your images and provide reports to us, as part of our services that we provide to you.

If you choose not to provide us with the information that we have requested, it is likely that we will be unable to provide you with the requested imaging services.

If you choose not to provide us with information relevant to your insurance claim, we will not be able to assist you with your claim.

We share your personal information to the following persons/organisations for the following purposes:

Our consultant radiologists who review your images and provide reports to us, to enable us to provide the requested imaging services;

Your referring clinician, so that they may provide you with health and disability services in connection with your imaging (as set out in more detail in paragraph 7, below)

Where you have been referred to us by a DHB, to the DHB for healthcare and reporting requirements;

Where requested by you or your referring clinician, a copy of your report to other healthcare providers;

Your insurer, in connection with any insurance placed or claim made by you;

ACC, in connection with a claim you have lodged, for ACC’s purposes of determining your entitlement to that claim and where it is reasonable to believe that you have authorised ACC to obtain medical and other records which are relevant to that claim under s 55(1)(c) of the Accident Compensation Act 2001;

Where you are a participant in a research study, to the researcher and organisation carrying out the study;

On a de-identified basis, with our trusted equipment and software suppliers to aid the monitoring, improvement and operability of the equipment, as well as part of our regular quality assurance process

Other persons and organisations, where we are required or permitted to do so under the Privacy Act or other laws.

To ensure that you receive appropriate advice and support in connection with your results (including other relevant health information), we will provide your report to your referring clinician. Please arrange a time with your clinician to discuss your results. This is subject to your rights to access your information, as set out below in paragraph 11.

Where you engage with us as a participant in a research study, we collect much of the same information as for any other patient (other than ACC, insurer and billing information) including health information relevant to the purposes of the study in which you have agreed to participate. Further information on the purpose of the study will be set out in the participant information sheet and other information provided to you by the researchers and organisation carrying out the research.

Wherever practicable, we take steps to de-identify your information, including:

Using a study participant identifier instead of name and/or NHI numbers; and

Using a standardised date of birth and/or any other anonymization steps required under the terms of the research protocol.

Where you engage with us as a health professional, we collect information from you including:

name and contact details, and place of practice, for administrative and billing purposes, and so that we can provide our services to you and our patients; and

medical practising number, so that we can verify your entitlement to practise.

Where you are a referring clinician, we also collect the information that you provide about the patients you are referring. You must ensure that you have any necessary authorisation from the patient to disclose that information to us, and that you have taken all reasonable steps to verify that the information is accurate and up-to-date before providing it to us. Where you have requested that we provide a copy of the patient report to the patient’s GP, you must ensure that you have the necessary authorisation from the patient for us to do so.

We take reasonable security safeguards to ensure that your personal information is protected against loss and unauthorised access, use, modification and disclosure.

We store information on trusted servers in strict adherence to the requirements of the Privacy Act 2020, and other applicable laws governing the storage of patient health information. Physical records are stored securely onsite or archived with our trusted storage provider Iron Mountain New Zealand Limited.

We use trusted third party providers of software applications specifically designed to enable efficient and confidential management of patient information We use these providers and their applications under terms that do not permit the provider to use your information for any purpose other than storage and processing for the services for which we use them and/or in an aggregated (anonymised) form for the purposes of monitoring traffic and to improve the services.

We store personal information only for as long as we need it or are required bylaw to keep it. For example, we keep health information for a further ten years following the last date of services that we provided to you, in accordance with the Health (Retention of Health Information) Regulations 1996.

You can:
ask us to confirm what personal information we hold about you;
request access to, and correction of, your personal information; and
provide us with a statement of correction to attach to your personal information if we choose not to correct your personal information.

We may choose not to provide you with access to your personal information for certain reasons set out in the Privacy Act, for example, where:
to do so could prejudice your health
you are under the age of 16 and we believe the disclosure of the information would be contrary to your interests;
the information cannot readily be retrieved; or
to do so would give unwarranted disclosure of information about another individual.

If we provide access to your information, we will provide you with a copy, extractor summary of that information. As we are legally required to retain health records, we are not generally able to hand over original records.

If you wish to exercise any of your rights under the Privacy Act, please contact us at mri@auckland.ac.nz. You will need to:
clearly state your request;
tell us who you are and provide reasonable evidence of your identity if we ask; and
tell us if (and why) your request is urgent.

It is important that any contact details that we hold about you are kept up-to-date. For example, we may need to contact you urgently if we suffer a security event such as unauthorised access or disclosure of your personal information. Please let us know if yourcontact details change by contacting us at mri@auckland.ac.nz.

It is important that any health information that we hold about you is accurate and complete, so that we can be sure we are managing your health and safety in an appropriate manner whenever we provide healthcare services to you. Please let us know if you become aware of any errors in your health records by contacting us at mri@auckland.ac.nz.

We do not sell your personal information to third parties for their marketing or other purposes

Cookies are small text files that are stored on your browser or device by awebsite or app. UniServices uses cookies and similar technologies to helpremember users and monitor how they interact with our websites and apps.

You can disable the acceptance of cookies by adjusting the settings in your web browser, although this may restrict your ability to access some web pages

If this Privacy Policy has not answered your questions as to how we collect, use, store andshare your information, please contact us at mri@auckland.ac.nz

Alternatively, if you have concerns about your privacy, you can:

contact us at privacy.officer.uniservices@auckland.ac.nz; and/or

lodge a complaint with the Office of the Privacy Commission. Seehttps://www.privacy.org.nz/your-rights/making-a-complaint/ for more info.