BOOK ONLINE

Privacy Policy for Balance Works Physiotherapy

1. Information We Collect

   – Personal details: Name, date of birth, gender

   – Contact information: Phone number, email, address

   – Health information: Medical history, current conditions, medications

   – Treatment details: Assessment findings, treatment plans, progress notes

   – Ethnicity (to provide culturally appropriate services)

   – Emergency contact details

   – ACC claim information (if applicable)

   – Health insurance details (if applicable)

2. Why We Collect This Information

   – To provide appropriate physiotherapy treatment

   – To maintain accurate health records as required by law

   – To communicate with you about your treatment

   – To liaise with other healthcare providers involved in your care

   – For billing and administrative purposes

3. How We Use Your Information

   – To assess your health needs and provide appropriate care

   – To communicate with you about appointments and treatment

   – To improve our services and conduct quality assurance

   – For teaching and research purposes (anonymized data only)

4. Sharing Your Information

   We may share your information with:

   – Other healthcare providers involved in your care

   – ACC (for injury-related claims)

   – Health insurance providers (with your consent)

   – Regulatory bodies or legal authorities (if required by law)

   We always seek your consent before sharing your information, except in emergencies or when required by law.

5. Data Security

   – We use secure, cloud-based storage (Cliniko) for patient records – Cliniko online health practice management software platform. Data is backed-up daily using AES-256 encryption algorithm (248-bit SSL). Data is stored in Australia in highly secure facilities. Access to the Genetic Insight Cliniko account is restricted to authorised staff only and requires 2-factor authentication to access.

For more information about Cliniko, their security and privacy details can be found here: https://www.cliniko.com/security/

   – Two-factor authentication is required for access

   – Access is limited to authorized staff only

   – Other data may be stored on a personal computer that is not connected to a network. Access to the laptop is password protected, with 2-factor authentication.

   – Your personal information will stay on the database indefinitely until you advise you would like it removed, unless we de-identify it or destroy it earlier in accordance with privacy law requirements.

    – Physical documents are scanned and securely destroyed

6. Retention of Information

   We retain your health information for a minimum of 10 years from the last treatment date, as required by the Health (Retention of Health Information) Regulations 1996.

7. Your Rights 

You have the right to:

  • Access the personal information we hold about you
  • Request correction of any inaccurate data
  • Request deletion of your data, subject to legal requirements
  • Withdraw consent for the use of your data, where applicable

If you wish to access or update your personal information, please contact us at lisa@balanceworks.co.nz For your protection, we will take reasonable steps to verify your identity before granting access to or making any corrections to or deletion of your information. 

We also have obligations to take reasonable steps to correct personal information we hold when we are satisfied that it is inaccurate, out- of-date, incomplete, irrelevant or misleading for the purpose for which it is held.

In most cases, we can provide you with a summary of your information free of charge. However, in some circumstances, reasonable costs may be charged to you in accessing your information in accordance with and subject to the New Zealand Privacy Laws.

Your rights to access personal information are not absolute and in certain circumstances, privacy laws dictate that we are not required to grant access such as:

  • access would pose a serious threat to the life, safety or health of any individual or to public health or public safety
  • access would have an unreasonable impact on the privacy of other individuals
  • the request is frivolous or vexatious
  • denying access is required or authorised by a law or a court or tribunal order
  • access would be unlawful, or
  • access may prejudice commercial negotiations, legal proceedings, enforcement activities or appropriate action being taken in respect of a suspected unlawful activity or serious misconduct.

 

8. Changes to This Policy

   We may update this policy periodically. Any significant changes will be communicated to you.

9. Complaints

    If you have concerns about how we handle your information, please contact us. You also have the right to contact the Privacy Commissioner.

10. Contact Us

    For any privacy-related queries, please contact:

    Lisa Johnstone, lisa@balanceworks.co.nz

This privacy policy adheres to the Health Information Privacy Code 2020 and the Privacy Act 2020.