Client Data Care Policy

An investment in trust

At Aurum Health Limited (Aurum), privacy is not merely a policy. It is an investment in the trust and confidence that define your relationship with us. We protect your personal and health information in accordance with the Privacy Act 2020 and the Health Information Privacy Code 2020. These legislative frameworks guide every element of our data stewardship, ensuring your privacy is protected with the same care and refinement that underpin all our services. This policy forms part of the terms and conditions of your services agreement, the Scope of Care policy, and any other service you receive from Aurum. Aurum may, from time to time, update this policy, and will notify you when it does so. This policy is designed to complement our general privacy policy, which confirms our commitment to the way in which general data is used. 

Our commitment to privacy

We treat every piece of information you share with us as privileged and confidential. This includes your name, contact details, clinical history, diagnostic data, and any information you provide throughout your engagement with us. Our approach is anchored in discretion, confidentiality, and the highest standards of clinical governance.

This policy, the Client Data Care Policy, specifically references the way in which we use your information and data to provide our direct health services. General privacy – things like accessing our website or getting in touch with us – are covered under our Privacy Policy.

We collect only information necessary for your care, directly from you whenever possible. At or before collection, we will explain:

  • Why the information is needed.
  • How it will be used.
  • Who will have access.
  • Your rights under the Privacy Act 2020 and Health Information Privacy Code 2020.

Information we collect

We collect and hold the following information to deliver our services:

  • Personal details such as your name, date of birth, and contact information.
  • National Health Index (NHI)
  • Health information, including clinical history, diagnoses, treatments, and test results.
  • Records of consultations, communications, and correspondence.

This information is collected directly from you, or, where appropriate, from other healthcare providers, with your consent.

How we use your information

Your information is used solely for purposes aligned with your care and our legal obligations:

  • To provide you with tailored health consultations, diagnostics, and ongoing care.
  • To coordinate with trusted clinical partners, such as laboratories and specialists.
  • To ensure continuity of care and maintain high-quality clinical records.
  • To provide you with a unique and best-in-class level of service from Aurum Health Limited.
  • To meet obligations under New Zealand health and privacy legislation.

We never use your information for purposes unrelated to your care or client services in line with your business with Aurum Health Limited without your explicit consent.

When We Share Your Information

We share your data only:

  • Internally, with Aurum’s clinicians, where a Transfer of Care takes place. Briefly, an example would be when your normal clinician is unavailable and an alternative clinician assumes responsibility for your clinical care.
  • With your consent, when it directly supports your care.
  • As required by law, such as reporting obligations for public health and safety.
  • With trusted clinical partners under strict confidentiality agreements.

As a fully private provider, we do not submit client data to Primary Health Organisations (PHOs), nor do we participate in government-funded screening or reporting schemes in exchange for remuneration or otherwise. This ensures your information remains strictly between you Aurum Health.

We do not transfer your data internationally unless it is necessary for your care and only to countries with comparable data protection standards. We only do this with your consent.

How we protect your information

  • All care is delivered via secure telehealth platforms.
  • We utilise Indici as our Patient Management System (PMS), alongside globally recognised software providers such as Microsoft 365, and Monday.com, for example.
  • No clinical data is ever stored other than on our PMS
  • Client data access is strictly role-based. Clinical staff access clinical data. Administrative staff access only what is necessary to support you.
  • We conduct regular audits and reviews of our systems to uphold data security.
  • Health records are retained for a minimum of 10 years after your last contact, as per New Zealand health regulations, after which they are securely destroyed.

Your rights under the Privacy Act 2020 and Health Information Privacy Code 2020

You have the right to:

  • Access your health records: Request a copy of the information we hold about you. We aim to respond within 20 working days.
  • Request corrections: Ask for amendments to your information if it is inaccurate.
  • Understand data use: Be informed about how your data is being used and shared.
  • Withdraw consent: You may withdraw consent for certain uses of your data, except where required by law.
  • Complain: Raise concerns if you believe your privacy rights have been breached. Please see our Feedback and Complaints Policy We will acknowledge your concern within 5 working days and aim to resolve it within 10. Unresolved concerns can be directed to the Office of the Privacy Commissioner.

For a comprehensive overview of your rights, we invite you to refer to the Privacy Act 2020 and the Health Information Privacy Code 2020 at www.privacy.org.nz

Training and governance

All Aurum Health Limited staff, clinical and non-clinical, undergo regular training on the Privacy Act 2020, Health Information Privacy Code 2020, and our internal privacy protocols. Our Privacy Officers oversee governance to ensure compliance and continuous improvement.

Our Privacy Officers

Our Co-Founders and Directors personally steward your privacy:

  • Mary-Ann Clueard
  • Ian Hartley-Dade

To discuss your privacy preferences, raise a concern, or ask any questions, please contact us at: help@aurumhealth.nz

Continuous improvement

We regularly review and refine our privacy practices to ensure alignment with evolving best practices, client expectations, and legal requirements.