This Privacy Policy outlines how Medidata Services Ltd (‘Medidata’, ‘we’, ‘our’, ‘us’) collects, uses, stores, and shares patient data in accordance with the Privacy Act 2020 and the Health Information Privacy Code 2020 (the “Privacy Laws”).
1. Collection of Personal Information
We collect personal information that is required to enable patients to participate in one or more patient support programmes which we manage on behalf of our clients in the healthcare sector, including pharmaceutical companies. This information may include but is not limited to:
- Name, date of birth, address, and contact details;
- Information relating to your participation in a patient support programme including any medicines and that may be prescribed to you by a health professional as part of that programme
The particular items of information collected will depend on the relevant programme, the applicable Privacy Laws in that regard, and the prior consent of each patient being obtained by us in that regard (the “Pre-Conditions”).
2. Purpose of Collection
Subject to the Pre-Conditions, we would collect and use personal health information to:
- Communicate with you about your participation in the patient support programme;
- Communicate with your pharmacy or health care professional as required by the patient programme.
3. How We Use and Share Personal Health Information
Your personal information is used strictly for the purposes outlined above and may, subject to the Pre-Conditions, be shared with:
- Healthcare providers involved in your treatment as approved by you (e.g., GPs, specialists and pharmacies)
We do not disclose your information to pharmaceutical companies or sell or use your data for marketing purposes. We would only use and disclose your personal information in accordance with the terms of your specific consent under the Pre-Conditions.
4. Data Security and Storage
We implement a range of security measures to protect your personal health information, including:
- Encryption of digital records
- Restricted access to authorised personnel only
- Regular monitoring and auditing of data security systems
Patient data is stored in New Zealand or in compliance with New Zealand's data protection laws but which may include the use by us of reputable global hosted services providers and other reputable digital services companies who may store the patient data on their servers outside New Zealand. You accept that as we do not control such organisations or their terms of service, we are only able to use our reasonable endeavours when engaging with those third parties, and that they may or may not protect personal information on a comparable basis as required by the Privacy Laws. Data is retained for as long as necessary to fulfil the purpose for which it was collected, or as required by law.
5. Your Rights
Without limiting your rights under the Privacy Laws, you have the right to:
- Access your personal information and request corrections if you believe the data is inaccurate;
- Withdraw consent for the use or sharing of your data;
- Complain to us or to the New Zealand Privacy Commissioner if you believe your privacy has been breached,
To access or amend your personal information, please email: medidata@medidata.co.nz
6. Breach Notifications
In the event of a data breach that may compromise your personal information, we will promptly notify you in accordance with the Privacy Act 2020 and take steps to mitigate the breach as required by the Privacy Laws.
7. Contact Us
If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us at:
- Email: medidata@medidata.co.nz
- Phone: 09 488-4272 or 09 488-4271
- Address: PO Box 31348, Milford, Auckland
We are committed to protecting your privacy and ensuring that your personal health information is handled responsibly.
Policy last updated: September 2024