Introducing our new Accessibility & Inclusion toolbar! Click here for our user guide

PATIENT PRIVACY STATEMENT

Introduction

At Auckland Eye Limited (AEL), (“we”, “our” or “us”) are committed to protecting the privacy and confidentiality of personal information and adhere to the Privacy Act 2020, Health Information Privacy Code 2020 and other relevant legislation.  The Privacy Act 2020 regulates us through the Information Privacy Principles as to how we collect, hold, access, manage, use, disclose and dispose of patient personal information.  For more information on these principles and codes, visit the Office of the Privacy Commissioner website https://www.privacy.org.nz/.

What personal information do we collect?

We collect personal and health information to ensure safe and effective healthcare. This includes details such as your name, contact information, date of birth, occupation, GP and emergency contact details, NHI number, and health insurance information (if applicable). We also collect medical history, family medical history, diagnoses, treatment plans and outcomes, test results, and information from allied healthcare providers involved in your care.

HOW DO WE COLLECT PERSONAL INFORMATION?

  • We collect your personal information directly from you whenever possible, such as during in-person visits, phone or email communications, online enquiry forms, and when you complete admission or administrative paperwork. This can occur before, during, or after your admission at our surgical facility, including through your doctor’s rooms or during the surgical admission process. When you browse our website without submitting any forms, no personal information is collected unless you choose to provide it. We also use CCTV in certain areas for safety and security, which may occasionally capture personal information.
  • We may also collect information from third parties involved in your care, such as medical practitioners, healthcare providers, health insurers, treatment funders, or anyone you’ve authorised (e.g., a relative or person with power of attorney). If needed, we may access relevant health records held by others to support your treatment. In most cases, you will have already provided consent to share this information, either to the third party or directly to us. However, if you do not provide or consent to the collection of necessary information, we may be unable to offer you appropriate treatment or care.

HOW DO WE USE AND DISCLOSE PERSONAL INFORMATION?

We only use or disclose your personal information for purposes directly related to its original collection, for any purpose you’ve authorised, or where required or permitted by law. This includes delivering your requested clinical or surgical treatment, communicating about your care, verifying your identity and insurance, and coordinating with your health insurer. We also use your information for administrative functions such as billing, payments, and debt collection; managing feedback or complaints; complying with legal obligations; and performing tasks like accounting and risk management. Additionally, your information may support service improvement through research, patient surveys, and enhancements to our systems and infrastructure.

HOW PERSONAL INFORMATION IS DISCLOSED

We are committed to maintaining the confidentiality of your personal information. It is only disclosed for purposes directly related to your care or as outlined in this Privacy Statement. Common disclosures include sharing information with your nominated general practitioner to support ongoing care after discharge—unless you request otherwise—and providing general updates about your condition to close family members, in line with standard medical practice.

From time to time, we work with trusted affiliated healthcare providers and share diagnostic testing equipment. These providers may access your information through this equipment as part of your care. We enforce strict confidentiality policies and non-disclosure agreements to protect your information from unauthorised access or misuse.

In general, your personal information may be disclosed to third parties:

  • With your consent;
  • To your GP, medical practitioner, or other healthcare providers;
  • To government, law enforcement, or regulatory bodies as required;
  • To treatment funders for settlement or audit purposes;
  • In emergencies where consent is not required;
  • To any other person or entity authorised by you;
  • Where otherwise permitted or required by law.

All third-party use of your information is limited strictly to the purpose for which it was disclosed.

YOUR CONSENT

  • By engaging with our services, you provide consent for us to collect, use, and share your personal and health information with third parties as outlined in this Privacy Statement. While sharing your information is voluntary, not doing so may limit the services we can provide.
  • You consent to us using your personal information to confirm your identity, verify appointment details, and ensure your information is accurate—both directly and through peripheral locations.
  • When you register with us, you voluntarily agree to the use of any images or photographs taken during your consultation for training and educational purposes.  Additionally, some of our doctors use a transcription tool called Heidi to document consultations in real time. No recordings are stored, and Heidi complies with the Privacy Act 2020 and New Zealand’s Information Privacy Principles.

HOW PERSONAL INFORMATION IS HELD AND SECURED

  • We store personal information in both paper and electronic formats, and take extensive measures to protect it from misuse, loss, damage, and unauthorised access. Our doctors and employees are responsible for handling your information confidentially and securely, with access strictly managed through identity and access controls.
  • All staff undergo information security training, and we regularly monitor compliance with our internal policies and industry best practices. By law, health information must be retained for at least 10 years.
  • Electronic data is stored securely in datacentres located in New Zealand or Australia, managed either by us or our trusted service providers. These facilities have strict physical access controls, and all data is protected with multi-factor authentication, daily backups, and cybersecurity measures such as firewalls, virus scanning, and intrusion detection systems.
  • While we maintain strong security protocols, we cannot guarantee the security of information transmitted to us over the internet. Any such transmissions are at your own risk.
  • We also use a secure disposal system to destroy physical records no longer needed, while electronic records are safely retained within our systems.
  • We are committed to taking all reasonable steps to protect your information in accordance with the Privacy Act and Health Information Privacy Code.

CHANGES TO THIS STATEMENT

We will occasionally update this Patient Privacy Statement to reflect company and patient feedback. We encourage you to periodically review this Statement to be informed of how we are protecting your information.

Request a Callback

or

Select your preferred location