top of page


Privacy Policy


Privacy is a basic right of all individuals and all our staff and potential staff, volunteers, residents and potential residents and their family/whanau and carer teams, our suppliers and our contractors have the right to privacy.

All Personal Information held will be gathered, used, accessed, stored, disclosed and disposed of in accordance with the Privacy Act 2020 (the Act).

If Elizabeth Knox Home and Hospital (EKHH) has a privacy breach that it believes has caused (or is likely to cause) serious harm, it will notify the Office of the Privacy Commissioner and affected individuals as soon as possible.

The Chief Executive Officer is Elizabeth Knox Home and Hospital’s nominated Privacy Officer, with delegated authority to the Quality Coordinator if the CEO is unavailable.



The objective of the Privacy Act 2020 is to promote and protect the privacy of information collected from, and about, an individual. The Health Information Privacy Code 2020 (the Code) was established specifically for the management of information relating to health and disability support services.

The Act contains 13 information and privacy principles and the Code has 13 rules adapted for health information and health agencies such as EKHH.

The Act and Code outline the requirements relating to the way information is, collected, corrected, used, disclosed, stored, disposed and accessed. The requirements may seem complicated but both the Act and the Code build on what is standard practice and common sense.

Privacy Principles


The following summarises the “information privacy principles” under the Privacy Act 2020 and how these principles are applied at EKHH.


1. Purpose of Collection of Personal Information

Personal information may only be collected to the extent necessary for lawful purposes connected with the functions of EKHH and the provision of Services to residents.

At EKHH we collect Personal Information about:

  • current, potential and former residents, and their families/whanau and other representatives;

  • current and prospective employees, volunteers, contractors, and their next-of-kin or emergency contacts;

  • service providers, suppliers and their employees and contractors; and

  • other individuals EKHH deals with in the course of carrying out its functions.


2. Source of Personal Information

Information must be collected directly from the individual concerned unless other circumstances apply.

EKHH collects information from the individual concerned. EKHH may also collect information from:

  • individuals indirectly, including through the use of services and facilities available through EKHH website and social media channels;

  • in the case of residents, only if the individual is incapable of providing information themselves, and when the resident has an activated EPOA (Enduring Power of Attorney), their appointed attorney.

  • current, potential and former residents, residents’ families/whanau, service providers, suppliers and their employees and contractors, employees, volunteers, individuals EKHH deals with in the course of carrying out its functions, and other people who come into contact with EKHH;

  • third parties in some instances. For example:

    • EKHH may use third parties to analyse its traffic at its website and social media channels, which may involve the use of cookies.

    • a report provided by a medical professional or an employment reference from another person.

Other third parties may include health service providers, health insurers, government agencies, private and public hospitals, recruitment and labour hire companies, and suppliers of services to EKHH, or third parties where we have an individual’s consent to that collection;

  • CCTV cameras, biometric scanners and QR codes on EKHH premises;

  • publicly available websites.

If an individual or agency provides us with information about another person, they/it must have that person’s permission to do so, and must comply with their/its obligations under the Act and the Code.

3. Collection of Information from Subject

Individuals should be made aware of the fact that information is being obtained, its purpose, the intended recipients, and rights of access to and correction of the information provided. Agencies gathering information must clearly identify themselves.

4. Manner of Collection of Personal Information

Information gathering should be done only by means that are lawful and fair and should not be unnecessarily intrusive.

5. Storage and Security of Personal Information

Personal information must be safeguarded against loss, unauthorised access, and misuse.

EKHH takes reasonable steps to protect personal information including credit and debit card information held by EKHH from misuse and loss and from unauthorised access, modification or disclosure. However, any information which you transmit to us is transmitted at your own risk.


Credit and Debit Card Security

When you submit personal information including credit card details, a secure server is used. We protect your information during transmission by using the Secure Sockets Layer (SSL) protocol, which encrypts your information when transmitted over the Internet.

It is important for you to protect against unauthorised access to your password and to your computer.

6. Access to Personal Information

Individuals are entitled to free access to information held about them, subject to exceptions set out in the Act and the Code.

Individuals may seek access to the personal information which EKHH holds about them by contacting the Privacy Officer. The Privacy Officer or delegate must respond to the request within 20 working days.

A request for access to personal information may be refused if the disclosure of the information would:

  • be likely to pose a serious threat to the life, health, or safety of any individual, or to public health or public safety;

  • create a significant likelihood of serious harassment of an individual; or

  • include disclosure of information about another person who is the victim of an offence or an alleged offence and would be caused significant distress, loss of dignity, or injury to feelings by the disclosure of the information.

A request for access to personal information may also be refused if after consultation is undertaken (where practicable) by or on behalf of the agency with the health practitioner of the individual concerned, EKHH is satisfied that the information relates to the individual concerned and the disclosure of the information (being information that relates to the physical or mental health of the requestor) would be likely to prejudice the health of the individual concerned.

