Privacy Policy

This Privacy Policy governs Manage My Health Limited’s (“MMH”, “we” and “us”) collection, use and disclosure of personal information you may supply to us through your access and/or use of any ManageMyHealth service, software, application, product or website (collectively, “ManageMyHealth™”).

Please read this Privacy Policy carefully. By using ManageMyHealth™ and/or otherwise providing us with your personal information, you authorise the collection, use, storage and disclosure of your personal information in accordance with this Privacy Policy.

This Privacy Policy is to be read in addition to any other applicable terms and conditions that may apply to your relationship and/or engagement with us. If you don’t agree with any term set out in this Privacy Policy you must not use ManageMyHealth™.

Any information submitted to ManageMyHealth™ Community Forums or Blogs becomes public information upon publication and is not covered by this Privacy Policy. Accordingly, you should be cautious as to what personal information you publish in these areas.

1. Introduction
   1. ManageMyHealth™ is a personal health service that lets you review, gather, edit, store, and deal with health information online. With ManageMyHealth™, you have the ability to access your own medical records if your medical practitioner makes these available through ManageMyHealth™. You can also share your health information with family, friends, and health care professionals, and have access to online health information management tools.
   2. MMH is committed to protecting your privacy through its secure information technology services, ManageMyHealth™, and its strict adherence with the Privacy Act 2020 (Privacy Act), together with the requirements of the Health Information Privacy Code 2020 (or any replacement code of practice or other regulation issued under the Privacy Act).
   3. Reference to MMH in this Privacy Policy includes any person or organisation to which it may licence or assign its rights and obligations.
2. Collection of your personal information
   1. We collect personal information about you in order to enable you to register for our services and to use ManageMyHealth™. The personal information we collect may include your name, date of birth, e-mail address and physical address.
   2. We may request other optional information necessary for our lawful purpose connected to our functions, but we clearly indicate that such information is optional. You can review and update your account information at any time. You can modify, add, or delete any optional account information by signing into your ManageMyHealth™ account and editing your account profile.
   3. We may also collect health information from you, such as your medical history, symptoms, lab results, medication and prescription details, clinical notes, and health services you are currently being or have been provided, only to the extent you choose to include this information in your records when using ManageMyHealth™.
   4. Subject to your Health Provider’s privacy policy, with your authorisation, we may also collect personal and health information about you directly from your Health Provider, but only to the extent that such information is necessary for us to provide certain services to you and/or your Health Provider. In addition to the personal and health information listed above, we may also collect your Health Provider information such as your name, date of birth, contact details, gender, ethnicity, health classifications, enrolment details, appointment information, your National Health Index number, other Health Provider identifiers (including Practice Management System Identifiers), and communications between you and your Health Provider.
   5. To access your medical records held by your participating Healthcare Provider an activation code must be obtained in person from the Healthcare Provider. One specific e-mail address must be provided along with a valid photo-id.
   6. In some situations, we may collect someone else’s personal information from you, for example, we may collect your child’s personal information when you create an account for them on ManageMyHealth™. We may also collect your personal information from someone else (for example, if you are a child under 16 or an adult dependent on a representative or guardian) where another individual manages your MMH account on your behalf.
   7. In general, we will let you know at the time of collection whether the provision of personal information to us is optional or whether it is required for us to provide you a ManageMyHealth™ service. If we have indicated that the requested personal information is required and you do not provide it, you may not be able to access ManageMyHealth™ or the full range of services.
   8. You can close your account at any time by signing into your ManageMyHealth™ account and editing your account profile. We wait 90 days before permanently deleting your account information and all records.
   9. When using Manage My Health mobile apps (Android and Apple iOS), we may require access to the following with your permission: Camera and microphone access for video consultation; Internal or external storage access to upload and share documents; and Bluetooth settings to select audio during video consultation and connect to external devices.
3. Use of personal information
   1. MMH collects and uses your personal information to operate, improve and deliver ManageMyHealth™ or carry out the transactions you have requested. These uses may include:
      
