Privacy Policy 2025

ACC Supplier Obligations to meet key regulatory and

professional standards.

1.1 You will comply with the Privacy Act 2020 and the Health Information Privacy

Code 1994 including: ensuring that any personal or health information you hold

about a Client is protected by reasonable security safeguards against loss or

unauthorised access, use, modification or disclosure appointing a Privacy Officer

having a privacy policy which complies with the Privacy Act 1993 and the Health

Information Privacy Code 1994 using or disclosing personal or health information

only where the use or disclosure is permitted or authorised by the Privacy Act 1993

or the Health Information Privacy Code 1994. You will ensure that your service

providers: • are aware of the obligations to protect personal and health information

and confidential information in this Contract.

1.1.1

EPIC PHYSIO CLINIC PRIVACY POLICY

WRITTEN BY: Rebekah Davidson

REVIEWED: August 2025

NEXT REVIEW DATE: August 2026

RESPONSIBILITY:

Privacy Officer: Rebekah Davidson

POLICY:

Epic Physio Ltd is committed to protecting a clients’ personal information in

according to the Privacy Act 2020 and Health Information Privacy Code 1994.

The Act strengthens privacy protections. It promotes early intervention and risk

management by agencies that handle personal information enhancing the role of the

Privacy Commissioner. This Policy will set out the procedures necessary to ensure

that collection of personal and confidential information will be kept private and secure

and that the client will be informed of the clinics’ compliance. Epic Physio Ltd

will collect information using reasonable security safeguards against loss or

unauthorised access, use, modification or disclosure. Epic Physio Ltd will only

use or disclose personal or health information where the use or disclosure is

permitted or authorised by the Privacy Act 2020 or the Health Information Privacy

Code 1994.

Procedures:

1. An electronic consent form will be given to each client as part of their enrolment form for

the client to read before treatment. This written consent form will set out what

information we collect, how we handle the personal information we collect,

including the Enrolment form and notes taken during your assessment and

treatment.

2. The Privacy Officer for Epic PhysioLtd is Rebekah Davidson. As

Owner/Operator Rebekah Davidson will sign the privacy policy to indicate that she

is aware of the obligations to protect personal and health information and

confidential information as part of the ACC Supplier Obligations set out in the

Contract, and will ensure that any future staff will read the Privacy Policy and

sign that they have done so as part of their orientation

3. The Privacy Policy will be reviewed annually and signed by all staff as

acknowledgement that they have read the document.

4. The Staff Orientation Document will reflect evidence regarding education and

practice of the Privacy Policy and Procedures.

5. The Employment Contract will outline the responsibility of every staff member

to make a privacy assessment both verbal and visual as part of their role, and

to be familiar with the Privacy Policy.

6. Every staff member will sign a Confidentiality Agreement before

commencement of work

7. Service Providers will be made aware by the Privacy Officer Rebekah Davidson

and will sign the Confidentiality form before services will be provided.

8. Screen savers will be used to protect computer screens when not in use

9. Personal computers and laptops will not be left unattended

10. Every computer used in the clinic will have password protection

11. Use of the Nookal management system with its cloud-based storage allows

the clinics’ data to be stored in the cloud and complies with security best

practice standards, providing physical security, redundancy and backup.

12. Any physical/ paper with client information will be destroyed via shredding

13. All health and personal information will be kept for a period of 10 years

14. All therapists will gain both verbal and visual acknowledgement from Clients

that they understand the clinic's compliance in respect of client Privacy Rights.

15. Clients will be asked to sign a written permission form before we request their

notes/history/medical information from another agency

16. A copy of the Privacy Act 2020 will be held at the Clinic for all staff to access.

1.1.2

CONSENT FORM FOR CLIENTS

Personal information may include, your name, email address, mailing address,

phone number date of birth, medical history, ethnicity, next of kin, and other personal

information required to make a thorough assessment. By signing the Enrolment

Form you authorise us to collect, use and disclose your personal information only in

according to the Privacy Act 2020 and Health Information Privacy Code 1994.

