Seek My Health

Health Marketplace

Beating the Blues

Manage My Health has published an update regarding the cyber security incident identified on 30 December 2025. Read the full notice here.

News & Events
Support
Sign in
Sign in

Privacy Policy

Privacy Policy

This Privacy Policy governs Manage My Health Limited’s (“MMH”, “we” and “us”) collection, use and disclosure of personal information you may supply to us through your access and/or use of any ManageMyHealth service, software, application, product or website (collectively, “ManageMyHealth”).

Please read this Privacy Policy carefully. By using ManageMyHealth and/or otherwise providing us with your personal information, you authorise the collection, use, storage and disclosure of your personal information in accordance with this Privacy Policy.

This Privacy Policy is to be read in addition to any other applicable terms and conditions that may apply to your relationship and/or engagement with us. If you don’t agree with any term set out in this Privacy Policy or the Terms of Use, you must not use ManageMyHealth.

Any information submitted to ManageMyHealth Community Forums or Blogs becomes public information upon publication and is not covered by this Privacy Policy. Accordingly, you should be cautious as to what personal information you publish in these areas.

1. Introduction

1.1 ManageMyHealth is a personal health service that lets you review, gather, edit, store, and deal with health information online. With ManageMyHealth, you have the ability to access your own medical records if your medical practitioner makes these available through ManageMyHealth. You can also share your health information with family, friends, and health care professionals, and have access to online health information management tools.

1.2 MMH is committed to protecting your privacy through its secure information technology services, ManageMyHealth, and its strict adherence with the Privacy Act 2020 (Privacy Act), together with the requirements of the Health Information Privacy Code 2020 (HIPC) (or any replacement code of practice or other regulation issued under the Privacy Act).

1.3 “Personal Information” is defined as information about an identifiable individual, as defined in the Privacy Act 2020.

1.4 “Health Information” is defined as personal information about an identifiable individual relating to their health, disability, or health services, as defined in the Health Information Privacy Code 2020.

1.5 Reference to MMH in this Privacy Policy includes any person or organisation to which it may license or assign its rights and obligations.

2. Collection of Your Personal Information

2.1 We collect personal information about you in order to enable you to register for our services and to use ManageMyHealth. The personal information we collect may include your name, date of birth, e-mail address and physical address.

2.2 We may request other optional information necessary for our lawful purpose connected to our functions, but we clearly indicate that such information is optional. You can review and update your account information at any time. You can modify, add, or delete any optional account information by signing into your ManageMyHealth account and editing your account profile.

2.3 We may also collect health information from you, such as your medical history, symptoms, lab results, medication and prescription details, clinical notes, and health services you are currently being or have been provided, only to the extent you choose to include this information in your records when using ManageMyHealth.

2.4 Subject to your Health Provider’s privacy policy, with your authorisation, we may also collect personal and health information about you directly from your Health Provider, but only to the extent that such information is necessary for us to provide certain services to you and/or your Health Provider. In addition to the personal and health information listed above, we may also collect your Health Provider information such as your name, date of birth, contact details, gender, ethnicity, health classifications, enrolment details, appointment information, your National Health Index number, other Health Provider identifiers (including practice management system Identifiers), and communications between you and your Health Provider.

2.5 To access your medical records held by your participating Healthcare Provider an activation code must be obtained in person from the Healthcare Provider. One specific e-mail address must be provided along with a valid photo-id.

2.6 In some situations, we may collect someone else’s personal information from you, for example, we may collect your child’s personal information when you create an account for them on ManageMyHealth. We may also collect your personal information from someone else (for example, if you are a child under 16 or an adult dependent on a representative or guardian) where another individual manages your ManageMyHealth account on your behalf.

2.7 Where personal and health information about you is provided to ManageMyHealth by your healthcare provider, MMH receives and uses that information to operate and deliver its services.

2.8 Your healthcare provider is responsible for collecting and providing that information in accordance with applicable Privacy Law and may provide notice to you in relation to that collection. Once received, MMH handles that information in accordance with this Privacy Policy and its legal obligations.

2.9 When using ManageMyHealth mobile apps (Android and Apple iOS), we may require access to the following with your permission: Camera and microphone access for video consultation; Internal or external storage access to upload and share documents; and Bluetooth settings to select audio during video consultation and connect to external devices.

3. Closure of Account

3.1 When your healthcare provider stops using Manage My Health, all health information accessible through Manage My Health will be removed and will no longer be available to you. However, your Manage My Health account is not automatically deleted as a result of the practice stopping its use of the service.

3.2 When your healthcare provider stops using Manage My Health, we will notify you as soon as practicable and no later than 30 days after the effective date of the practice’s departure.

3.3 You can close your ManageMyHealth account at any time using the self-service option within your account profile (My Account → Close Account).

