Privacy, Security And Compliance

Tristram Clinic is committed to safe guarding the privacy of our patients. Privacy protection and confidentiality of health information is essential for quality health care, and we are committed to protecting the privacy and confidentiality of the information we handle about you.

This policy explains:

  • how we collect, store, use and disclose your personal information;
  • how to access your personal information;
  • how we protect the quality and security of your personal information;
  • how to seek correction of any personal information we hold; and
  • how to make a complaint about our handling of your personal information.

In addition to our professional and ethical obligations, Tristram Clinic has a legal obligation to comply with the Privacy Act 2020 (”the Act”), the Information Privacy Principles (“IPPs”) under that Act, and where health information is involved, the Health Information Privacy Code 2020 (“the Code”). You can read more about these laws on the website of the NZ Privacy Commission (

The Privacy Officer role is undertaken by – Tristram Clinic Clinical Services Manager. In the Clinical Service Managers absence – General Manager will cover the role. The responsibility of the Privacy Officer is to ensure that the organisation maintains the privacy of patient information in accordance with the Health Information Privacy
Code 1994.

We are committed to providing quality healthcare for our patients. As a fundamental part of this commitment, we recognise the importance of ensuring that our patients are fully informed and involved in their healthcare.
As a healthcare provider in the private sector, we are bound by the HEALTH INFORMATION PRIVACY CODE 2020. This code sets the standards by which we handle personal information collected from our patients. Further information is available online from the Office of the Privacy Commissioner

As part of our commitment to providing quality health care it is necessary for us to maintain records pertaining to your medical treatment, the provision of advice to you and also to perform administrative functions including record keeping, confirming eligibility for funding/insurance, invoicing and processing of claims/payments. If you
do not provide us with the information requested we may not be able to provide you with medical treatment and advice.

Tristram Clinic collects and holds personal information about you so that we may properly assess, diagnose, treat and be proactive in your health care needs. Wherever practicable we will collect this information from you personally – either at the clinic, over the phone, via written or email correspondence or via our website. In some instances we may need to collect information about you from other sources such as referring doctors, treating specialists, pathology, radiology, hospitals or other health care providers. In an emergency, we may collect information from your immediate family, friends or carers. Our records may contain, but is not limited to, the following types of information:

  • Your Personal details (e.g. your name, address, date of birth, NHI number etc.)
  • Names and contact information of people who are your emergency contacts.
  • Your medical history
  • Clinical and administrative notes made during the course of consultations or treatment.
  • Digital images taken during your consultation or treatment
  • Referrals to other health service providers
  • Test results and reports received from or sent to other health service providers involved with your care.
  • Payor related details and financial transactions.

Your records are handled with the utmost respect for your privacy. They will be used by your specialist as part of providing your care. Administration and Clinical staff will also handle your medical records as part of their day-to-day responsibilities. All staff are bound by confidentiality requirements as a condition of their employment and these requirements will be observed if it is necessary for them to review your records.

Correspondence with yourself and other parties involved with your care, may use digital communication methods instead of printed material.

Your personal information will only be used or disclosed for purposes directly related to providing you with quality health care, or in ways you would reasonably expect us to use it in order to provide you with this service.
This includes use or disclosure to the professional team directly involved in your health care, including treating doctors, pathology services, radiology services and other specialists outside this medical practice.  For example, this may occur through referral to other doctors when requesting medical tests or in the report or result returned to us following the referrals;

  • to the Clinic’s administrative/ IT support staff for billing and other administrative tasks necessary to run our practice.  Our staff are trained in the handling of personal information in accordance with the Clinic’s Privacy Policy;
  • Other Health Providers whom the patient is or has consulted with, e.g. general practitioners, specialists, public hospitals, community health workers and pharmacists.
  • The Ministry of Health, Heath Mew Zealand, ACC and other funding agencies are entitled to certain information about all New Zealanders who are receiving government subsidies.
  • where required by law, for example, pursuant to a warrant;
  • to insurers or lawyers for the defence of a medical claim; and/or
  • to assist with training and education of other health care professionals.

Our Clinic does not intend to disclose your personal information to overseas recipients.

At times, for business-related purposes, it may also be necessary to allow external organisations to access our facility and possibly to have restricted access to your records. Any external organisation that provides services or advice to us will be aware of the need to preserve the requirement of the Privacy Act and will be bound by a confidentiality agreement.

Ordinarily we will not release the contents of your medical file without your consent. However, we advise that there may be occasions where we will be required to release the details of your file irrespective of whether your consent to the disclosure of the information is given. This will occur where the law requires disclosure, such as pursuant or subpoena.

We aim to ensure the information we hold about you is accurate, complete, up to date and relevant. To this end our staff may ask you to confirm that your personal details are correct when you attend a consultation. Please let us know if any of the information we hold about you is incorrect or not up to date.


  • Our Clinic takes all reasonable steps to protect the security of the personal information we hold, by:
    securing our premises;
  • using passwords on all electronic systems and databases and varying access levels to protect electronic information from unauthorised interference, access, modification or disclosure;  and
  • storing back-up copies of all digital records in a secure off-site place.
  • On a day to day basis any superfluous information is disposed of by way of shredding.
  • From time to time, when there are large amounts of information that needs to be disposed of, a disposals firm will be contracted to dispose of said information. The Certificate of Destruction is kept on file.
  • By law we are required to hold all health information for a period of 10 years . Personal information may be stored in either hardcopy documents or as electronic data.


Under law you have a right to access personal information we hold about you. Please contact our Clinical Services Manager for more information. We ask that you put your request in writing. If you consider the information we hold about you to be incorrect, please contact the Clinic in writing.  You have the right to have any incorrect information corrected, however we may require proof that we have incorrect information held about you (i.e. such as statement from a doctor).

You are not obliged to give us your personal information. However, if you choose not to provide the Clinic with the personal details requested, it may limit our ability to provide you with full service. We encourage you to discuss your concerns with our reception staff prior to your first consultation or with your doctor.


If you have a complaint regarding the way your personal information has been handled by our clinic, please put this in writing and address it to our Privacy officer, 200 Collingwood Street, Hamilton Central, 3204 or email through to our reception at [email protected]. We will acknowledge receipt of your complaint within
14 days, and endeavour to provide a full response within 30 days of receipt.

By filling out our online patient registration form, filling in our paper patient registration form in the rooms, or continuing to engage the practice in your care and treatment, you agree that you:

  • Have read the Privacy Statement and give permission for medical records to be kept about you and for correspondence to be sent to your referring doctor, general practitioners, other associated clinical providers, agencies and insurers, where appropriate.
  • Undertake to pay all fees owing to the specialist, including, in the event that liability is denied, any outstanding accounts that have not been paid in full by my insurer.
  • Understand that any outstanding monies requiring debt recovery will incur additional charges and you will also be responsible for any legal costs incurred.