PRIVACY POLICY

Policy Number01-PRIV-CONF
Ratified by Board (date)29/06/2021
SignedAmanda Doyle
NameAmanda Doyle
PositionChief Executive Officer
Review date01/07/2024

1.    Background

For Home Assist Community Services to meet the guidelines specified by Home Assist Secure, Queensland Government, we may be required to provide consumer details to the Department.  The reason for doing so is to ensure that we are delivering quality services that meet the consumers’ needs.  To ensure our compliance with the Privacy Act Home Assist Community Services will ensure that this information is given to consumers of the Home Assist Secure Program in the form of a Notification of Privacy and Collection at the beginning of their services with us.

In order to treat a consumer with dignity and respect, we must respect their privacy.  We ensure the behaviour and interactions of our employees, volunteers, contractors and consultants does not compromise consumer privacy.  Home Assist Community Services will respect each consumer’s right to privacy in how we collect, store, handle, access, amend, manage use and communicate the consumer’s personal information.

It is essential that we respect a consumer’s right to privacy in how we collect, use and communicate health information,

Home Assist Community Services will manage all personal information according to law and best practice.

All personal information will be managed according to the  Privacy Act 1988, and the Office of the Australian Information Commissioner’s (OAIC) Privacy Principles Guidelines, which govern how and when personal information may be collected, handled, stored, accessed, amended, managed, transferred, used and disclosed.

By Home Assist Community Services actions our consumers will feel they are treated with dignity and respect, and that they can maintain their identity.  The will feel that they can make informed choices about their services and remain safe and secure within their own home.

Home Assist Community Services has

  • A culture of inclusion and respect for consumers
  • Supports consumers to exercise choice and independence
  • Respects our consumers’ privacy

1.    Policy Statement

Home Assist Community Services is committed to fostering a culture which values and maintains client and employee confidentiality and dignity in relation to personal and sensitive information in order to create an environment that is respectful of the rights of clients, staff and contractors.

Home Assist Community Services is committed to the privacy and confidentiality of the consumers’ personal information.  Privacy for the consumer may relate to physical environment, possessions, physical needs, personal relationships, and personal information.

Home Assist Community Services recognises its responsibility to collect, manage, use and disclose personal information in compliance with legislative requirements.

Home Assist Community Services respects an individual’s right to privacy and undertakes to keep personal and sensitive information in confidence. All clients and staff of Home Assist have a reasonable expectation that Home Assist will protect and appropriately manage the personal information in its possession.

Note: All staff who handle personal or sensitive information are required to be familiar with the Office of the Australian Information Commissioner’s Privacy Principles Guidelines, which this policy is predicated on, and in which all staff will receive training in during induction and at regular intervals via refresher training.

2.    Scope

This policy applies to

  • All categories of employees
  • Board of Directors
  • All volunteers
  • Students on Placement
  • Contractors and Consultants whether or not they are employees
  • All other service providers.

3.    Policy Commitment

In order to achieve our commitment to privacy and confidentiality of our consumers’ information we

  • Gain consent from the consumer prior to gathering and storing their information – at the commencement of service.
  • Provide the consumer with a copy of our Privacy Statement and ensure that it is available on our website.
  • Information on records held by Home Assist Community Services must be provided to the consumers as well as their representatives as well as the process to access their own personal information should they wish.
  • Any consumer files held manually or electronically are securely stored and access is restricted to those employees required to do so as part of their usual duties
  • All employees sign a confidentiality agreement when first employed which commits them to respecting the privacy and confidentiality of each consumer when we
  • Provide them with care and services
  • Discuss a consumer’s care and service requirements
  • Store a consumer’s personal information whether this relates to general or medical needs of the consumer

4.    Australian Privacy Principles

Home Assist is committed to, and bound by, the 13 Australian Privacy Principles , which are the cornerstone of the Australian privacy protection framework under the Privacy Act 1988, set out in Table 1 below:

Table 1

Australian Privacy Principles (APP):

