Legal
NZTelemed Limited
Last updated: 30 April 2026
NZTelemed Limited ("we", "our" or "us") is committed to protecting the privacy and confidentiality of personal information and adheres to the Privacy Act 2020, the Health Information Privacy Code 2020, and other relevant legislation. The Privacy Act 2020 regulates us through the Information Privacy Principles as to how we collect, hold, access, manage, use, disclose, and dispose of patient personal information. For more information on these principles and codes, visit the Office of the Privacy Commissioner.
Our practice address is 99 Remuera Road, Remuera, Auckland.
We collect personal and health information to ensure safe and effective healthcare. This includes details such as your name, contact information, date of birth, occupation, GP and emergency contact details, NHI number, and health insurance information (if applicable). We also collect medical history, family medical history, diagnoses, treatment plans and outcomes, test results, and information from allied healthcare providers involved in your care.
We collect your personal information directly from you wherever possible, such as during in-person visits, phone or email communications, online enquiry forms, and when you complete administrative paperwork. This can occur before, during, or after your visit at our premises, including through your doctor's rooms. When you browse our website without submitting any forms, no personal information is collected unless you choose to provide it.
We may also collect information indirectly from third parties involved in your care, such as medical practitioners, healthcare providers, health insurers, treatment funders, or anyone you've authorised (e.g., a relative or person with power of attorney). If needed, we may access relevant health records held by others to support your treatment. In most cases, you will have already provided consent to share this information, either to the third party or directly to us. However, if you do not provide or consent to the collection of necessary information, we may be unable to offer you appropriate treatment or care.
In the course of your care, we commonly receive health information about you from sources other than yourself. This includes:
In accordance with Rule 3A of the Health Information Privacy Code 2020, when we receive your information from a third party, we will take reasonable steps to make you aware of this. This typically occurs through:
You have the right to know what information about you we hold, why we hold it, who it has been shared with, and how it will be used.
We only use or disclose your personal information for purposes directly related to its original collection, for any purpose you've authorised, or where required or permitted by law. This includes delivering your requested clinical or surgical treatment, communicating about your care, verifying your identity and insurance, and coordinating with your health insurer. We also use your information for administrative functions such as billing, payments, and debt collection; managing feedback or complaints; complying with legal obligations; and performing tasks like accounting and risk management. Additionally, your information may support service improvement through research, patient surveys, and enhancements to our systems and infrastructure.
We are committed to maintaining the confidentiality of your personal information. It is only disclosed for purposes directly related to your care or as outlined in this Privacy Statement. Common disclosures include sharing information with your nominated general practitioner to support ongoing care after discharge, unless you request otherwise, and providing general updates about your condition to close family members, in line with standard medical practice.
From time to time, we work with trusted affiliated healthcare providers and share diagnostic testing equipment. These providers may access your information through this equipment as part of your care. We enforce strict confidentiality policies and non-disclosure agreements to protect your information from unauthorised access or misuse.
In general, your personal information may be disclosed to third parties:
All third-party use of your information is limited strictly to the purpose for which it was disclosed.
By engaging with our services, you acknowledge this Privacy Statement and consent to us collecting, using, and sharing your personal and health information as described here, including the indirect collection of health information from referrers and other healthcare providers involved in your care. While sharing your information is voluntary, not doing so may limit the services we can provide.
You consent to us using your personal information to confirm your identity, verify appointment details, and ensure your information is accurate, both directly and through peripheral locations.
Some of our doctors use a transcription tool called Heidi to document consultations in real time. No recordings are stored, and Heidi complies with the Privacy Act 2020 and New Zealand's Information Privacy Principles. You will be informed if Heidi is being used during your consultation, and you may decline its use at any time.
Where images or photographs may be taken during your consultation for training or educational purposes, your specific consent will be sought at the time. You are not required to agree, and declining will not affect your care.
Under the Privacy Act 2020 and the Health Information Privacy Code 2020, you have the right to:
To exercise any of these rights, please contact us using the details at the end of this statement. We will respond to your request within 20 working days, in accordance with the Privacy Act 2020.
We store personal information in both paper and electronic formats, and take extensive measures to protect it from misuse, loss, damage, and unauthorised access. Our doctors and employees are responsible for handling your information confidentially and securely, with access strictly managed through identity and access controls.
All staff undergo information security training, and we regularly monitor compliance with our internal policies and industry best practices. By law, health information must be retained for at least 10 years.
Electronic data is stored securely in datacentres located in New Zealand or Australia, managed either by us or our trusted service providers. These facilities have strict physical access controls, and all data is protected with multi-factor authentication, daily backups, and cybersecurity measures such as firewalls, virus scanning, and intrusion detection systems.
While we maintain strong security protocols, we cannot guarantee the security of information transmitted to us over the internet. Any such transmissions are at your own risk.
We also use a secure disposal system to destroy physical records no longer needed, while electronic records are safely retained within our systems.
We are committed to taking all reasonable steps to protect your information in accordance with the Privacy Act 2020 and the Health Information Privacy Code 2020.
We will occasionally update this Patient Privacy Statement to reflect company and patient feedback, as well as changes in legislation. We encourage you to periodically review this Statement to be informed of how we are protecting your information.
If you have any questions about this Privacy Statement, wish to access or correct your information, or have a concern about how your information has been handled, please contact us:
If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner at www.privacy.org.nz or 0800 803 909.