Privacy Statement
The purpose of this Privacy Statement is to inform you about the types of Personal Information that the Medic Alert Foundation – New Zealand Incorporated (“we”or “us”) collect, use and disclose. It explains how we use and disclose that information, the choices you have regarding such use and disclosure, and how you may request access to or correction of that information.
This Policy and the Website T&C's supersede the previous Website Security Statement.
We are proud to demonstrate our commitment to your privacy, by keeping up to date with the laws and regulations under applicable privacy laws in New Zealand.
From time-to-time, we may make changes to this Privacy Statement. The Privacy Statement is current as of the “last revised” date which appears at beginning of this document. Our Privacy Officer is accountable for our compliance with this Privacy Statement and our Privacy Policy. This Privacy Statement applies to any information we collect or receive about you, from any source.
- What Regulations are we subject to:
MedicAlert Foundation is a Health Information Agency in accordance with the New Zealand Health Information Privacy Code (HIPC) 2020. The Foundation is listed by Government Regulation on Schedule 2 of the HIPC 2020. Health (Retention of Health Information) Regulations 1996, also apply.
- What type of Organisation are we:
The Foundation is an incorporated society and a registered charity. The Foundations registered charitable purposes are focused on the protection of life and prevention of harm, through a number of ways, primarily for the purpose of enabling you to be identified with your most relevant health information, in an emergency situation, particularly when you may be unconscious or unable to communicate. The purpose of Foundation Membership and Services, prioritises disclosing your information, to protect your health welfare and safety, along with enabling you to benefit from your Health & Disability Commissioner Health Consumer Rights, in your best interests.
- Your Informed Consent
Fulfilling the Foundations Charitable objects requires the Foundation to maintain a record of your personal and health information, so you can benefit from the Foundations Services, when you are most at risk. You need to first become a Member of the Society and agree to the Member Terms Statement, which lists its services and requires your Informed Consent to benefit from its services.
We obtain your informed consent, when you agree to the Member Terms Statement before you are accepted as a Member. A copy of your informed consent is kept on file. Prior to collecting information from you, we tell you about the purposes for which we will use or disclose the information. Sometimes the purposes are obvious, or in your best interests, in which case your consent may be implied. Where appropriate, we may collect, use or disclose your Personal Information based on a consent given on your behalf by an authorized third party, or as otherwise permitted by law.
- What type of Personal Information do we collect?
Personal Information is information about an identifiable individual. The kind of Personal Information we hold include, but are not limited to:
- Personal contact details such as your address, phone numbers, or
- birth date,
- identification numbers,
- Information related to membership such as donation or payment information.
- health information.
We collect your personal information in order to provide the Foundation's services including membership and medical identification services. We only collect information necessary for providing the Foundation’s services to you.
- How do we collect your Personal Information?
We will always collect your Personal Information by fair and lawful means (for example, when you complete an application form, in person or online, or by telephone). We will first collect your Personal Information directly from your your doctor, where we have obtained your consent to do so. We may collect Personal Information from a third party, based on your consent, or as otherwise permitted by law.
- How do we use your Personal Information?
We identify the purposes for which we use your Personal Information at or before the time we collect such information from you and obtain your consent, and in any case, prior to such use. We use your Personal Information only for purposes specified and consented to, which may include providing and delivering products or services to you and ensuring a satisfactory relationship with you and for internal purposes such as administering or improving our websites. We may also use your Personal Information for statistical purposes, to develop our services and assess the needs of those using the services. In addition, we may use your Personal Information as otherwise permitted or required by law, including the Privacy Act 2020 and the HIPC 2020.
- To whom do we provide your Personal Information?
We limit the disclosure of your Personal Information to circumstances where disclosure is required to carry out a purpose you have consented to or as otherwise permitted or required by law. For example, we may disclose your Personal Information to third party service providers with whom we have a contractual agreement, which includes appropriate privacy standards, for the purpose of performing functions such as Medical ID engraving, or providing the Hotline service, database services or information technology support;
a) to emergency responders and other health care providers as necessary in the circumstances;
b) to third parties in the context of a transaction involving all or part of Medic Alert Foundation – New Zealand Incorporated, such as a merger. In such circumstances, we will take reasonable steps to ensure the security of the information prior to disclosure;
c) anonymised aggregated data to third parties for the purpose of research and compiling statistics, following application to and agreement of the Board.
d) such other disclosures of Personal Information to such persons for which you provide your consent; and
e) as otherwise permitted or required by law
- How do we ensure the privacy of your Personal Information when dealing with our affiliates and other third parties?
We ensure that all our affiliates and other third parties which are engaged to perform services on our behalf and are provided with Personal Information, are required by contract to observe the intent of this Privacy Statement.
If you use a Third Party Service or Agency, with technology supplied by the Foundation, such as a Medical Register. You will need to contact them directly. The Privacy Statement of the Third Party or Agency applies.
- How long will we use, disclose, or retain your Personal Information?
