Bodyworks Physiotherapy & Wellness
We need your consent (Written Consent) to collect, store, and distribute your health information.
• This consent must be in writing, and
• Be informed (we must tell you what we are doing
and why), and
• Must be used only for an appropriate reason.
o An appropriate reason is to support the provision of health services where the information is necessary and appropriate to the condition we are treating.
Types of Personal Information
We collect personal information from you, including
information such as your:
• date of birth
• contact information
• family contacts
• interactions with us
• billing or purchase information
• health history
o Appropriate to your reason for interacting with us and only with your consent
▪ Verbal consent
• NHI Number.
o It is not necessary to provide your NHI number
o We will only use your NHI number to confirm your records with other health service provides such as your Doctor or ACC.
o We do not use your NHI number for any other purpose
o We do not use it to identify you in our records.
Why We Collect Information
We collect your personal information in order to:
• provide you with appropriate health services
• comply with New Zealand Law
o Code of Health and Disability Services Consumers’ Rights 1996
o Health Practitioners Competence Assurance Act 2003
o Health (Retention of Health Information) Regulations 1996
o Allied Health Sector Standards NZS 8171;2005
o Standards New Zealand Health Records NZS 8153:2002
o Privacy Act 2020
o The Health Information Privacy Code 2020
o Injury Prevention, Rehabilitation, and Compensation Amendment Act (No 2) 2005
• liaise with other health professionals and organisations
• ensure that we are treating the right person for the right condition
• protect your rights as a health service consumer
• protect our rights as health service providers
• use this information for marketing and promotion purposes
• use this information for service cost recovery
Information is only collected from 3rd parties if you give us consent (Verbal Consent) to do so.
Sharing Your Information
Besides our staff, we share this information with:
• other health service providers, insurers, and support providers in order to comply with New Zealand law.
• other health service providers, insurers, and support providers in order to ensure you receive the appropriate health care services from ourselves and those to whom we may refer you.
• we will only ever disclose your information with an organisation or a person outside of New Zealand with your written consent
• other health service providers, insurers, and support providers in order to ensure continuity of care.
• a debt collection in order to recover unpaid service fees and other costs.
• we will only share your health information with others if you have given us your Written Consent to do so.
o You may ask to review this information before we send it.
o The health information (medical report) will not be edited or altered in anyway before it is sent.
Your Choice in Providing Information
Providing some information is optional. However,
• if you choose not to provide your personal information, including contact details, we will be unable to provide you with health services.
• if you choose not to provide Written Consent for us to access your health information, we will be unable to provide you with health services.
• you need to remember that you may have given another agency your consent to provide your health information to 3rd parties on request.
• we may make a request for your appropriate health records (or information) from a 3rd party.
o these records may include, x-rays or other radiological investigations and reports,
▪ existing treatment reports from other health service providers,
▪ condition (injury) reports from insurers or other fee payers.
o we may be unable to provide you with appropriate health service without this information.
Viewing or Correcting the Information
• you have the right to ask for a copy of any personal information we hold about you, and to ask for it to be corrected if you think it is wrong.
o we will correct personal information or grammatical errors only.
o we will not alter any health (medical report) information unless the information was submitted by a 3rd party and has proved to be
• if you would like to ask for a copy of your information, or to have it corrected, please contact us at firstname.lastname@example.org, or 09 4074288, or 2/7 Homestead Road, Kerikeri. 0230.
Your Information is Secure
• The information we collect from you and/or other parties and the information that is generated by us during the course of your interaction with us, is stored in our computer system, Gensolve.
• “Gensolve understands that the protection of your patient and practice management data is paramount. This is why our cloud solution uses a
multi-tier security model that ensures all data is encrypted, compressed and stored in a manner that passes the most stringent security audits.” (https://www.gensolve.com/cloud/)
• Our systems are password protected and our data is backed up to ‘cloud’ servers.
The Lifetime of Your Data (health records)
The Health Information Privacy Code says that health agencies should not keep medical information for any longer than they have a lawful
purpose for using that information.
• The Health (Retention of Health Information) Regulations 1996 say that health agencies must keep any health records they hold for a patient for 10 years (plus 1 day) from the last time they provided services to that patient.
• At the end of this period, any paper record we hold is destroyed under controlled conditions by a registered document destroyer!
• Electronic records are a bit more problematic and there is no clear guidance in law or regulation on their disposal other than being safe and secure.
• When necessary, our hard drives are soaked in salt water, destroying the hard disk and any data on them.
• At other times, our electronic records are protected by passwords, remote off-site storage, and back-up.
If you have a privacy issue or you consider we have not adhered to the requirements of the Act or the Code, please contact me at email@example.com or the Privacy Commissioner at
Fizzio Limited t/a Bodyworks Physiotherapy and Wellness Clinic
address is 2/7 Homestead Road, Kerikeri. 0230
p. 09 407 4288