The enrolment form will outline that we collect personal information from clients,

including information about their contact details, location, email address, medical

history, next of kin, and information regarding their injury. We collect this personal

information in order to provide Physiotherapy Services.

You have a right not to disclose personal information

You have the right to ask for a copy of any personal information held about you, and

to ask for it to be corrected if you consider it is wrong.

If you would like a copy of your information, or to have it corrected, you can contact

the clinic on Rebekah@epicphysio.co.nz or 0212158967

Disclosure of personal or health information will only occur where the use or

disclosure is permitted by the client or authorised by the Privacy Act 2020 or the

Health Information Privacy Code 1994.

You will be required to sign the enrolment form to indicate that you understand your

rights before Physiotherapy can commence.

As Owner/Operator Rebekah Davidson will sign the privacy policy to indicate that she is

aware of the obligations to protect personal and health information and confidential

information as part of the ACC Supplier Obligations set out in the Contract, and will

ensure that any future staff will read the privacy policy and sign that they have done

so as part of their orientation

1.1.3

Administration/Reception Staff Orientation Checklist

A job description and employment contract will have been made available to future staff

prior to commencement of employment

A checklist for this orientation is as follows:

1. Introduction to all staff and general layout of the clinic and location of safe storage

for valuables

2. Introduction to the Practice by way of the Policy and Procedures Manual

3. An orientation to the reception area and reception duties including computer and

printer, fee documentation, administrative matters, loan of equipment process and

general practice duties as per Job Description

4. Orientation re Information Systems

a. Security b. storage c. destruction d. release

5. Emphasis on attendance and participation in documented staff meetings, staff

appraisals and the Quality Assurance programme

6. Explanation of cleaning duties, where materials can be found, linen etc are kept,

sterilisation procedures

7. Orientation re Health and Safety Plan and Privacy Officer Roles and Responsibilities

and when they may need to consult them

8. Muster point for evacuation

9. Fire extinguisher location closest to the hand therapy area entrance and instructions

on use

10. First aid kit + location of closest defibrillator (AED) at Coast to Coast Medical Centre

11. Location of emergency telephone numbers, fire evacuation procedure and fire

warden for the Centre

12. Survival Equipment Location

13. Location of Mains Box, RCD trip switch

14. Procedure for handling of contaminated material – see Infection Control in Polices

and Procedures Manual

15. Instruction in sales of equipment, wheat bags, strapping and tape as appropriate

16. Orientation re community services available in the Wellsford area, Te Ha Oranga,

and Allied Health professionals

17. Explanation and demonstration of sterilization process for wound instruments,

safety procedures, i.e. infection control information and policy

18. Signing of client confidentiality documentation, read and understand Health

Information Privacy Code 1994 and Health and Disability Consumers Rights code

19. Signing of internet/computer use and privacy information document

20. Copy of this checklist signed by both parties and kept in personnel folder

1.1.4

CONFIDENTIALITY FORM

This confidentiality agreement form is between Epic Physio Ltd and

………………………………………………………

who will provide services to Epic Physio Ltd with access to “Confidential

Information.” 

The confidential information could include private client personal and health

information, and confidential clinic information including patents, copyrights,

trademarks/service, marketing and sales information, computer codes,

applications, and computer passwords.

By signing this form you will exercise reasonable precautions against

disclosure of confidential and private information without written consent of

Epic Physio Ltd.

You will review the Privacy Policy and sign to indicate your acknowledgement

of the Privacy Policy and Procedures of Epic Physio Ltd.

By signing this form you acknowledge that you are aware of the obligations to

protect personal, health, business, and confidential information as set out in

the ACC Contract, and that if you are unsure you will seek the guidance of the

Clinic Privacy Officer or consult the Privacy Act 2020 and the Health

Information Privacy Code 1994.

Signed by

…………………………………………………………………………………………..

Signed by the Privacy Officer Epic Physio Ltd

……………………………………………

Date

…………………………………………………………………………………………