PRIVACY POLICY

Privacy Policy

1. Purpose

This Privacy Policy explains how we collect, use, store, and protect your personal and health information in accordance with the Privacy Act 2020 and the Health Information Privacy Code 2020.

2. Information We Collect

  • We collect personal and health information necessary to provide safe and effective osteopathic care. This may include:

  • Your name, date of birth, contact details, and emergency contact information

  • Medical history, lifestyle information, and details related to your presenting complaint

  • Clinical notes and treatment records

  • Payment details and appointment history

  • Information received from other healthcare providers (with your consent)

3. How We Collect Information

We collect information directly from you through:

  • Consultations, forms, and online bookings

  • Email, phone, or other communications

  • Referrals from other health professionals (with your consent)

  • In some cases, we may collect information from third parties (e.g. your GP or other treating practitioners), but only with your permission or where legally required.

4. How We Use Your Information

Your information is used for the following purposes:

  • Providing osteopathic assessment and treatment

  • Communicating with you about your care and appointments

  • Managing administrative and billing tasks

  • Meeting legal, ethical, and professional obligations

  • Referring to or consulting with other healthcare providers (with your consent)

5. Recording and Storage of Clinical Notes

  • With your consent, your clinical notes and personal information are securely recorded and managed using Cliniko, an electronic practice management system compliant with New Zealand privacy and data protection standards.

  • You will be asked to provide informed consent before any information is recorded in.

  • Only authorised practitioners involved in your care have access to your records, which are stored securely and encrypted.

  • 6. Security and Retention

    We take reasonable steps to protect your information from loss, misuse, unauthorised access, or disclosure.

    Health records are retained for at least 10 years from the date of your last treatment, in accordance with the Health (Retention of Health Information) Regulations 1996. After this period, they may be securely destroyed.

7. Disclosure of Information

We may disclose your information:

  • To other healthcare professionals involved in your treatment (with your consent)

  • When required by law, court order, or to prevent serious harm

  • To our practice management or accounting systems for administrative purposes

  • We do not share your information with third parties for marketing or unrelated purposes.

8. Access and Correction

  • You have the right to request access to, or correction of, your personal information.

  • To do so, please contact us at info@cdtherapy.co.nz

  • We may need to verify your identity before processing your request.

9. Website and Online Bookings

  • If you book online or visit our website, we may collect limited usage information such as your IP address, browser type, and pages viewed to help improve our services.

  • Our website may use cookies to enhance your experience. You can disable cookies in your browser settings.

10. Complaints

If you have any concerns about how your personal or health information has been handled, please contact us first so we can address the issue directly. If you are not satisfied with our response, you may contact:

Office of the Privacy Commissioner
0800 803 909
www.privacy.org.nz

Osteopathic Council of New Zealand (OCNZ)

+64 4 474 9664
www.osteopathiccouncil.org.nz
registrar@osteopathiccouncil.org.nz

11. Use of Heidi Health AI

With your explicit consent, we may use Heidi Health AI, a secure and compliant artificial intelligence transcription tool, to assist in creating accurate and efficient clinical notes during or after your consultation.

Heidi Health AI processes spoken or written information from the consultation to generate draft clinical notes for practitioner review.

  • All information is processed and stored in accordance with New Zealand privacy and health data standards.

  • The AI system does not make clinical decisions, it only assists in documentation.

  • Your practitioner reviews, edits, and approves all clinical notes before they are finalised.

  • You may decline the use of Heidi Health AI at any time, and your notes will be recorded manually instead.

12. Updates to This Policy

This policy may be updated periodically to reflect changes in law or clinic procedures. The latest version will always be available on our website or by request.