      1. providing ManageMyHealth™ and related services;
      2. providing you with more effective customer service including by tailoring content or healthcare recommendations to your personal circumstances;
      3. making ManageMyHealth™ or its services easier to use by eliminating the need for you to repeatedly enter the same information or to share information with third parties that you have already shared with ManageMyHealth™;
      4. performing research and analysis aimed at improving our products, services and technologies;
      5. displaying content and health promotions that are customised to your interests and preferences;
      6. using aggregated information (which has identifying information removed) to improve the quality of the services offered on ManageMyHealth™, for marketing of ManageMyHealth™ and for general analysis or population health statistics;
      7. gathering and analysing health statistics (in a form in which you cannot be identified) to allow planning of effective healthcare services within your region. This information is extremely valuable as it allows the limited healthcare services to be targeted to the needs of the population, which in turn potentially provides benefits to you and your family.
   2. MMH does not use your individual account and record information from ManageMyHealth™ for marketing without ManageMyHealth™ first asking for and receiving your opt-in consent.
   3. We will not use personal information for purposes other than described above, unless:
      
      1. we have your consent (or consent of the person whose personal information you have provided); or
      2. we are permitted or required to do so by law.
4. Sharing your personal health information
   1. We will only disclose personal information in accordance with this Privacy Policy, in accordance with your specific instructions or authorisation, and/or in accordance with the specific instructions or authorisation of the person whose personal information you have provided. We may disclose your personal information to:
      
      1. a related company of MMH, who may use your personal information for the same purposes as us;
      2. your Health Provider, including other doctors, nurses or physicians within your Health Provider’s practice. This will be expanded in later versions of ManageMyHealth™ to other health professionals you authorise and an optional “trust list” functionality which will allow you to grant access to other individuals involved with your care;
      3. with your authorisation, to other health service providers (including specialists and allied health providers including health and wellness providers and insurers who you may be referred to or connected with as part of a function of MMH;
      4. emergency services personnel (including as part of the Medic Alert system, where you are part of this programme) who may assist you in an emergency situation;
      5. our service providers that are providing a service to you or us in relation to ManageMyHealth™, for example, third party web site hosting; packaging, mailing; answering customer questions about products and services; and sending information about our products, special offers, and other new services.
   2. Manage My Health Limited may also disclose personal information if we believe on reasonable grounds that such disclosure is necessary to:
      
