Privacy

Privacy Statement

This is an overarching privacy statement to inform you of how Clutha Health First (referred to as CHF, “we” and “us”) will handle the personal and health information in our care.

 

About this Privacy Statement

Clutha Health First will handle your information in line with our obligations under the Privacy Act 2020, Health Information Privacy Code 2020, and other relevant legislation or guidelines.

 

Health Information Privacy Code 2020

This statement does not replace more specific Clutha Health First privacy statements on our consent forms, or other ways that we may communicate with you in your specific circumstances – such as the General Practice Enrolment Form or Consent forms for Secondary Services at Clutha Health First.

Clutha Health First recognises the Government’s Data Protection and Use Policy (DPUP) external link and aims to apply the DPUP principles to ensure that we are respectful, trusted and transparent when collecting and using people’s personal and health information.

We may update this privacy statement from time to time. Please check this privacy statement regularly for modifications and updates.

 This privacy statement was last updated on 8 May 2026.

 

Our purpose

Clutha Health First provides services of Primary Care (General Practice) and Secondary Care services (Inpatient Ward, Maternity, Outpatient and community health services).  In order to provide health services to our district, we need to collect, use and share information about people receiving healthcare with other agencies

We also need to collect, use and share information about those people that are impacted by our monitoring and compliance activities.

 

Why we collect personal and health information and how we use it

We may collect your personal (information about you) and health (information about your health) information so we can:

  • support and enable the provision of appropriate care and treatment.
  • plan for and fund health services within the Clutha District
  • carry out teaching or research purposes
  • monitor quality of care/treatment delivery
  • maintain and improve the services we deliver including the quality of our services (for example feedback, enquiries, and other communications)
  • inform you of health services that may be relevant to you, for example, vaccinations or screening programmes
  • carry out monitoring and compliance activities
  • meet our objectives and functions set out in Pae Ora and Clutha Health First Corporate Objectives

We may use information for research or statistical purposes. When this happens, steps will be taken to make sure information is not published in a way that identifies any individuals.

 

What Personal and Health Information We Collect

We collect information about you such as your name, date of birth, NHI (if known), address and contact details. This information helps us to correctly identify you and to contact you if and when necessary.

We will also collect information relevant to your health and the health service/s you have already and are accessing, such as your current symptoms and previous medical history. 

 

How we Collect Your Information

We aim to collect any personal or health information from you directly, however if this is not possible or practical we may collect it from another person — for example a whānau member or other support person who is with you at hospital. If this happens, we will check the information with you for accuracy as soon as practical.

When collecting your information, we will explain the purpose for collection, how we will handle and protect your information, and the choices you have. We will ensure we provide you with sufficient detail to have a good understanding and, where appropriate, make informed choices regarding the collection and handling of your personal and health information.

In many cases, it will not be mandatory to provide the information. However, if you choose not to, we may not be able to provide appropriate support you seek or require. 

 

CCTV

CCTV cameras are operating in some areas of our hospital, such as the entrances and reception areas, waiting areas and corridors, external public areas.  This is to keep our patients, visitors, and kaimahi safe.

 Where we have concerns regarding threats to the safety of people or property, we will engage an appropriate authority (such as the NZ Police) and CCTV footage, if still available, may be released to support the purpose of collection.

 Clutha Health First may engage third parties to support the security function and/ or deliver threat risk assessments to enable us to meet our objective of keeping people and assets safe. Release of CCTV footage to these third parties may be required to deliver this outcome.

 

How we Indirectly Collect Your Information

At times, Clutha Health First may collect personal information about you from other sources, for example from another person or organisation, when it is necessary to provide you with health services, to co-ordinate services, to keep you or others safe, or to meet our objectives or functions, including regulatory and compliance activities.

As a health consumer, the information we receive about you may include details about your health, treatment, or support needs, your contact or demographic details, or other information relevant to your wellbeing and care. We collect this information to ensure your care is connected, safe and effective and where it is lawful and necessary to do so under the Privacy Act 2020 and the Health Information Privacy Code 2020.

If we receive information about you as part of our regulatory and compliance activities, that information may include your contact or demographic details, information verifying your identity, information relating to your business undertakings and your suitability to hold or continue to hold a license. We collect this information to carry out activities where it is lawful and necessary to do so under the relevant legislation.

 

As a Health Agency we Receive Information:

  • For your direct care (including referrals and shared care)
  • For coordinated care across health, social or community services
  • For eligibility, administration and funding decisions
  • To arrange support services that help facilitate your care
  • For events, complaints, investigations, and enquiries
  • For health system planning and improvement
  • For regulatory, compliance, and monitoring purposes
  • For public health and safety

 

How we Share or Disclose Information

In most cases we require your authorisation before we share information that is about you with somebody else.

We may share your information with other healthcare professionals and agencies involved in your care and treatment. It is normal practice to give necessary and relevant information about you to:

  • your GP
  • the health care professional who referred you
  • your community nurse, or
  • other healthcare professionals involved in your ongoing care at Clutha Health First, or Health New Zealand services

In some circumstances your information may be shared with your whānau (family) support people or with other agencies — for example ACC, the Police, Oranga Tamariki). This may happen:

  • if you have authorised this sharing
  • if we think it is necessary for your care and treatment
  • for your safety or the safety of others, or
  • if authorised by law.

