CareHQ Privacy Policy

Effective date: June 2024

CareHQ collects and uses your personal information in various ways. In doing so CareHQ complies with its obligations under the Privacy Act 2020 and the Health Information Privacy Code 2020. This policy sets out how we collect your information, how we use it and your rights in respect of your personal information.

This policy is updated from time to time and any updates will be posted on the CareHQ website and app and will apply to any collection of your personal information after the effective date specified above.

Any reference in this Privacy Policy to “CareHQ”, “us”, “we” or “our” means CareHQ Limited.

Collecting your personal information

We collect personal information:

  • When you sign up to use CareHQ’s services on the CareHQ website or app;
  • When you enter, upload or disclose information as part of using CareHQ’s services on the CareHQ website or app; and
  • Relevant to the provision of CareHQ’s services to you.

That personal information will include but not be limited to your name, gender, date of birth, contact details, your health information and health related images or video content you chose to upload at the time of booking.

During your consultation a CareHQ GP will record relevant information from your consultation in your notes. You don’t have to share your health information notes with your usual GP, however, withholding it may affect the quality of care you receive.

The use of software scribe tools

Your doctor or nurse may use a software tool that makes it easier to write your medical notes, such as Nabla Copilot. This helps them spend more time focused on your care, and less time typing.

  • It converts your conversation with your doctor or nurse into a summary.
  • Your doctor or nurse will review and ensure the information is accurate, and appropriate before saving it to your record.
  • Your audio recording and transcription may be stored for a limited period of time in a secure server.
  • Your medical information will stay private and only shared with your consent.
  • You will be asked to consent to use this tool when you book your appointment.

Purpose of collection and use of personal information

CareHQ will use your personal information only for the following purposes:

  • To set up your account on the CareHQ website or app;
  • To provide you with CareHQ’s services including healthcare and treatment, including referrals and any other services that may be required to meet your health needs;
  • To keep a record of your healthcare and treatment;
  • To determine your eligibility to receive publicly funded services;
  • To determine your eligibility for a subsidised consult from Southern Cross Health Insurance;
  • To secure or confirm funding from others for any subsidised consults you have received;
  • To provide you with information (including promotional material and news).

We will only share your personal information:

  • With other CareHQ employees, contractors, and third-party providers involved in your healthcare;
  • In some cases with HealthOne;
    HealthOne is a South Island based secure electronic record that allows registered healthcare providers directly involved in your healthcare, to quickly access information such as your test results, allergies, medications, GP summaries and hospital information. HealthOne adheres to the principles of the Privacy Act 2020 as well as the Rules set out in the Health Information Privacy Code 2020. Access is only possible via an approved highly secure healthcare information network which is regularly audited and tested. Privacy auditing is used to check that only those directly involved in your care are accessing your information. To find out more about HealthOne please visit https://healthone.org.nz/. Please note that you are entitled to restrict the sharing of your healthcare records by contacting 0508 837 872 or emailing HealthOne.privacy@pegasus.health.nz
  • With Southern Cross Health Insurance to keep Southern Cross informed of the number of its members accessing CareHQ and to adjudicate eligibility for, or confirm access to, funding for consults. The personal information that CareHQ provides to Southern Cross will not include any health information. Southern Cross may use the information we provide to confirm their funding of your consultation;
    • Once provided to Southern Cross, they will have responsibility for any personal information CareHQ provides and will hold and process that personal information in accordance with Southern Cross’s Privacy Policy.
  • With your enrolled GP unless you advise CareHQ not to during the consult.
  • With agencies such as Te Whatu Ora, ACC, Public Health Organisations, the Ministry of Health or any other organisation where they are involved in your healthcare or where they operate electronic records that allows registered healthcare providers directly involved in your healthcare, to quickly access information such as your test results, allergies, medications, GP summaries and hospital information.

How we store your personal information

We use our best efforts to keep your information secure, confidential and protected. Your information will be kept securely to prevent unauthorised access. Your health information is stored with a secure cloud service hosted in the Asia Pacific region (Sydney).

CareHQ's software vendor is Valentia Technologies Limited, and we use their indici platform. Valentia is fully certified for ISO 9001 (quality management system) and ISO 27001 (information security management system) undergoing annual recertification audits. To further ensure the security of our clients’ data, our software vendor is SOC 2 Type II certified. SOC 2 certification is a gold standard in information security. CareHQ is also HISO 10029 Health Information Security Framework compliant meeting NZ Ministry of Health information storage standards.

Access to and correction of personal information

You may at any time request access to, or (if necessary) correction of, any personal information about you held by CareHQ by contacting care@carehq.co.nz. You don’t have to explain why you’re requesting that information but may be required to provide proof of your identity. If you request a second copy of that information within 12 months, you may have to pay an administration fee. If you ask for your personal information to be corrected CareHQ should provide you with reasonable assistance. If CareHQ chooses not to change that information, you can have this noted on your file.

Information quality

CareHQ is required to keep your information accurate, up-to-date, and relevant for your treatment and care.

Use of cookies

The CareHQ website and app uses both non-persistent and persistent cookies to manage visits to the site. Non-persistent cookies are temporary and are deleted when a browser session is closed and persistent cookies are used in order that third party vendors, such as Google, can serve ads based on a user's prior visits to the CareHQ website (and app).

Other than as noted above, information about a visit to the CareHQ website (and app) is not permanently stored on a visitor's personal computer.

While CareHQ recommends that you enable cookies to enjoy all the features of CareHQ website and app, this is entirely up to you.

Website and app analytics

CareHQ uses services such as Google Analytics, which will issue cookies from their own servers and which will be able to track website (and app) visitors throughout the CareHQ website (and app) and through any other sites that use those services. CareHQ does not control how those cookies are issued, or the data that they store. Please refer to the Google Analytics Privacy Policy for more information.

Use of data and information collected from website and app visits

CareHQ will not sell or reveal information obtained about its visitors to anyone outside of CareHQ unless:

  • It is specifically authorised by the visitor;
  • It is legally required to do so; or
  • Such disclosure is required to protect the safety of employees, visitors, customers, or property.

Use of email or mobile number for customer communications

During your interactions with us via the CareHQ website or CareHQ app you can supply an email address or mobile number which we will use to contact you about our service. CareHQ does not sell or rent email addresses or mobile numbers to third-party organisations.