Policy Code CAP001.01
Person Responsible Director
Status (Draft/Released) Released
Date Last Updated 4 September 2019
1.0 PURPOSE AND SCOPE
To ensure that management of clients’ personal information meets all relevant legislative and regulatory requirements. This policy and procedure applies to current and potential clients, their carers and family members.
Because people with disabilities are more vulnerable to exploitation and abuse than others in the community, workers with access to client information automatically occupy risk-assessed roles under the NDIS Commission. The primary risk to privacy and confidentiality arises from the collection, storage and sharing of client information. Access by non-authorised persons may expose clients to risk. Safe storage and access policy protects clients from abuse and exploitation. This policy addresses these issues. There is a risk that information will be shared inadvertently and without the intention to do harm. Information may be unintentionally disclosed by careless use of tablet- or phone-based software, shared with a client’s supporters against the client’s wishes, or disclosed to peers on the assumption
that the information is publicly known. Cultural assumptions around sharing information are diverse and change rapidly. Social media platforms may allow clients to be identified. This risk may be minimised by:
These issues are addressed in this policy.
Personal information – Recorded information (including images) or opinion, whether true or not, from which the identity (including those up to thirty years deceased) could be reasonably ascertained.
Sensitive information – Information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political party, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preference or practices, or criminal record. This is also considered to be personal information.
Health information – Any information or an opinion about the physical,
mental or psychological health or ability (at any time) of an individual.
Information Privacy – refers to the control of the collection, use, disclosure
and disposal of information and the individual’s right to control how their
personal information is handled.
Lavender House Respite Care is committed to the transparent management of personal and health information about its clients and staff This commitment includes protecting the privacy of personal information, in accordance with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cwlth) amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cwlth).
Personal information may include:
In collecting personal information, Lavender House Respite Care will inform the client:
Client information is used to:
Clients are to be provided with the Client Consent Form at the time of commencing service with Lavender House Respite Care. This form is to be signed and placed in the client’s file;
Updating Client Information:
Collection and Storage of Personal Information:
Lavender House Respite Care collects information:
Lavender House Respite Care takes all reasonable steps to protect personal information against loss, interference, misuse, unauthorised access, modification, or disclosure. Lavender House Respite Care will destroy, or permanently de-identify personal information that is
Lavender House Respite Care has appropriate security measures in place to protect stored electronic and hard-copy materials. Lavender House Respite Care has an archiving process for client files which ensures files are securely and confidentially stored and destroyed in due course. Should a breach in privacy occur, potentially exposing client information (e.g. computer system hacked, laptop stolen etc.) the Director will immediately act to rectify the breach in accordance with organisational
policy and processes (see Breaches of Privacy, below).
Lavender House Respite Care respects the right to privacy and confidentiality, and will not disclose personal information except:
For these purposes, Lavender House Respite Care may disclose clients' personal information to other people, organisations or service providers, including medical and allied health service providers who assist with the services we
Accessing personal information
Clients can request and be granted access to their personal information, subject to exceptions allowed by law.
Lavender House Respite Care
PO Box 7108, Sippy Downs, QLD, 4556
The Director will assess the request to access information, taking into consideration current issues that may exist with the client, and whether these issues relate to any lawful exceptions to granting access to personal information.
Should the Director decide that access to personal information will be denied, they must, within 30 days of receipt of the request, inform the client in writing of:
Should Lavender House Respite Care be unable to provide the information in the means requested, the Director will discuss with the client alternative means of accessing their personal information. Reasonable charges and fees, incurred by Lavender House Respite Care in providing the data as requested, may be passed on to the client.
Office of the Information Commissioner, Queensland
PO Box 10143
Adelaide Street Brisbane
Telephone: (07) 3234 7373
Breaches of Privacy