3.4 Upon account closure, your personal information and records held on the Manage My Health platform will be permanently deleted, subject to our retention obligations under law. Health information originating from your healthcare provider’s systems is controlled by them and remains in their systems, which are outside MMH’s control.

3.5 Where your account has been inactive and is not linked to any healthcare provider in ManageMyHealth, we may close your account following a notification period. Details of this process are set out in our Terms of Use.

3.6 Following closure of your account, we may retain certain personal information only where obligations are required under law.

4. Purposes of Collection 

4.1 MMH collects and uses your personal information to operate, improve and deliver ManageMyHealth or carry out the transactions you have requested. These uses may include:

(a) providing ManageMyHealth and related services;

(b) providing you with more effective customer service including by tailoring content or healthcare recommendations to your personal circumstances;

(c) making ManageMyHealth or its services easier to use by eliminating the need for you to repeatedly enter the same information or to share information with third parties that you have already shared with ManageMyHealth;

(d) performing research and analysis aimed at improving our products, services and technologies;

(e) displaying content and health promotions that are customised to your interests and preferences;

(f) using aggregated information (which has identifying information removed) to improve the quality of the services offered on ManageMyHealth, for marketing of ManageMyHealth and for general analysis or population health statistics;

(g) gathering and analysing health statistics (in a form in which you cannot identify) to allow planning of effective healthcare services within your region. This information is extremely valuable as it allows the limited healthcare services to be targeted to the needs of the population, which in turn potentially provides benefits to you and your family.

4.2 MMH does not use your individual account and record information from ManageMyHealth for marketing without MMH first asking for and receiving your opt-in consent.

4.3 MMH may communicate directly with you in respect to your account, the security of your information, changes to our services, or any matter required by law, in our capacity as a service provider, independent of any healthcare provider.

4.4 We will not use personal information for purposes other than described above, unless:

(a) we have your consent (or consent of the person whose personal information you have provided); or

(b) we are permitted or required to do so by law.

5. Sharing Your Personal Health Information

5.1 We will only disclose personal information in accordance with this Privacy Policy, in accordance with your specific instructions or authorisation, and/or in accordance with the specific instructions or authorisation of the person whose personal information you have provided. We may disclose your personal information to:

(a) a related company of MMH, who may use your personal information for the same purposes as us;

(b) your Health Provider, including other doctors, nurses or physicians within your Health Provider’s practice. This will be expanded in later versions of ManageMyHealth to other health professionals you authorise and an optional “trust list” functionality which will allow you to grant access to other individuals involved with your care;

(c) with your authorisation, to other health service providers (including specialists and allied health providers including health and wellness providers and insurers who you may be referred to or connected with as part of a function of ManageMyHealth;

(d) emergency services personnel (including as part of the Medic Alert system, where you are part of this programme) who may assist you in an emergency situation;

(e) our service providers that are providing a service to you or us in relation to ManageMyHealth, for example, third party web site hosting; packaging, mailing; answering customer questions about products and services; and sending information about our products, special offers, and other new services.

5.2 MMH may also disclose personal information if we believe on reasonable grounds that such disclosure is necessary to:

(a) enforce this Privacy Policy or any other relevant terms and conditions;

(b) comply with a judicial proceeding, court orders, or legal processes served on MMH;

(c) protect and defend the rights or property of MMH and our family of web sites; or

(d) is otherwise required or permitted by law.

6. Transfer of Information Overseas

6.1 We generally hold your information in New Zealand. To the extent we disclose personal information to third parties outside of New Zealand, we will take reasonable steps to ensure such third party is subject to comparable privacy laws as those in the Privacy Act or is otherwise required to protect the information in a way that, overall, provides comparable safeguards to those under the Privacy Act.

7. Sharing Records with Third Parties through ManageMyHealth 

7.1 We may provide you with information about third party applications or services that connect with, are referred through, ManageMyHealth. You can view the third parties and applications and should examine their privacy policies / statements and terms of use prior to using them or allowing them access to any of your health information. In order to access ManageMyHealth, the third party is required to protect the privacy of health information by complying with all applicable privacy laws.

7.2 No third party has access to your information through ManageMyHealth unless and until you actively opt in through ManageMyHealth to grant it access. You control what health information you allow a third party to access and the length of time they can access the information. Once you authorise such third party application to access your information from ManageMyHealth, such information will be subject to the third party’s privacy policies and MMH will not be liable or responsible for the privacy practices of any third party.

8. Security and Storage of Information

8.1 We will take reasonable steps to ensure that the personal information that we hold is accurate, complete, up-to-date, stored in a secure environment, and protected from unauthorised access, modification or disclosure. MMH follows strict internal procedures in collecting, storing and disclosing information about you.

8.2 When any information is uploaded to your ManageMyHealth account, it is sent over the Internet using Secure Sockets Layer (SSL). This method encrypts the information to help prevent others from reading it while it’s in transit from your computer to ManageMyHealth.