PrincipleTitlePurpose
APP 1Open and transparent management of personal informationEnsures that Home Assist Community Services manages personal information in an open and transparent way. This includes having a clearly expressed and up to date privacy policy.
APP 2Anonymity and pseudonymityRequires Home Assist Community Services to give individuals the option of not identifying themselves, or of using a pseudonym. Limited exceptions apply.
APP 3Collection of solicited personal informationOutlines when Home Assist Community Services can collect personal information that is solicited. It applies higher standards to the collection of sensitive information.
APP 4Dealing with unsolicited personal informationOutlines how Home Assist Community Services must deal with unsolicited personal information.
APP 5Notification of the collection of personal informationOutlines when and in what circumstances Home Assist Community Services must tell an individual about certain matters when collecting personal information.
APP 6Use or disclosure of personal informationOutlines the circumstances in which Home Assist Community Services may use or disclose personal information that it holds.
APP 7Direct marketingOutlines that Home Assist Community Services may only use or disclose personal information for direct marketing purposes if certain conditions are met.
APP 8Cross-border disclosure of personal informationOutlines the steps Home Assist Community Services must take to protect personal information before it is disclosed overseas.
APP 9Adoption, use or disclosure of government related identifiersOutlines the limited circumstances when Home Assist Community Services may adopt a government related identifier of an individual as its own identifier, or use or disclose a government related identifier of an individual.
APP 10Quality of personal informationOutlines that Home Assist must Community Services take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. Home Assist must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure.
APP 11Security of personal informationOutlines that Home Assist Community Services must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure. Home Assist has obligations to destroy or de-identify personal information in certain circumstances.
APP 12Access to personal informationOutlines Home Assist’s Community Services obligations when an individual requests to be given access to personal information held about them by Home Assist. This includes a requirement to provide access unless a specific exception applies.
APP 13Correction of personal informationOutlines Home Assist’s Community Services obligations in relation to correcting the personal information it holds about individuals.  

5.    Process Guidance

The processes below demonstrate that Home Assist Community Services respect the consumer’s privacy and keep their personal information confidential.

Respect Privacy and Confidentiality

  • Ask permission from consumers before entering their home, room or private areas
  • Respect the consumers’ personal property e.g. do not use it unless invited to do so or open and read the consumers’ mail unless they have requested you to do so as they require assistance.
  • Treat all information relating to consumers confidentially and when required to share it, do so in a way that maintains their privacy and confidentiality e.g. provide handovers in a private are where information cannot be overheard by persons not meant to have access to this information.  This also applies to information given to health care professionals or representatives involved in a consumers’ care or services e.g. hand rail installation. 
  • Collection and use of Consumer Information
  • The consumer’s agreement and/or entry to our service includes obtaining consent to collect and share information with relevant professionals for the purposes of care and services.
  • The consumer receives a Collection Statement which outlines the types of personal information collected, how it is collected and used, how it may be disclosed and the importance of complete and accurate information.
  • We collect personal information from the consumer only, unless they consent to collection from someone other than them, or it is unreasonable or impracticable to do so.
  • Staff must not seek more information about the consumer than is necessary to provide care and services.
  • Staff must not release consumer information to any third party without the consumers’ consent. 
  • Home Assist Community Services will explain clearly the purpose of the collection to the consumer or their representative.
  • Documentation on all consumer file notes is written objectively, observing
  • Respect for the consumers’ feelings and dignity
  • The consumers’ right to request and have access to their own records
  • Freedom of information and court requirements that may subpoena consumer files.

Advise Consumer of their Right to Access Records

  • We will inform consumers of their right to access their information. 
  • This will be in their Collection Statement provided to consumers when they begin services with Home Assist Community Services. 
  • Home Assist Community Services will remind them from time to time of their right to access their information during reviews and the delivery of services.
  • Once created consumer files cannot be deleted. 
  • A consumer may request an amendment to their record if they believe the information is incorrect and to ensure it is accurate, up to date, complete, relevant, and not misleading. 
  • If the consumer refuses to correct this information, Home Assist Community Services must provide written notice to the consumer with reasons and how to submit a complaint about the refusal.
  • Consumers must request access to their information in writing and Home Assist Community Services must respond within 14 days of receipt and provide a reason if access is denied.

Seek Consent to use consumer images and audio/visual recordings

  • If an image or audio/visual recording is required for any purpose, Home Assist Community Services will seek consent from the consumer or their representative using the consent to Use Information and Images form.
  • Home Assist Community Services will keep and update a register of consents.  On receipt of any written notice of withdrawal of consent, we will check the register before using any image.
  • If Home Assist Community Services intend to use consumer images in communication brochures or similar activities, we must obtain written informed consent from the consumer or representative for that situation only.  The image cannot be retained for some possible future use.

Advise the consumer of their right to complain of privacy breach

  • Home Assist Community Services will inform consumers about their right to complain about a privacy breach and the process for making a complaint.  This complaint will be dealt with in accordance to Home Assist Community Services Complaint Management Policy.
  • Alternately the consumer may complain to the Office of the Australian Privacy Commissioner.  This complaint has to be lodged within 6 months of the breach occurring.
  • Staff can complain about the handling of personal information by emailing Home Assist Community Services at ceo@homeassist.org.au.
  • Clients can complain about the handling of personal information by emailing Home Assist Community Services at ceo@homeassist.org.au, by contacting the NDIS Quality and Safeguards Commission, or by contacting the Office of the Australian Information Commissioner via the process outlined in Home Assist Participant Information Pack.