      1. enforce this Privacy Policy or any other relevant terms and conditions;
      2. comply with a judicial proceeding, court order, or legal processes; served on ManageMyHealth™;
      3. protect and defend the rights or property of MMH and our family of web sites; or
      4. is otherwise required or permitted by law.
5. Transfer of information overseas
   1. We generally hold your information in New Zealand. To the extent we disclose personal information to third parties outside of New Zealand, we will take reasonable steps to ensure such third party is subject to comparable privacy laws as those in the Privacy Act or is otherwise required to protect the information in a way that, overall, provides comparable safeguards to those under the Privacy Act.
6. Sharing records with third parties through ManageMyHealth™
   1. We may provide you with information about third party applications or services that connect with, are referred through, ManageMyHealth™. You can view the third parties and applications and should examine their privacy policies / statements and terms of use prior to using them or allowing them access to any of your health information. In order to access ManageMyHealth™, the third party is required to protect the privacy of health information by complying with all applicable privacy laws.
   2. No third party has access to your information through ManageMyHealth™ unless and until you actively opt in through ManageMyHealth™ to grant it access. You control what health information you allow a third party to access and the length of time they can access the information. Once you authorise such third party application to access your information from ManageMyHealth™, such information will be subject to the third party’s privacy policies and MMH will not be liable or responsible for the privacy practices of any third party.
7. Security and Storage of information
   1. We will take reasonable steps to ensure that the personal information that we hold is accurate, complete, up-to date, stored in a secure environment, and protected from unauthorised access, modification or disclosure. MMH follows strict internal procedures in collecting, storing and disclosing information about you.
   2. When any information is uploaded to your ManageMyHealth™ account, it is sent over the Internet using Secure Sockets Layer (SSL). This method encrypts the information to help prevent others from reading it while it’s in transit from your computer to ManageMyHealth™.
   3. Any information or records you maintain with a ManageMyHealth™ account will be hosted on servers in a secure environment by a commercially reputable hosting vendor using best practice security techniques. ManageMyHealth™ is protected by a reputable network firewall and daily backups are performed to allow system restores to be performed in a disaster recovery situation.
   4. If you choose to access your medical records held by your Health Provider through ManageMyHealth™ you are consenting to ManageMyHealth™ storing that information on your behalf and obtaining periodic updates to the records via your Healthcare Provider.
   5. Information submitted to ManageMyHealth™ from your Healthcare Provider is encrypted during transmission. Your information provided to you via a web browser is encrypted during transmission using the highest standard available today using VeriSign Digital Certificates. This provides at least 128-bit encryption or 256-bit encryption if you are using the latest version of the web browser. Information provided to you from your Healthcare Provider cannot be modified within the system.
   6. MMH will only retain your personal information for as long as it is needed for the purposes for which it was collected (or any other purpose you have consented to) or for so long as we are required by law to retain it. If your account or access is terminated, we will delete your personal information.
   7. Access to your account will be blocked following 5 failed attempts to logon. Your account is unblocked by using the forgotten password function on the website. If your account is blocked because you have abused your access privileges, you will be offered the opportunity to obtain a copy of any personal / health information you have entered. In these circumstances information provided by your Healthcare Provider will not be provided and must be obtained from your Healthcare Provider.
   8. If you’re using ManageMyHealth™ to upload sensitive data (such as health information), you should properly secure your computer. To help do this, you can use anti-spyware and virus protection software. You can also restrict access to your computer (for example, by using a strong password for your computer login and a network firewall).
   9. ManageMyHealth cannot be held liable in any way for events beyond our control or in any way for accidental or unauthorised access of your information.
8. Your rights to access and request correction of your personal information
   1. Generally, upon your request, we must confirm whether we hold personal information about you, and provide access to that personal information. We can only give you access to personal information we hold about you, and not about any other person (unless you are acting on that person’s behalf and have acceptable written authorisation). There are some exceptions where we may refuse to give you access under law (for example, where disclosing the information may pose a serious threat to any person’s life, health or safety).
   2. You may ask us to correct information about you if you think that it is wrong. We may not agree that the information needs correcting, but in this case we will explain our reasons for declining your request. If this happens you may ask us to attach a statement of correction to our records which sets out what you believe the information should be.
9. How we use de-identified data, aggregate information and statistics
   1. MMH may use aggregated information from your use of ManageMyHealth™ features and services for the purpose of improving the quality of ManageMyHealth™, marketing the usefulness of ManageMyHealth™ or for the purpose of research and analysis of ManageMyHealth™ features and services. This aggregated information will never identify an individual.
   2. MMH may use de-identified usage data (de-identified data refers to data from which all personally identifiable information has been removed) from ManageMyHealth™ to report on usage statistics and usage analysis of various features for the purpose of improving the quality of ManageMyHealth™, marketing the usefulness of ManageMyHealth™ or for the purposes of research and analysis of ManageMyHealth™ features and services. This de-identified usage data will never identify or be associated with any individual account.
10. Unique Identifiers
    1. The primary unique identifier used within ManageMyHealth™ is an email address of your choice, which you have authorised us to use to communicate with you. This identifier may be linked to your National Health Index number, if known, which is allocated to you when you use a service provided by a public health authority such as a public hospital or General Practice. No other unique identifier is linked to you by ManageMyHealth™.
    2. While an email address is globally unique we cannot guarantee that it will always be assigned to the same person. If an email address is no longer used by an individual it is then typically ‘made available’ to anyone else who wants to use it, much the same as a phone number. In the case of children we allow the use of a parent’s email address. Once an individual becomes 16 years old they become responsible for maintaining their account access by other persons such as their parents.
    3. We are aware that over time you may change your email account hence you are allocated a unique system identifier which is inaccessible except by the system.
11. E-mail controls
    1. To keep you informed of the latest improvements, ManageMyHealth™ will send you a newsletter. By creating an account you are deemed to have given us your implied consent to send you such newsletters. If you do not want to receive the newsletter, you can unsubscribe at any time.
12. Use of cookies
    1. We only use temporary cookies on ManageMyHealth™ which are deleted upon you signing out. The cookies contain no personal information.
13. Changes to this privacy policy
    1. We may occasionally update this Privacy Policy. When we do, we will revise the “last updated” date at the top of the Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we are helping to protect the personal information we collect. Your continued use of ManageMyHealth™ following any update constitutes your acceptance to such updates.
14. Enforcement of this privacy policy
1. MMH must comply with privacy legislation when dealing with personal information. If you would like any further information or have any queries, problems or complaints relating to our Privacy Policy or our information handling practices in general, please contact us at: Address: Privacy Officer, Manage My Health Limited, Level 1, 48 Market Place, Viaduct Harbour, Auckland 1010 or Email: [email protected]