POLICY 6.5 – Protection of Confidential Information
1.0 POLICY STATEMENT
Community Care Services – Central Coast Ltd (CCS) is committed to ensuring that each individual’s right to privacy and confidentiality is respected and protected, and that confidential organisational documents are protected.
The scope of this policy has application for all activities and personnel involved with the collection, storage, use and disclosure of both personal and corporate information.
Personal Information is defined under the Freedom of Information Act Section 4 to mean information or an opinion…about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
CCS will ensure that any process for the collection, storage, use or disclosure of personal information will comply with the Privacy Act 1988 and the Privacy Principles (Privacy Amendment [Private Sector]) Act 2000. On the 12 March 2014 – the Australian Privacy Principles (APPs) replaced the National Privacy Principles and Information Privacy Protection.
- Informing individuals why information is being collected and seeking consent for collection;
- Collecting only information that is appropriate and relevant to the provision of our services;
- Ensuring that opportunities are made available for corrections to personal information to be made where necessary;
- Acknowledging that the individual has the right to know the nature and purpose of the information collected, how it will be protected, how long it will be kept, procedures for disposal, and how they can access their personal information;
- Ensuring that all personal information is stored in a manner that is both physically and electronically secure;
- Being selective and professional about divulging any personal information to staff on the basis of ensuring privacy and confidentiality; and
- Gaining and recording consent for the disclosure of personal information outside CCS. If an individual does not have the capacity to give his or her consent, the written consent of an authorised advocate or legal guardian will be sought.
5.1 Privacy Protection
Staff are to ensure that individual interviews or consultations conducted with clients and/or their carers at CCS premises or at the clients home take place in a suitable area, with sight and sound privacy.
Managers/supervisors are to ensure that any personal interviews conducted with their staff are also undertaken in a suitable area, where confidential discussions cannot be overheard.
No photographs or images of clients or employees will be displayed or used for any promotional purposes without the express consent of the individuals involved.
CCS’s obligations under the Australian Privacy Principles (APPs) includes;
APP 1 – Open and Transparent management of personal information
All Board of Directors and all employees, volunteers and contractors of CCS must affirm their commitment to maintaining confidentiality in relation to all CCS’s business affairs, through the signing of the Code of Conduct and Ethics.
All records of personal information are to be stored in a protected environment with computer passwords and locked storage facilities. Personal information is only available to staff with authority to access this information.
As part of the assessment process CCS will collect personal information in order to provide the services, the purpose of the collection and use of the information is only for the purpose of delivering the service and government funding requirement reporting.
All personal information is protected, and will only be released with the individual’s consent. This can be released to anywhere in the world, pending the individuals consent.
If you feel that CCS have breached the Australian Privacy Principles, you have a right to lodge a complaint. The complaint will be dealt with in a confidential manner. Please refer to CCS Client Service Policy 7.5 Complaints and Feedback.
APP 2 – Anonymity and pseudonymity
CCS is required for the purpose of delivering government funded services to collect personal information. Therefore individuals must identify themselves in order to access government funding and meeting the funding requirements.
If an individual wishes not to identifying themselves or uses a pseudonym government subsidised services may be denied however CCS may still be able to provide non-government funded services to an individual at private rates.
APP 3 – Collection of solicited personal information
Board of Directors
Board of Directors information is collected for the purpose of maintaining a Register, in accordance with our annual reporting obligations as a Company Limited by Guarantee. This information includes the Board of Directors name, address, date of birth, and contact details.
Personal information regarding employees is collected in order to process their entitlements, including payment of wages, superannuation contributions and Australian Taxation Office obligations. Additional information is collected to protect both client and organisational interests. Information held by CCS includes personal addresses and contact details, qualifications, curriculum vitae, bank account numbers for electronic funds transfers, superannuation fund membership details, police clearance certificates and training records. All staff have the right to access to their personnel files on request.
Clients’ personal information gathered by CCS staff is for the purpose of planning and delivering appropriately designed services, meeting our reporting accountabilities, and observance of our Duty of Care. It may include the client’s name, address, contact details, date of birth, country of birth, languages spoken, other services accessed, financial information including social service entitlements, and relevant health information such as diagnosed ailments, functional capacities and medical conditions. Our confidentiality and privacy obligations and their right to access their personal information are explained to each client, and their understanding of these rights is confirmed by the signing of the Client Service Agreement.
Personal information held about each of the above customer groups of CCS is freely given, and each individual is made aware of the purpose for which the information is collected, and how it will be used.
CCS only collect information that is needed in order to provide services. All information collected will be relevant and not excessive. Any information collected will not unreasonably intrude into the personal affairs of the individual. CCS collects relevant and necessary information in relation to the individuals personal, health and medical information in order to effectively facilitate support services requested.
CCS must not collect personal information (other than sensitive information) unless the information is reasonable necessary for, or directly related to, one or more of CCS functions or activities.