Disclosure of Information to Overseas Recipients

  • When disclosing consumer information to people overseas who are not bound by Australian Privacy Principles, we will inform the consumer or their representative privacy/confidentiality cannot be assured, and they must provide specific consent for this disclosure.
  • the individual agrees to the transfer;
  • Authorised by the Parliamentary Counsel
  • the transfer is authorised or required under a law;
  • the agency is satisfied on reasonable grounds that the transfer is necessary to lessen or prevent a serious threat to the life, health, safety or welfare of an individual, or to public health, safety or welfare;
  • 2 or more of the following apply—
  • the agency reasonably believes that the recipient of the personal information is subject to a law, binding scheme or contract that effectively upholds principles for the fair handling of personal information that are substantially similar to the IPPs or,
  • the transfer is necessary for the performance of the agency’s functions in relation to the individual;
  • the transfer is for the benefit of the individual but it is not practicable to seek the agreement of the individual, and if it were practicable to seek the agreement of the individual, the individual would be likely to give the agreement;
  • the agency has taken reasonable steps to ensure that the personal information it transfers will not be held, used or disclosed by the recipient of the information in a way that is inconsistent with the IPPs or, if the agency is a health agency, the NPPs.

Exclusions

  • If a significant threat to consumer or staff safety affects the consumer’s right to privacy and confidentiality, staff safety will prevail
  • We will provide access to consumer records without obtaining consent if
  • There is serious threat to life, health or safety of any individual or public health and safety
  • It would unreasonably infringe the privacy of other individuals
  • The information relates to legal proceedings or is in some may illegal or unlawful

6.    Storage of Personal Information

In line with Home Assist Community Services’ Privacy Procedure, personal information is marked ‘confidential’ and stored in a secured filing cabinet, accessible only by the Chief Executive Officer or authorised representative, and also stored in a digital format on a secure password protected operating system and only accessible by the Chief Executive Officer or authorised representative to protect it from misuse, loss and unauthorised access, modification or disclosure.

When personal information is no longer needed for the purpose for which it was obtained most of the personal information held by Home Assist Community Services is, or will be, stored in personnel or Consumer files which will be kept for a minimum of 7 years.

7.    Disclosure to Participants

When Home Assist Community Services collects personal information, it must disclose the following information to the participant, as close as possible to the time the information is collected:

  • Home Assist Community Services is collecting the information
  • Home Assist Community Services is collecting the information
  • Home Assist Community Services does not collect the information
  • Home Assist Community Services would be obliged to share the personal information
  • Home Assist Community Services’ privacy policy

8.    Employee information

Personal information is collected from staff to ensure our employee information is up-to-date for employment related purposes. This information can include job applications, notes made by selection committees during selection processes, employment contracts, copies of academic qualifications, bank account details, medical certificates, or health related information.

9.    Record Keeping

Home Assist Community Services must keep and maintain appropriate records of all personal and sensitive including, where appropriate:

  • personnel information about staff members
  • personal and/or sensitive information about consumers
  • any action related to information access or correction requests
  • the outcome of any action taken

Records must be kept for 7 years from the date the record was made.

This information is marked ‘confidential’ and stored in a secured filing cabinet, accessible only by the Chief Executive Officer or authorised representative, and also stored in a digital format on a secure password protected operating system and only accessible by the Chief Executive Officer or authorised representative.

10.  Purposes for which Personal Information is Collected, Used and Disclosed

Home Assist collects and holds personal information for a variety of different purposes relating to its functions and activities including:

  • performing its employment and personnel functions in relation to its staff and contractors
  • performing its service delivery and administrative functions
  • complaints handling
  • incident management
  • contract management – management of correspondence with stakeholders or governing org

11.  Accidental or unauthorised disclosure of personal information

Home Assist follows the Office of the Australian Information Commissioner’s  data breach handling guidelines when handling accidental or unauthorised disclosures of personal information and will take seriously, and deal promptly with, any accidental or unauthorised disclosure of personal information.

If a data or security breach occurs, Home Assist will follow the Office of the Australian Information Commissioner’s   response process detailed on its website.

All staff must be familiar with this process and will receive training during induction and through annual training refresher courses.

Legislative or administrative sanctions, including criminal sanctions, may apply to unauthorised disclosures of personal information.

