Introduction

Braemar Hospital Limited (“we”, “our” or “us”) is committed to safeguarding the privacy of patient information. We have a legal obligation to comply with the requirements of The Privacy Act 2020 and the Health Information Privacy Code 2020.

More information about these laws is available on the website of the Privacy Commissioner: www.privacy.org.nz

 

This privacy statement details:

  • The type of personal information we collect and hold
  • How we collect and hold personal information
  • The purposes for which we collect personal information
  • How you can access and correct personal information we hold
  • How we will respond to a privacy breach

 

What Information do we collect?

We collect personal and medical details of patients so that we can provide them with medical treatment and advice. We collect personal information of medical practitioners so that we can enable them to work in our hospital. The information we collect may include:

  • Name
  • Date of birth
  • Country of birth
  • Residency status
  • Occupation
  • Religion
  • Ethnicity
  • Address
  • Phone numbers
  • Email address
  • Medical history
  • Family medical history
  • Health information (such as medical test results, diagnosis and planned treatments)

We only collect information that we need for the purpose for which we are collecting it.

 

Why is this information collected?

If you are to receive, or have received, a service from Braemar Hospital or if you are a medical practitioner providing services at our hospital, we will collect and hold your personal information to:

  • Provide the required treatment, service and advice
  • Administer and manage those services including charging, billing and debt collection
  • Contact you to provide advice or information relating to your treatment
  • Conduct appropriate health insurance eligibility checks
  • Improve the quality of our services through research and development
  • Conduct regular surveys to gain an understanding of individual needs
  • Maintain and develop business systems and infrastructure to improve the services we provide

 

How do we collect personal information?

Information collected from you

If it is practical to do so, we will collect your information directly from you. This may take place when you complete admission or administration paperwork via the hospital admission process, through your doctor’s rooms, or over the telephone.

Information collected from third parties

Sometimes we may need to collect information from third parties if it is unreasonable or impractical to collect it from you. These third parties may include:

  • medical practitioners and/or other healthcare service providers or external agencies;
  • your treatment funder (or an advisor or agent associated with your treatment funding); and
  • any other third party authorised by you such as a relative, a person with your power of attorney or other health services provider, if it is unreasonable or impracticable to collect it from you.

In particular, we may need to access health information about you that is relevant to your current treatment (including pre-admission and after discharge) which may be held by us, other health professionals or other health organisations.

When we collect personal information about you from a third party (such as another health services provider) you will have already given that third party your consent to share personal information with us for the purposes of carrying out your treatment, or we may contact you directly to obtain your consent to access this information.

If you do not provide the personal information we request or do not consent to our collecting that personal information from third parties, then depending upon the type of personal information concerned, we may not be able to provide you with appropriate treatment or care.

To facilitate continuation of your care following discharge, it is our practice to disclose personal information to your nominated General Practitioner and other health providers. If you do not want your personal information disclosed, please let us know.

 

How do we use personal information?

We only use or disclose personal information:

  • For the purpose which it was collected or a purpose directly related to that purpose
  • For any other purpose for which you have authorised
  • Otherwise where we are permitted or required to do so by law.

We will use and disclose your information for purposes directly related to your treatment and in ways you would reasonably expect for your ongoing care. This may include, but is not limited to transfer of relevant information to your nominated General Practitioner, to another treating health service or hospital, to a specialist for a referral or for pathology tests and X-rays.

The main purpose of collecting information about you is to provide ongoing medical treatment and advice. We are required to disclose some information to Government agencies to comply with laws regarding the reporting of notifiable diseases and statistics. Your personal information may be required as evidence in court when subpoenaed.

If there has been a break in the continuity of patient care, we might need to seek your consent before releasing information to a new doctor or health professional. If the situation is an emergency, consent is not required.

We cannot use your personal information for direct marketing purposes unless you provide authorisation.

Our staff may convey to your identified next of kin or a close family member, general information about your condition while in hospital, in accordance with accepted customs of medical practice, unless you request otherwise.

Our policies and procedures ensure our staff treat your information confidentially and discreetly. We do not ordinarily disclose patient personal information to entities overseas. You may direct us to do so if, for example, your health insurer is based outside of New Zealand. Privacy regulations in other countries may not be as strict as in New Zealand.

 

What are the consequences of not providing personal information?

You do not have to provide us with personal information. However, you will need to tell us so we can discuss any consequences this may have. If you do not provide us with the requested personal information, this may impact on our ability to provide you with our services.

 

How do we store personal information?

We store personal information in a variety of ways including paper and electronic formats. The security of information is important to Braemar Hospital. Our staff are responsible for maintaining the security of patient information from unauthorised access, misuse, loss and damage.

 

How do you access and correct your personal information?

You are entitled to request access to and/or correction of all personal information we hold, including your medical records. To enable us to process your request we ask you to apply for access in writing or by email. We may require you to provide proof of identification.

Access to the information will either be in the form of copies or by allowing you to view the information.

Access to personal information may be declined in special circumstances, such as where giving access would put you or someone else as risk of harm, or would result in unwarranted disclosure of someone else’s information. If access is declined, we will provide an explanation of the reasons in writing or by email.

If you advise us that you believe the information we hold about you is incorrect we may choose not to amend the information we hold. If we choose not to amend the information, you may request that your view be noted on the relevant record.

Patient records (hardcopy) are destroyed no less than 10 years from last admission to Braemar Hospital.

 

How do we respond to a privacy breach?

A privacy breach occurs when there is unauthorised or accidental access to personal information or disclosure, alteration, loss, or destruction of personal information. If the privacy breach causes or is likely to cause serious harm to someone, we will notify the Officer of the Privacy Commissioner as soon as possible. If a notifiable privacy breach occurs, we will also notify the effected person or people.

 

Contact us

If you have questions about the privacy of your information, or if you have a complaint, you should contact us by:

Writing to:

The Privacy Officer

Braemar Hospital Limited

PO Box 972

Waikato Mail Centre 3240

Phoning

07 843 1899 and asking to speak with our Privacy Officer (either the General Manager – Clinical Services, or the Chief Financial Officer).

If you are not satisfied with how we have dealt with your complaint, you can contact the Privacy Commissioner by phoning 0800 803 909.

 

 

 

Updated June 2026