Privacy and Data Storage Policy
What we collect
We collect personal information from you (or in the case of a child, their parents/guardian, if in care their social worker), including information about: • Basical personal details (name, DOB) • Contact information (address, phone number, email) • Location of your school or other place of service delivery • Clinical documentation including reports, assessment procedures (e.g., language samples, testing protocols, videos, audio files, and photos) • Clinical therapy and instructional materials including photos, videos, audio files to support therapeutic procedures (e.g., video modelling, audio feedback, literacy materials, etc) • Information needed to process invoices and document payments We also may receive information from other people working with you, including: • Schools, kindergartens, ECE, or other care/education providers (with your knowledge) • Your medical team (with your knowledge) • Other agencies working with you (with your knowledge)
Why we collect this information
We collect your personal information in order to: • Provide private speech-language therapy, assessment, and consultation services • Advocate for our clients, and • Provide professional development workshops
Who can access which types of information
Basic contact details
Besides our staff, we share basic information (name, address, phone number, dates of service) with: • Xero / Active Accounting for our invoicing and financial purposes (Active accounting have signed confidentiality documents)
Besides our staff, we share clinical and more detailed information with: • Client team and agencies in order to coordinate care (with consent) • Professional supervisors in order to participate in confidential supervision as required by our professional board (within bounds of confidentiality) • Oranga Tamariki in order to report child welfare concerns (with consent if possible) • Funders in order to provide accountability for funds received (with consent)
Where your information is kept
All data is stored on password protected technology (tablets, phone, laptops) and is necessary for us to provide our services. We use the following services in our practice: • Dropbox professional – encrypted, password protected for all client documentation and storage of media files related to clients • Google drive – only for intake and consent forms • Vimeo - password protected way to share videos with family (only with your permisison) • Storypark / Seasaw – only if your has added us with your consent • iCloud – for iPad backups of AAC apps and therapy apps • Fastmail for email and calendar accounts (encyrpted) • Rimu hosting for web hosting • Xero for invoicing and accounting • Kiwibank for banking (which include any details provided by payer)
• You can choose to limit our use of videos / photos / audio recordings. We can provide a service, but it may be reduce the range of assessment and treatment procedures available • We will only share clinical information (via written, video, audio, or in person formats), to those people and agencies you have given use permission to share with. • If you choose not to share certain background information (e.g., medical history, clinical concerns, diagnoses, hearing/vision status, etc), this may limit our ability to provide fully informed care • If you choose not to provide clear instruction about care arrangements, custody disputes, or personal safety requirements, we will be unable to meet these expectations.
We keep your information safe by using encrypted, cloud-based data storage on password-protected devices. We also maintain confidentiality as expected of any clinical professional.
As per the Health (Retention of Health Information) Regulations 1996, we maintain records for 10 years after the last point of service.
You have the right to ask for a copy of any personal information we hold about you, and to ask for it to be corrected if you think it is wrong. If you’d like to ask for a copy of your information, or to have it corrected, please contact us at firstname.lastname@example.org, or 0224996737, or PO Box 5426 Wellington, NZ 6140. We will provide this within the timeframes required by law.
The designated person for any complaints regarding our privacy procedures is Shannon Hennig, who can be contacted at the details above.
We respond to all compliants received as outlined in the Health Information Privacy Code
If you’re not satisfied with our response to any privacy-related concern you may have, you can contact the Privacy Commissioner.
Specific details of our complaint responsibilities
As per the law, we abide by the following:
(i) the complaint is acknowledged in writing within 5 working days of receipt, unless it has been resolved to the satisfaction of the complainant within that period; and (ii) the complainant is informed of any relevant internal and external complaints procedures; and (iii) the complaint and the actions of the health agency regarding that complaint are documented; and (b) within 10 working days of acknowledging the complaint, the agency must— (i) decide whether it— (A) accepts that the complaint is justified; or (B) does not accept that the complaint is justified; or (ii) if it decides that more time is needed to investigate the complaint— (A) determine how much additional time is needed; and (B) if that additional time is more than 20 working days, inform the complainant of that determination and of the reasons for it; and (c) as soon as practicable after the agency decides whether or not it accepts that a complaint is justified, it must inform the complainant of— (i) the reasons for the decision; and (ii) any actions the agency proposes to take; and (iii) any appeal procedure the agency has in place; and (iv) the right to complain to the Privacy Commissioner.