Check Covid-19 symptoms here

CareHQ Privacy Policy

Effective date: 1 December 2022

CareHQ collects and uses your personal information in various ways. In doing so CareHQ complies with its obligations under the Privacy Act 2020 and the Health Information Privacy Code 2020. This policy sets out how we collect your information, how we use it and your rights in respect of your personal information.

This policy is updated from time to time and any updates will be posted on the CareHQ website and app and will apply to any collection of your personal information after the effective date specified above.

Any reference in this Privacy Policy to “CareHQ”, “us”, “we” or “our” means CareHQ Limited.

Collecting your personal information

We collect personal information:

  • When you sign up to use CareHQ’s services on the CareHQ website or app;
  • When you enter, upload or disclose information as part of using CareHQ’s services on the CareHQ website or app; and
  • Relevant to the provision of CareHQ’s services to you.

That personal information will include but not be limited to your name, gender, date of birth, contact details, and your health information.

During your consultation a CareHQ GP will record relevant information from your consultation in your notes. You don’t have to share your health information notes with your usual GP, however, withholding it may affect the quality of care you receive.

Purpose of collection and use of personal information

CareHQ will use your personal information only for the following purposes:

  • To set up your account on the CareHQ website or app;
  • To provide you with CareHQ’s services including healthcare and treatment, including referrals and any other services that may be required to meet your health needs;
  • To keep a record of your healthcare and treatment;
  • To determine your eligibility to receive publicly funded services;
  • To determine your eligibility for a subsidised consult from Southern Cross Health Insurance;
  • To secure or confirm funding from others for any subsidised consults you have received;
  • To provide you with information (including promotional material and news).

We will only share your personal information:

  • With other CareHQ employees, contractors, and third-party providers involved in your healthcare;
  • In some cases with HealthOne;
    HealthOne is a South Island based secure electronic record that allows registered healthcare providers directly involved in your healthcare, to quickly access information such as your test results, allergies, medications, GP summaries and hospital information. HealthOne adheres to the principles of the Privacy Act 2020 as well as the Rules set out in the Health Information Privacy Code 2020. Access is only possible via an approved highly secure healthcare information network which is regularly audited and tested. Privacy auditing is used to check that only those directly involved in your care are accessing your information. To find out more about HealthOne please visit https://healthone.org.nz/. Please note that you are entitled to restrict the sharing of your healthcare records by contacting 0508 837 872 or emailing HealthOne.privacy@pegasus.health.nz
  • With Southern Cross Health Insurance to keep Southern Cross informed of the number of its members accessing CareHQ and to adjudicate eligibility for, or confirm access to, funding for consults. The personal information that CareHQ provides to Southern Cross will not include any health information. Southern Cross may use the information we provide to confirm their funding of your consultation;
    • Once provided to Southern Cross, they will have responsibility for any personal information CareHQ provides and will hold and process that personal information in accordance with Southern Cross’s Privacy Policy.

Your CareHQ GP will ask you whether you would like to share the notes from your consultation. As the patient of a CareHQ GP you have the choice to:

  • Give permission for the notes from the CareHQ consultation to be sent to your regular GP;
  • Give permission for the notes from the CareHQ consultation to be sent to other platforms or networks for sharing patient records that are widely supported by GPs. These are intended to facilitate improvements to the quality of care, i.e. between pharmacies, GP practices, urgent care etc;
  • Not share the notes from the CareHQ consultation.

How we store your personal information

We use our best efforts to keep your information secure, confidential and protected. Your information will be kept securely to prevent unauthorised access. Your health information is stored with a secure cloud service hosted in the Asia Pacific region (Sydney).

CareHQ's software vendor is Valentia Technologies Limited, and we use their indici platform. Valentia is fully certified for ISO 9001 (quality management system) and ISO 27001 (information security management system) undergoing annual recertification audits. To further ensure the security of our clients’ data, our software vendor is SOC 2 Type II certified. SOC 2 certification is a gold standard in information security. CareHQ is also HISO 10029 Health Information Security Framework compliant meeting NZ Ministry of Health information storage standards.

Access to and correction of personal information

You may at any time request access to, or (if necessary) correction of, any personal information about you held by CareHQ by contacting care@carehq.co.nz. You don’t have to explain why you’re requesting that information but may be required to provide proof of your identity. If you request a second copy of that information within 12 months, you may have to pay an administration fee. If you ask for your personal information to be corrected CareHQ should provide you with reasonable assistance. If CareHQ chooses not to change that information, you can have this noted on your file.

Information quality

CareHQ is required to keep your information accurate, up-to-date, and relevant for your treatment and care.

Use of cookies

The CareHQ website and app uses both non-persistent and persistent cookies to manage visits to the site. Non-persistent cookies are temporary and are deleted when a browser session is closed and persistent cookies are used in order that third party vendors, such as Google, can serve ads based on a user's prior visits to the CareHQ website (and app).

Other than as noted above, information about a visit to the CareHQ website (and app) is not permanently stored on a visitor's personal computer.

While CareHQ recommends that you enable cookies to enjoy all the features of CareHQ website and app, this is entirely up to you.

Website and app analytics

CareHQ uses services such as Google Analytics, which will issue cookies from their own servers and which will be able to track website (and app) visitors throughout the CareHQ website (and app) and through any other sites that use those services. CareHQ does not control how those cookies are issued, or the data that they store. Please refer to the Google Analytics Privacy Policy for more information.

Use of data and information collected from website and app visits

CareHQ will not sell or reveal information obtained about its visitors to anyone outside of CareHQ unless:

  • It is specifically authorised by the visitor;
  • It is legally required to do so; or
  • Such disclosure is required to protect the safety of employees, visitors, customers, or property.

Use of email or mobile number for customer communications

During your interactions with us via the CareHQ website or CareHQ app you can supply an email address or mobile number which we will use to contact you about our service. CareHQ does not sell or rent email addresses or mobile numbers to third-party organisations.