We may keep a record of your Personal Information, correspondence, or comments, in a file specific to you at our office at Unit 1, 5 Gibbons Street, Upper Hutt, New Zealand, or within your secure Medical Alerting Clinical Management (MACM) account, within an Approved Data Centre. We will use, disclose, or retain your Personal Information for as long as necessary to fulfil the purposes for which it was collected and as permitted or required by law, which may require your data to be stored for a minimum of ten (10) years, from your last encounter with the Foundation. We will establish policies, standards, and procedures for maintaining and destroying your Personal Information which will be available to you and subject to the purpose the information was collected. We will keep your Personal Information no longer than is necessary.
- How can you review your Personal Information that we have collected, used, or disclosed?
We will make available your Personal Information, that we have collected, used, or disclosed, upon your written request, to the extent permitted by law. We will make such information available to you in the consent and collection form. You may also review your information in the MACM Portal as and when you require.
- How do you know that the Personal Information we have about you is accurate?
We will endeavour to ensure that your Personal Information is kept as accurate, complete, and up to date as necessary. However, we do not routinely update your Personal Information, unless your information is securely accessible using a Government approved Fast Health Information Resource (FHIR) Application Programming Interface (API )or other directly accessible digital service such as with ManageMyHealth™. Without such we rely on you or your regular doctor(s) to supply us with updates to your Personal Information, when required. Members can and should update their information as and when it changes, without unnecessary delay. We also issue an Annual Review Notice each year to complete and return to the Foundation.
- What if the Personal Information we have about you is inaccurate?
You can, at any time, request changes to the Personal Information we have about you. If you inform us that the Personal Information, we have about you is inaccurate or incomplete, we will amend the Personal Information where appropriate. Where appropriate, we will provide the amended information to third parties having access to your Personal Information. We require your Health Information to be clinically validated by your Health Provider(s), to protect your best interests and prevent avoidable errors.
- How do we know that it is really you requesting your Personal Information?
We may request that you provide sufficient identification to permit safe access to the existence, use or disclosure of your Personal Information. Any such identification information shall be used only for this purpose unless we have your consent to use or disclose it for other purposes. When you sign-in to the Foundations MACM Portal, you use your Te Whatū Ora ‘My Health Account’ Login, which ensures we know it is you signing in. If a Health Professional Signs-into MACM to review your information or to obtain your information, they may also use their ‘My Health Account – Workforce’ Login details, so we know they are who they say they are as well.
- How fast will we respond to your written requests?
We will attempt to respond to each of your written requests to access or correct your Personal Information, or to withdraw your consent, not later than thirty (30) days after receipt of such requests. We will advise you in writing if we cannot meet your request within this time limit and of the grounds for any extension of time. You have the right to make a complaint to the Privacy Commissioner in respect of this time limit.
- Are there any costs to you for requesting information about your Personal Information or about our privacy policies and practices?
There is no charge for obtaining a copy of our Privacy Statement. In limited circumstances, we may charge a reasonable fee to cover the cost of transcription, reproduction, or transmission of your Personal Information. We will not charge any such fee without first providing you with an estimate. You must then tell us within thirty (30) days if you accept the fee and wish to proceed with your request. If you do not notify us within that time, we will send you a further notice indicating that you will be deemed to have withdrawn your request for access unless you advise us otherwise within thirty days. If after the expiry of this thirty-day period, you have not told us whether you wish to proceed or withdraw your request, we will deem your request to have been withdrawn and provide you with written notice to that effect.
- What safeguards have we implemented to protect your Personal Information?
We have implemented physical, organisational, contractual, and technological security measures to protect your Personal Information from loss or theft, unauthorized access, disclosure, copying, use or modification. The only employees and contractors who are granted access to your Personal Information, are those with a business ‘need-to-know’ or who reasonably require such information to carry out their duties, or to protect your best interests in an accident or for medical purposes. All paper-based documents are disposed of using a secure destruction contractor. We operate a secure office facility, which only allows authorised people to enter.
- Privacy Warning Statement
Online Technology Services supplied by the Foundation such as its 'Medical Alerting Clinical Management’ (MACM) Portal, present the following ‘Privacy Warning’ to all people Signing or Logging into the Portal in an effort to mitigate unauthorised access, but also to make very clear complaints of unauthorised use may result in Prosecution. The Foundation will cooperate with investigations by the Privacy Commissioner.
“Health Information Privacy Warning
All access, including viewing and printing, is audited. Inappropriate access/use will be dealt with under the Health Information Privacy Code 2020 and the Privacy Act 2020. Complaints about potential privacy breaches may bemade to the Privacy Commissioner.
The Privacy Act allows for damages of up to $350,000 to be awarded by the Human Rights Review Tribunal.”
- How do you contact us regarding access to your Personal Information or our Privacy Policy and Practices?
All comments, questions, concerns or complaints regarding your Personal Information or our privacy policy and practices, should be forwarded to MedicAlert as follows:
In writing:
Privacy Officer
Medic Alert Foundation - New Zealand Incorporated
PO Box 40028, Upper Hutt
Wellington, 5140
New Zealand
Email:
service@medicalert.nz
or Phone:
0800 840 111
We will inform you of the relevant procedures when you make an enquiry, lodge a challenge or complaint.
MedicAlert® Foundation-New Zealand Inc.
Unit 1, 5 Gibbons Street, Upper Hutt 5018, New Zealand