Privacy Statement

Eastern Bays Health Centre is committed to protecting your privacy, in line with our obligations under the Health Information Privacy Code.

We are a member of Tū Ora Compass Health Primary Health Organisation (PHO).

This statement explains how we collect, use, store, and share your health information, and the rights you have in relation to that information. We are required to keep your information accurate, up to date, relevant for your treatment and care, and secure.

Your health record belongs to you. You can see it, ask us to correct it, and find out how it’s been used.

You directly consent to your health information being collected when you sign an enrolment form to register with this practice.

When we collect your information

We collect health information about you when:

  • You enrol with this practice
  • You attend an appointment or receive care
  • We receive information about you from other health services involved in your care

What information we collect

We may collect the following information:

  • Demographic information – such as your name, date of birth, gender, address, ethnicity, citizenship status, and National Health Index (NHI) number
  • Health information – such as medical conditions, medications, allergies, immunisations, test results, and clinical notes
  • Information about health care and treatment you have received, are receiving, or have been referred for
  • Information about financial transactions with the practice

How we collect information

Information collected directly from you

We usually collect information directly from you. We will explain why the information is needed, how it will be used, and any choices you have about its use.

Information collected from other sources

We may also collect health and personal information about you from other sources where this is lawful, appropriate, and necessary for your care.

These sources may include:

  • Other health care providers involved in your care (such as hospitals, specialists, urgent care centres, telehealth services, midwives, allied health providers, Well Child/Tamariki Ora providers, laboratories, and radiology services)
  • National health information systems, such as the National Enrolment Service (NES), Aotearoa Immunisation Register, National Screening Unit (cervical, bowel, breast and newborn screening programmes), and e prescribing systems
  • Pharmacists and pharmacy services, including information about medicines prescribed or dispensed
  • Public health authorities, where reporting is required by law (for example, notifiable conditions)
  • Whānau, carers, or support people, where you have given consent or where this is necessary for your care and safety
  • Government agencies or authorised organisations, where collection is permitted or required by law (such as police notification of firearms license)
  • If you provide a service with our details as your medical centre (for example, audiology, optometry, dentistry, or physiotherapy), we may receive information about your health care from that service.

If we receive information about you indirectly that is not included in the scenarios above, and it isn’t clear you know it has been shared with us, then we will take reasonable steps to inform you about what we have received.

How we use your information

Your health information may be used to:

  • Provide you with safe and effective health care
  • Assign and manage your National Health Index (NHI) number
  • Check eligibility for publicly funded health services
  • Support and delivery of PHO and publicly funded health programmes (such as screening,
  • immunisation, and chronic condition management)
  • Support health service planning, funding, reporting, and quality improvement
  • Process funding claims and payments

Who we share your information with

We may share relevant health information with:

  • Other health providers involved in your care, such as pharmacies, hospitals, specialists, laboratories, and radiology services
  • Tū Ora Compass Health PHO, Health New Zealand, Ministry of Health for planning, funding, and delivery of health services
  • ACC, with your consent or where it is permitted by law
  • Government agencies that assess eligibility for publicly funded services
  • Auditors, to confirm services and funding claims
  • Other organisations at your request, such as insurers or agencies requiring medical reports
  • Other parties where sharing is required or permitted by law under the Health Information Privacy Code

Information shared for planning, funding, or statistical purposes is not allowed to be published in a way that could reasonably identify you.

Research

Health information that does not identify you may be used for research that has been approved by an Ethics Committee.

Shared health records

This practice contributes to an electronic shared health record that allows authorised health providers to access a summary of your health information when needed for your care.

You can choose to:

  • Opt off the shared record entirely
  • Exclude information from specific providers
  • Exclude specific information (such as a condition or medication)

Please talk to us if you would like to limit what is shared in this record. Opting out may mean clinicians have less information in urgent situations.

Artificial Intelligence

We may use AI supported tools to assist clinicians with tasks such as making clinical notes during your consultation. These tools do not make decisions about your care. Information processed by AI is secure and reviewed by a clinician before being added to your record. You can ask for more information about the AI tools we use, or for these tools to be turned off during your consultation.