7. Correction of Personal Information

Individuals can request correction of errors and, in the event of disagreement, request that their version of the facts be attached to the information held.

EKHH encourages individuals to contact us to update or correct information held about them by contacting the Privacy Officer.

8. Accuracy, etc, of personal information to be checked before use or disclosure

Steps are required to ensure that the information is accurate, up-to-date, complete, relevant, and not misleading, before use of the information.

9. Agency not to keep personal information for longer than necessary

Information must not be held for a period that is longer than which is deemed to be necessary.

Where EKHH no longer requires personal information EKHH takes reasonable endeavours to comply with its legal obligations in respect of that information.

10. Limits on Use of Personal Information

Subject to certain exceptions, information may only be used for the purpose for which it was collected.

At EKHH we use Personal Information to:

  • communicate with individuals;

  • assist people to apply to become a resident of EKHH;

  • assess requirements, needs, health status and how EKHH can best provide services;

  • provide or facilitate the provision of healthcare services, treatments or care;

  • engage third parties on individual’s behalf (where authorised);

  • maintain and administer personal records, including clinical records;

  • assess suitability or performance of potential or current employees, volunteers, contractors or suppliers;

  • manage and meet obligations in relation to our employees, volunteers, and contractors;

  • conduct our business and help us manage and enhance our services;

  • conduct appropriate checks for credit-worthiness;

  • process, administer, collect or make payments and if applicable, make appropriate taxation deductions;

  • perform data analysis;

  • perform market research and market our services;

  • monitor and identify, prevent or investigate any actual or suspected fraud, unlawful activity, inappropriate behaviour, or threats to EKHH systems or any person;

  • perform drug and alcohol searching and testing;

  • purchase goods or services;

  • comply with EKHH’s legal obligations, including reporting obligations;

  • ensure health and safety on our premises, and monitor the safety and security of EKHH staff, volunteers, residents, contractors and visitors, and complete incident investigations.


11. Limits on Disclosure of Personal Information:

Personal information must not be disclosed to others. There are exceptions but it is up to EKHH to prove that the exception applies.

EKHH may disclose personal information to:

  • the individual, their attorneys or authorised representatives. For prospective, current or former residents who do not have an attorney or representative, EKHH may also disclose your personal information to family/whanau members or carers if EKHH considers it necessary or desirable for the purposes of the individual’s care or wellbeing;

  • third party health providers or insurance companies where necessary for treatment or to assist with the processing of a claim in connection with treatment (this is done with permission where appropriate);

  • the Auckland District Health Board (ADHB) for the purposes of fulfilling our obligations under our contract with the ADHB;

  • other third parties who provide services to or for EKHH or who act on EKHH’s behalf;

  • courts, tribunals, government agencies, and regulatory authorities;

  • anyone who assists us to identify, prevent or investigate any actual or suspected fraud, unlawful activity or threats to EKHH systems or any person;

  • industry associations or other third parties, for benchmarking, statistical analysis and reporting purposes (provided information is first anonymised);

  • to professional organisations where necessary for any individual registration or assessment requirements;

  • any third parties who provide benefits or services to EKHH staff;

  • anyone else to whom an individual has authorised us to disclose it or where we are required or permitted to do so by law.


12. Disclosure of Personal Information Outside New Zealand

Describes the circumstances in which EKHH may disclose personal information to an agency outside of New Zealand.

EKHH will only disclose personal information to an overseas agency if EKHH can prove that it is necessary for the functions of EKHH or  the provision of Services to residents, and only if that overseas agency is subject to similar safeguards as those contained in the Act.


13. Unique Identifiers

An agency may assign a unique identifier to an individual for use in its operations only if that identifier is necessary to enable the agency to carry out one or more of its functions efficiently.

At EKHH, each staff member and volunteer is assigned a unique code number, and each resident is assigned a unique file number. EKHH may use a resident’s NHI number as a unique identifier.



References and Related EKHH Policies and Procedures

  1. Privacy Act 2020

  2. Health Information Privacy Code 2020

  3. QUALPOL007 Clinical Records Management Policy and Procedure

  4. HRPOL002 Human Resources Policies and Procedures Manual

  5. HRPOL025 Pre-Employment Screening Policy

  6. SDPOL003 Admission Agreement




  1. “Personal Information” is any identifiable information about a natural person (and when an enduring power of attorney is acting on behalf of a resident, “Personal Information” includes identifiable information about that resident), such as names, emails, addresses, telephone numbers, work experience, qualifications and so on. Photographs, videos, and other digital images are also regarded as Personal Information.

  2. “Services” are the services EKHH provide to residents including rest home care, hospital care, young disabled care, day care, respite care, carer support, post-operative stays and palliative care.



Who to contact

  1. Privacy Officer
    Elizabeth Knox Home and Hospital
    Phone: 09 523 3119
    Postal Address: PO Box 74060, Greenlane, Auckland 1546

  2. Office of the Privacy Commissioner

bottom of page