We may also provide your information to the Ministry of Health and other government agencies that require us to provide information for administrative, legal, contractual, statistical, research or public health purposes. 
 
We treat your personal and health information as confidential and have processes to keep your information protected.

We may share your information with our contracted service providers to hold your information on our behalf and provide us with services like software, applications and other technology solutions. We do this so that we can efficiently deliver and manage your care and treatment and for the other purposes set out above. We will take such security safeguards as are reasonable in the circumstances to take to continue to protect that information because Clutha Health First / Health NZ remains responsible for your information that our contracted service providers hold on our behalf.

We may also provide your information to other organisations on a need-to-know basis if it is required to carry out our business operations provided that we have appropriate security measures in place.

 

Accessing Your Information

You have the right to request access to the information that we hold about you.
 
The length of time required to collate information will depend on the volume and nature of information requested, particularly where information is held in different places or systems. To help us be able to respond to your request in a timely way, please be as specific as possible about the information you require.  Sometimes we may contact you to clarify your request.
  
It may take up to 20 working days for us to respond to your request, however, all efforts are made to process all requests as quickly as possible. If your request is urgent, you must provide a reason for the urgency and the timeframe within which you require the information, and all efforts will be made to meet this timeframe.  
  
If we are unable to meet the 20-working day timeframe, we will be in contact with you. 
 
Before releasing any of your information, we will check it to make sure that it can be released to you. Some of your information may be legally withheld in certain circumstances, for example where your health or the privacy or safety of another person is at risk. If this happens, we will tell you why the information is being withheld.

For more information about getting your information, read:

  • Requesting health information fact sheet

 

To request your personal health information, complete a:

  • Clutha Health First Release of Personal Health Information Request form

  

Correcting Your Information

You have the right to request a correction to your information if you think it is wrong.

 

You can make a request by:

  • asking the clinical staff treating you
  • emailing feedback@chf.co.nz

If we cannot make the requested changes we will let you know.

A statement with a record of your request will be kept with your information.

 

Storage and Security of your Information

We take reasonable steps to ensure your personal and health information is protected against loss, unauthorised access, use, modification, disclosure, or other misuse.

 

How Long we Keep your Information

Under the Public Records Act 2005, personal and health information must be retained for the applicable period set out in the Functional Disposal Authorities (DA707) approved by the Chief Archivist.

Sometimes we may destroy original or source information once it has been digitalised. This helps us to meet our retention requirements. Source information will only be destroyed when certain conditions are met. The electronic form of the information then becomes the authoritative record. 

 

Artificial Intelligence

We are committed to protecting your personal information when using artificial intelligence (AI) technologies.

We use AI to improve healthcare services while applying appropriate privacy controls and safeguards. We do not allow AI to collect information about you.

When we use AI, it operates in a closed environment that means your personal information will not leave Clutha Health First’s technology and cannot be used to design or make commercial AI technology or generative AI (such as large language models).

In some cases, there is short term disclosure to AI technology providers for support or to utilise the AI technology. In these situations, personal information is deleted shortly after disclosure and is never used to train commercial AI models or improve third-party products.

We may use AI technology to:

  • Write code, which does not include the use of any personal information
  • Provide transcription services (automatically dictate letters or clinical reports)
  • Automatically transcribe consultations (automatically provide a summary of the clinical consultation and document this in the patient record)
  • Provide document summary, generation, and knowledge resources for staff, including training using chatbots and generative AI writing and knowledge tools such as Microsoft Copilot, Heidi Health
  • Read, analyse, or review clinical information to provide preliminary results (such as initial review of images, x-rays, scans, or mammograms, ECG’s)

Many of these activities are in a pilot phase and are being carefully tested on a limited basis to ensure the risks and benefits are fully understood before they are more widely introduced.

Any information generated by AI, which might have an impact on patient records or clinical decision making, is reviewed by the responsible clinician before it becomes part of the clinical record or decision.

We do not use AI to make automated decisions about your healthcare. When AI is used by clinicians, it serves as a tool to assist clinicians. Where this occurs, final decisions about your diagnosis, treatment, and care remain with qualified healthcare professionals.

We may, where it is legally acceptable, agree ethically approved research which utilises, or tests artificial intelligence, and this activity may include the inclusion of personal information into generative or other kinds of AI. Participants in this kind of research are informed about the activity before it takes place.

 

Contact the Privacy Team

If you have any queries or concerns about how your personal or health information has been managed, please contact us to see if we can resolve the problem. You can:

  • email us at feedback@chf.co.nz

 

If you are not satisfied with our response to your concerns, you can contact the Office of the Privacy Commissioner. For more information see the Office of the Privacy Commissioner website.

Office of the Privacy Commissioner

Cant find what you are looking for?

About Us Our Services Visiting a Patient?