12.  Anonymity and Pseudonymity

Under the Australian Privacy Principles, individuals are entitled to the option of not identifying themselves, or of using a pseudonym. Limited exceptions apply if:

  • is required or authorised by law or a court or tribunal order to deal with identified individuals
  • Home Assist Community Services to deal with individuals who have not identified themselves

13.  Roles and responsibilities

Home Assist Community Services’ Chief Executive Officer has responsibility for Home Assist Community Services’ overall privacy management and administers the Privacy Act 1988, including the following specific responsibilities:

  • providing advice on privacy concerns and issues
  • ensuring staff are trained in Home Assist Community Services’ privacy obligations
  • implementing and monitoring adequate security measures to protect privacy of personal/sensitive information
  • coordinating, or authorising an officer to coordinate responses to privacy complaints and investigations
  • regular review of data collection practices

All staff have the responsibility to respect personal privacy as they collect, access, use or disclose personal information about others in the course of their duties, and to comply with the requirements of the Privacy Act 1988, the Australian Privacy Principles and the specific requirements of this policy.

All personal and sensitive information access and correction requests, and complaints, must be recorded and submitted to the Chief Executive Officer, or authorised representative, by emailing ceo@homeassist.org.au. If the Chief Executive Officer is the subject of a complaint, then the Chairperson of the Board must be informed immediately.

The Chief Executive Officer, or authorised representative, is responsible for actioning the requests for access to, or correction of, personal or sensitive information, or privacy complaints, and responding to any privacy requests made by the Funding Bodies, the Office of the Australian Information Commissioner or other relevant body, such as the Police.

14.  Staff training

Home Assist is committed to fostering a culture that promotes continuous improvement in all that it does, it achieves this outcome through regular staff training, including in the use of, and compliance with, Home Assist Community Services’ Privacy Policy and Information Handling Guidelines.

15.  References

Office of the Australian Commissioner’s Privacy Principles Guidelines:

https://www.oaic.gov.au/assets/privacy/app-guidelines/app-guidelines-july-2019.pdf

Office of the Australian Information Commissioner’s Security Breach Guidelines:

Data breach notification — A guide to handling personal information security breaches

Responding to data breaches – 4 Key Steps:

https://www.oaic.gov.au/privacy/guidance-and-advice/data-breach-preparation-and-response/part-3-responding-to-data-breaches-four-key-steps/

National Disability Insurance Scheme (Complaints Management and Resolution) Rules 2018:

https://www.legislation.gov.au/Details/F2018L00634

The NDIS Code of Conduct (for Providers):

https://www.ndiscommission.gov.au/document/566

The NDIS Code of Conduct (for Workers):

https://www.ndiscommission.gov.au/document/571

Australian Law Reform – code of conduct

 Queensland code of conduct for health care workers

https://www.health.qld.gov.au/__data/assets/pdf_file/0014/444101/national-code-conduct-health-workers.pdf

16.  Rationale

This policy is framed in accordance with basic human rights embedded in the United Nations Statements on Human Rights (1948) and the Rights of Disabled Persons (1975) and the following State and Commonwealth Legislation:

Privacy Act 1988

https://www.legislation.gov.au/Details/C2020C00168

Right to Information Act 2009 (Qld)

https://www.legislation.qld.gov.au/view/html/inforce/current/act-2009-013

Aged Care Act 997

https://www.legislation.gov.au/Series/C2004A05206

Aged Care Quality and Safety Commission Act

https://www.legislation.gov.au/Details/C2018A00149

National Disability Insurance Scheme Act 2013

https://www.legislation.gov.au/Details/C2013A00020

Commonwealth Disability Discrimination Act 1992:

http://www.austlii.edu.au/au/legis/cth/consol_act/dda1992264/

Queensland Anti Discrimination Act 1991:

https://www.legislation.qld.gov.au/LEGISLTN/CURRENT/A/AntiDiscrimA91.pdf

Commonwealth Human Rights and Equal Opportunity Commission Act 1986 http://www.humanrights.gov.au/our-work/legal/legislation

Powers of Attorney Act

1998:https://www.legislation.qld.gov.au/LEGISLTN/CURRENT/P/PowersofAttA98.pdf

Guardianship and Administration Act 2000:

https://www.legislation.qld.gov.au/LEGISLTN/CURRENT/G/GuardAdminA00.pdf

Child Protection Act 1999:

https://www.legislation.qld.gov.au/LEGISLTN/CURRENT/C/ChildProtectA99.pdf

Policy History

IMPLEMENTED:                                                                                            01/07/2021

NEXT REVIEW DATE:                                                                                   01/07/2024

PRIVACY POLICY

Font Size:

WP-Backgrounds by InoPlugs Web Design and Juwelier Schönmann