Sensitive information – CCS must not collect sensitive information about an individual unless;
- the individual consents to the collection of the information
- the information is reasonably necessary for, or directly related to, one or more of CCS functions or activities
APP 4 – Dealing with unsolicited personal information
If CCS receives personal information and CCS did not solicit the information, CCS will within 24hrs determine whether this information was for the purpose of CCS business activities, if the personal information was not intended for CCS business activities, the information will be destroyed as soon as practicable and if it is lawful and reasonable to do so.
APP 5 – Notification of the collection of personal information
If CCS collects personal information about an individual, CCS must inform the individual as soon as practicable to do so. This must be done if;
- CCS collects the personal information from someone other than the individual; or
- the individual may not be aware that CCS has collected the personal information
APP 6 – Use or disclosure of personal information
CCS holds personal information about an individual that was collected for the purpose of delivering services, CCS will not use or disclose the information for any other purpose, unless;
- the individual has consented to the use or disclosure of the information
- the use or disclosure of the information is required or authorised by or under an Australian Law or a court/tribunal order
Written note of use or disclosure
If CCS uses or discloses personal information in accordance with the above exceptions, CCS must make a written note of the use or disclosure.
This does not apply to the use or disclosure by CCS of government related identifiers.
APP 7 – Direct marketing
CCS will not use or disclose personal information for the purpose of direct marketing. CCS will be sending individuals newsletters, monthly invoices and other relevant material that relates to our products and services within our business activities.
APP 8 – Cross-border disclosure of personal information
CCS will only disclose information to an overseas person if CCS has the written consent from individual or the receipt of the information is subject to or required or authorised by or under an Australian Law or a court/tribunal order
APP 9 – Adoption, use or disclosure of government related identifiers
CCS must not adopt a government related identifier of an individual as our own identifier. CCS must not use or disclose a government related identifier of an individual unless;
- is reasonable necessary for the purpose of delivering services within CCS
- is reasonable necessary to fulfil CCS’s obligations to an agency or a State or Territory authority
- is reasonable necessary related to one or more enforcement related activities conducted by, or on behalf of, an enforcement body
APP 10 – Quality of personal information
CCS staff must ensure that personal information collected is accurate, up to date and complete. If an individual believes that the information CCS has collected is incorrect, incomplete or out-of-date they are invited to contacts CEO or Programs Manager to correct the information. CCS will correct the information as soon as practicable to do so.
APP 11 – Security of personal information
CCS holds personal information in a combination of secure electronic and hard copy formats. We take all reasonable steps to ensure that any personal information held is protected from misuse, loss and unauthorised, modification or disclosure. Such steps include, but are not limited to:-
- secure physical storage of documents
- network and communications security measures
All personal and health information will be kept for as long as it is required to be able to provide the intended service or to meet legal and regulatory requirements. Reasonable steps will be taken to permanently de-identify or securely destroy personal information that we no longer require for any purpose except in limited permitted circumstances. Information will be protected from unauthorised access, use or disclosure.
Government identifiers such as Medicare or tax file numbers are not used by CCS as identifiers on client or staff personal information.
APP 12 – Access to personal information
Clients are required to sign the Client Consent Form prior to any release of their personal information. The signed release gives their authority for disclosure of their personal information to other health professionals involved in their care, or for referral purposes, or for the release of information by other health professionals, or for submission to national data collections.
The Client Consent Form also explains the clients’ right to withdraw their consent at any time.
Staff are required to be selective and professional when sharing personal client information with internal staff. Information is only to be shared on a need to know basis to ensure the maximum level of protection of the individual’s privacy and confidentiality.
Individuals and/or their legal representatives have the right to request access to personal information held about them, under Freedom of Information legislation. Information on the processes to be deployed in the event of such a request for disclosure will be found in the CCS Information Systems Policy # 006.6 Freedom of Information.
Our standard practices and obligations for protection of individual privacy may be overridden should an actual or threatened illegal act occur. The National Privacy Principle 2 grants such exemptions for unauthorised information disclosure.
When personal or health information is collected reasonable steps will be taken to explain to the person from whom the information is being collected as to what information is being stored, why it is being used and any rights they have to access it. You have a right to reasonable access to any information that CCS holds about you. The National Privacy Principles outline circumstances under which we may not agree to allow you access to some or all of your personal information. If this is the case we will provide you with a reason for this decision.
We may charge for the cost of providing access to your personal information and you would be informed if such a charge applies before we proceed with your request.
APP 13 – Correction of personal information
To enable CCS to provide you with the best possible service, it is important that the information we hold about you is accurate. We will take reasonable steps to ensure your personal information is accurate, complete and up-to-date at the time of collecting, using or disclosing it. We will take reasonable steps to ensure that that the person is aware as to how they can see and correct their personal and health information and any consequences if they decide not to provide their information as requested.
If you believe any information we hold about you is inaccurate, incomplete or out-of-date, you should contact us. We will respond to your request within a reasonable period and take reasonable steps to amend your records.