PURPOSE AND SCOPE
This aims to ensure that our management of personal client information meets all relevant legislative and regulatory requirements.
This policy and procedure applies to current and potential clients, their carers and their family members.
Personal information – Recorded information (including images) or opinion, whether true or not, from which the identity (including those up to thirty years deceased) could be reasonably ascertained.
Sensitive information – Information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political party, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preference or practices, or criminal record. This is also considered to be personal information.
Health information – Any information or an opinion about the physical, mental or psychological health or ability (at any time) of an individual.
Information Privacy – refers to the control of the collection, use, disclosure and disposal of information and the individual’s right to control how their personal information is handled.
Outcomes Connect Australia is committed to the transparent management of personal and health information about its clients.
Outcomes Connect Australia’s Privacy and Confidentiality Policy and Procedure is made publicly available.
Personal information may include:
- date of birth,
- current and previous addresses,
- telephone numbers and e-mail addresses,
- bank account details,
- race or ethnicity, and
- medical history or information provided by a health service.
In collecting personal information, Outcomes Connect Australia will inform the client:
- that information is being collected;
- the purposes for collection;
- who will have access to the information;
- the right to seek access to, and/or correct, the information; and
- the right to make complaint or appeal decisions about the handling of their information.
Client information is used to:
- assess and provide services;
- administer and manage those services;
- evaluate and improve those services;
- contribute to research;
- contact family, carers, or other third parties if required; and
- meet our obligations under the NDIS.
Clients are to be provided with the Client Consent Form at the time of commencing service with Outcomes Connect Australia. This form is to be:
- signed and placed in the client’s file;
- held securely with access limited to staff members in the performance of their role.
Updating Client Information
To ensure that client information is accurate, complete, current, relevant and not misleading, Outcomes Connect Australia checks personal details and updates client files accordingly:
- whenever reviewing a client’s service; and / or
- upon being informed of changes or inaccuracies by clients or other stakeholders
There will be no charge for any correction of personal information.
Where Outcomes Connect Australia has previously disclosed client personal information to other parties, should the client request us to notify these parties of any change to their details, we must take reasonable steps to do so.
Collection and Storage of Personal Information.
Outcomes Connect Australia collects information:
- directly from clients orally or in writing;
- from third parties, such as medical practitioners, government agencies, client representatives, carer/s, and other health service providers;
- from client referrals; and
- from publicly available sources of information.
Outcomes Connect Australia will collect sensitive information:
- only with client consent, unless an exemption applies: e.g. the collection is required by law, court/tribunal order or is necessary to prevent or lessen a serious and imminent threat to life or health;
- fairly, lawfully, and non-intrusively;
- directly from client, if doing so is reasonable and practicable;
- only where deemed necessary to support
- service delivery to clients;
- staff activities and functions; and
- giving the client the option of interacting anonymity, if lawful and practicable.
Outcomes Connect Australia takes all reasonable steps to protect personal information against loss, interference, misuse, unauthorised access, modification, or disclosure. Outcomes Connect Australia will destroy, or permanently de-identify personal information that is
- no longer needed;
- unsolicited and could not have been obtained directly; or
- not required to be retained by, or under, an Australian law or a court/tribunal order.
Outcomes Connect Australia has appropriate security measures in place to protect stored electronic and hard-copy materials. Outcomes Connect Australia has an archiving process for client files which ensures files are securely and confidentially stored and destroyed in due course.
Should a breach in privacy occur, potentially exposing client information (e.g. computer system hacked, laptop stolen etc.) the Directors will immediately act to rectify the breach in accordance with organisational policy and processes.
Outcomes Connect Australia respects the right to privacy and confidentiality, and will not disclose personal information except:
- where disclosure would protect the client and / or others;
- where necessary for best service practice; or
- where obligated by law.
For these purposes, Outcomes Connect Australia may disclose clients’ personal information to other people, organisations or service providers, including:
- medical and allied health service providers who assist with the services we provide to clients;
- a ‘person responsible’ if the client is unable to give or communicate consent e.g. next of kin, carer, or guardian;
- the client’s authorised representative/s e.g. legal adviser;
- our professional advisers, e.g. lawyers, accountants, auditors;
- government and regulatory authorities, e.g. Centrelink, government departments, and the Australian Taxation Office;
- organisations undertaking research where information is relevant to public health or public safety; and
- when required or authorised by law.
Any information released for evaluation or research purposes will be de-identified.
Accessing personal information
Clients can request and be granted access to their personal information, subject to exceptions allowed by law.
Requests to access personal information must state:
- the information to be accessed
- the preferred means of accessing the information,
and should be forwarded to the Directors in writing to: firstname.lastname@example.org
The Directors will assess the request to access information, taking into consideration current issues that may exist with the client, and whether these issues relate to any lawful exceptions to granting access to personal information.
Should the Directors decide that access to personal information will be denied, they must, within 30 days of receipt of the request, inform the client in writing of:
- the reasons for denying access and
- the mechanisms available to complain or appeal.
Should access be granted, the Directors will contact the client within 30 days of receipt of the request to arrange access to their personal information.
Should Outcomes Connect Australia be unable to provide the information in the means requested, the Directors will discuss with the client alternative means of accessing their personal information.
Reasonable charges and fees, incurred by Outcomes Connect Australia in providing the data as requested, may be passed on to the client.
Complaints about Privacy
Questions or concerns about Outcomes Connect Australia’s privacy practices should be brought, in the first instance, to the Directors’ attention – see Complaints Policy below.
If concerns cannot be resolved and clients wish to formally complain about how their personal information is managed, or if they believe Outcomes Connect Australia has breached an APP and/or IPP, they may send their concerns in writing to:
Office of the Victorian Information Commissioner
Phone: 1300 666 444
or through the online form available at https://www.cpdp.vic.gov.au/menu-privacy/privacy-public/privacy-public-make-complaint