Contents
What Is A Privacy Policy?
A Privacy Policy is a document that discloses the way your business handles personal information to each person from whom you collect personal information.
A Privacy Policy sets out what personal information you collect, and how that information will be used by you and/or disclosed to third parties.
Whether you’re a health service provider or not, whenever you collect sensitive and health information, there are additional regulations that apply — meaning you may need a Health Service Provider Privacy Policy.
Our Health Service Provider Privacy Policies are consistent with the New Zealand Privacy Principles.
Do I Need A Privacy Policy?
Privacy Policies are generally required for businesses in New Zealand under the Privacy Act 2020, especially if you are handling personal information.
There are specific obligations for agencies, which include any entity that handles personal information, regardless of size. This includes businesses that collect, store, use, or disclose personal information.
If you hold health information, you are considered to be a health agency under the Privacy Act 2020.
Health information is particularly sensitive and includes details such as:
- Notes on symptoms a patient may have
- Information on a person’s diagnosis or health services they will receive
- Test results or specialist reports
- Prescriptions and other medication
- General personal information collected by a health service provider
You can find more details on what constitutes health information here.
For health information, you’ll need to ensure you comply with the Health Information Privacy Code 2020 when collecting, using, and disclosing health information.
How Do I Use A Privacy Policy?
Your Privacy Policy should be easily accessible, for instance, by attaching it to your Terms and Conditions.
For example, you may have a checkbox for users to select ‘I agree’ to your Terms and Conditions and Privacy Policy when signing up or making transactions on your website.
It is also good practice to place a link to your Privacy Policy in your website footer, ensuring it is easily accessible to all users.
Privacy Policy (Health Service Provider) Example
Raj is starting a telehealth physiotherapy practice in New Zealand, where his clinic will provide online video consultations, rather than face-to-face ones.
For their initial screening and consultation, patients will be asked a series of questions when creating a user account or booking an appointment time.
These questions include details about the patient’s prior medical history, any symptoms they have, and what medication they’re currently taking.
Regardless of whether or not the patient goes ahead with the consultation, or the clinician recommends the patient needs a face-to-face consultation, Raj’s website is required to have a Health Service Provider Privacy Policy under New Zealand law.
This is because he is collecting sensitive health information — regardless of whether the patient ends up using his services or not.
Need Help With A Privacy Policy?
Creating a Privacy Policy can be a complex process, as it’s crucial to know what to include and how to phrase it appropriately.
It is advisable to seek legal assistance with this process, as getting it right from the start can prevent disputes and ensure compliance.
At Sprintlaw, we have a team of experienced lawyers who can assist you with drafting or reviewing your Health Service Provider Privacy Policy.
If you have any questions about whether you need a Privacy Policy or need help drafting one, we’re here to assist!
Contact us at [email protected] or give us a call at 0800 002 184.
Get in touch now!
We'll get back to you within 1 business day.
Top 3 Legal Mistakes
Book in a free consultation with us to discuss your legal needs.