Your choices

You can talk to us if you want to limit how your information is used. Some uses are required by law or necessary for safe care, and we will explain any impacts on your care or access to services.

For people under 16, we follow health and privacy laws to decide when information can be shared with parents or caregivers. Information may be withheld if sharing would place a young person at risk.

Visiting another practice

If you are under 18, or have a High User Health Card, or Community Services Card, and you visit a GP who is not your regular doctor, the place you are enrolled with for usual care will be informed of the date of that visit. The name of the practice you visited and the reason for the visit will not be disclosed unless you have agreed to this.

Accessing and correcting your information

You have the right to:

  • Access the health information we hold about you
  • Request corrections if information is incorrect or incomplete

We may need to confirm your identity before releasing information. If we cannot make a requested correction, we will explain why and add a note to your record.

If you ask for a second copy of the same information within 12 months, there may be an administration fee.

Storage, security, and retention

Your health information is stored in our practice management and IT systems. When information is shared with organisations such as the PHO, shared health records, or Health New Zealand, we use secure systems that meet the HISO 10029:2022 Health Information Security Framework.

We keep your information for as long as required by law. Paper records may be securely destroyed once they have been safely digitised.

Website Specific Privacy Information

This Privacy Statement also applies to our website and governs associated data collection and usage. By using our website, you consent to the data practices described in this statement.

There is also information about your computer hardware and software that is automatically collected by our website. This information can include: your IP address, browser type, domain names, access times and referring Web site addresses. This information is used for the operation of the service, to maintain quality of the service, and to provide general statistics regarding use of the Practice website.

We encourage you to review the privacy statements of websites you choose to link to from the Practice web site so that you can understand how those websites collect, use and share your information. We are not responsible for the privacy statements or other content on Web sites outside of the Practice website.

Use of your Personal Information

We may collect and uses your personal information to operate our website and deliver the services you have requested.

We keeps track of the pages our customers visit within our website, in order to determine what services are the most popular. This data is used to deliver contextually specific content.

Use of Cookies

Our website uses "cookies" to help you personalise your online experience. A cookie is a text file that is placed on your hard disk by a web server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you.

One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the web server that you have returned to a specific page. For example, if you personalize Practice website pages, or register with the Practice site or services, a cookie helps the Practice to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on.

When you return to the same Practice website, the information you previously provided can be retrieved, so you can easily use the Practice features that you customized.

You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Practice services or websites you visit.

Security of your Personal Information

We secure your personal information from unauthorized access, use or disclosure.

We secure the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. When personal information is transmitted to other websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.

If something goes wrong

If a privacy breach occurs that could affect you, we will notify you and, where required, the Office of the Privacy Commissioner.

Questions or concerns

If you have questions or concerns about how your information is handled, please talk to us. If you are not satisfied, you can contact the Office of the Privacy Commissioner on 0800 803 909 or visit www.privacy.org.nz.

Changes to this statement

This Privacy Statement may be updated from time to time. The most current version will be available at the practice and on our website and we encourage you to periodically review this Statement.

April 2026

Reach out to us

Get In Touch

If you have a query, fill out the form adjacent and we'll be in touch. We cannot take appointment requests through this form or via email.  

For appointments, please call us or book through ManageMyHealth.

 If your enquiry is urgent please contact us by phone.

admin@ebhc.co.nz
04 387 9758
Mon to Fri 8:00AM - 5:00PM
21 Mahora Street, Kilbirnie, Wellington

Send us a message

For appointments, please call us or go to your ManageMyHealth portal.

Trust the Eastern Bays Health Centre team to provide the highest levels of care in Kilbirnie and the Eastern Suburbs.
Virtual After Hours Consultations
Privacy Statement
© 2024 Wellington Medical Group
Sitemap
HomeTeamServicesFeesPrescriptionsHow we workQuick GuidesEnrolContact
Contact
admin@ebhc.co.nz04 387 9758
Mon to Fri 8:00AM - 5:00PM
21 Mahora Street, Kilbirnie, Wellington
EDI: ebayhcen
www.wellingtonmedical.co.nz