8.3 Any information or records you maintain with a ManageMyHealth account will be hosted on servers in a secure environment by a commercially reputable hosting vendor using best practice security techniques. ManageMyHealth is protected by a reputable network firewall and daily backups are performed to allow system restores to be performed in a disaster recovery situation.

8.4 If you choose to access your medical records held by your Health Provider through ManageMyHealth you are consenting to ManageMyHealth storing that information on your behalf and obtaining periodic updates to the records via your Healthcare Provider.

8.5 Information submitted to ManageMyHealth from your Healthcare Provider is encrypted during transmission. Your information provided to you via a web browser is encrypted during transmission using the highest standard available today using VeriSign Digital Certificates.

8.6 MMH will only retain your personal information for as long as it is needed for the purposes for which it was collected (or any other purpose you have consented to) or for so long as we are required by law to retain it. If your account or access is terminated, we will delete your personal information.

8.7 Access to your account will be blocked following 5 failed attempts to logon. Your account is unblocked by using the forgotten password function on the website. If your account is blocked because you have abused your access privileges, you will be offered the opportunity to obtain a copy of any personal / health information you have entered. In these circumstances information provided by your Healthcare Provider will not be provided and must be obtained from your Healthcare Provider.

8.8 If you’re using ManageMyHealth to upload sensitive data (such as health information), you should properly secure your computer. To help do this, you can use anti-spyware and virus protection software. You can also restrict access to your computer (for example, by using a strong password for your computer login and a network firewall).

8.9 ManageMyHealth cannot be held liable in any way for events beyond our control or in any way for accidental or unauthorised access of your information.

9. Your Rights to Access and Request Correction of Your Personal Information 

9.1 Generally, upon your request, we must confirm whether we hold personal information about you, and provide access to that personal information. We can only give you access to personal information we hold about you, and not about any other person (unless you are acting on that person’s behalf and have acceptable written authorisation). There are some exceptions where we may refuse to give you access under law (for example, where disclosing the information may pose a serious threat to any person’s life, health or safety).

9.2 You may ask us to correct information about you if you think that it is wrong. We may not agree that the information needs correcting, but in this case, we will explain our reasons for declining your request. If this happens you may ask us to attach a statement of correction to our records which sets out what you believe the information should be.

10. How We Use De-Identified Data, Aggregate Information and Statistics

10.1 MMH may use aggregated information from your use of ManageMyHealth features and services for the purpose of improving the quality of ManageMyHealth, marketing the usefulness of ManageMyHealth or for the purpose of research and analysis of ManageMyHealth features and services. This aggregated information will never identify an individual.

10.2 MMH may use de-identified usage data (de-identified data refers to data from which all personally identifiable information has been removed) from ManageMyHealth to report on usage statistics and usage analysis of various features for the purpose of improving the quality of ManageMyHealth, marketing the usefulness of ManageMyHealth or for the purposes of research and analysis of ManageMyHealth features and services. This de-identified usage data will never identify or be associated with any individual account.

11. Unique Identifiers

11.1 The primary unique identifier used within ManageMyHealth is an email address of your choice, which you have authorised us to use to communicate with you. This identifier may be linked to your National Health Index number, if known, which is allocated to you when you use a service provided by a public health authority such as a public hospital or General Practice. No other unique identifier is linked to you by ManageMyHealth.

11.2 While an email address is globally unique we cannot guarantee that it will always be assigned to the same person. If an email address is no longer used by an individual it is then typically ‘made available’ to anyone else who wants to use it, much the same as a phone number. In the case of children we allow the use of a parent’s email address. Once an individual becomes 16 years old they become responsible for maintaining their account access by other persons such as their parents.

11.3 We are aware that over time you may change your email account hence you are allocated a unique system identifier which is inaccessible except by the system.

12. Email Controls

12.1 To keep you informed of the latest improvements, MMH will send you a newsletter. By creating an account you are deemed to have given us your implied consent to send you such newsletters. If you do not want to receive the newsletter, you can unsubscribe at any time.

13. Use of Cookies

13.1 We only use temporary cookies on ManageMyHealth which are deleted upon you signing out. The cookies contain no personal information.

14. Changes to This Privacy Policy

14.1 We may occasionally update this Privacy Policy. When we do, we will revise the “last updated” date at the top of the Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we are helping to protect the personal information we collect. Your continued use of ManageMyHealth following any update constitutes your acceptance to such updates.

15. Enforcement of This Privacy Policy

15.1 MMH must comply with privacy legislation when dealing with personal information. If you would like any further information or have any queries, problems or complaints relating to our Privacy Policy or our information handling practices in general, please contact us at:
Address: Privacy Officer, Manage My Health Limited, Level 1, 48 Market Place, Viaduct Harbour, Auckland 1010
Email: [email protected]

Last Updated: 25 June 2026

Scroll to Top
Sign in
Menu

News & Events

Support