This policy represents Onkaparinga Valley Residential Care’s commitment to respecting the privacy of individuals we interact with. In accordance with the Privacy Act 1988 (Act) and the Australian Privacy Principles (APPs), this policy contains the following information:
- The kinds of personal information that we collect and hold;
- How we collect and hold personal information;
- The purposes for which we collect, hold, use and disclose personal information;
- How an individual may access personal information held by us and seek the correction of such information;
- How an individual may complain about a breach of the APPs and how we will deal with such a complaint; and
- Details relating to the disclosure of personal information to overseas recipients.
This policy will be reviewed on a continuing basis to ensure that best practice standards are implemented and maintained.
- DEFINITIONSHealth information means:
- information or an opinion about:
- the health or a disability (at any time) of an individual; or
- an individual’s expressed wishes about the future provision of health services to him or her; or
- a health service provided, or to be provided, to an individual; that is also personal information; or
- other personal information collected to provide, or in providing, a health service; or
- other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances; or
- genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual.
Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
Sensitive Information is a subset of personal information and means:
- information or an opinion about an individual’s:
- racial or ethnic origin; or
- political opinions; or
- membership of a political association; or
- religious beliefs or affiliations; or
- philosophical beliefs; or
- membership of a professional or trade association; or
- membership of a trade union; or
- sexual orientation or practices; or
- criminal record;
that is also personal information; or
- health information about an individual; or
- genetic information about an individual that is not otherwise health information; or
- biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
- biometric templates.
- WHAT WE COLLECT AND HOLD
- 2.1We collect personal information which is reasonably necessary for or directly related to one or more of our functions or activities.
- 2.1The personal information we collect, hold, use and disclose will depend on the relationship you have with us. The table below describes the types of personal information collected and held by us:
|Clients receiving care and services in Onkaparinga Valley Residential Care
||Name and contact details, medical history, medical diagnoses, Aged Care Assessment Team reports, assessments and advice, any information required to complete and update care and treatment plans, family history, information pertaining to guardianship, attorney or person responsible, personal and religious preferences, financial details including income and asset information and in the case of clients transferring from another health service provider, historical personal care files and notes and other personal information.
|Medical practitioners and allied health professionals
||Name and contact details, professional or practice details, historical record of business relationship, financial details, Medicare provider number details and other professional association membership details.
|Former and current employees of Onkaparinga Valley Residential Care
|Name and contact details, professional qualifications and education, applicable licences or certificates, prior and current employment history, references and any other information that an applicant chooses to provide.
|Former and current volunteers Onkaparinga Valley Residential Care
||Name and contact details, professional qualifications and education, applicable licences or certificates, prior and current employment/volunteering history, references and any other information that an applicant chooses to provide.
|Suppliers, building contractors and other Onkaparinga Valley Residential Care business partners
||Name and contact details, current and prior business history and dealings, internal governance information and such other information as Onkaparinga Valley Residential Care may obtain on request.
- 2.3We collect sensitive information only where:
- An individual consents to the collection of such information and the information is reasonably necessary for one or more of our functions or activities;
- The collection of the information is required or authorised by or under an Australian law or a court/tribunal order;
- A permitted general situation under the Act exists; or
- A permitted health situation under the Act exists.
- 2.4This policy does not apply to personal information contained in employee records held by us where the collection, use or disclosure of such information is directly related to the employment of a current or former employee.
- ANONYMITY AND PSEUDONIMITY
- 3.1Individuals have the option of not identifying themselves or using a pseudonym when dealing with us unless we are required by law or a court/tribunal to deal with individuals who have identified themselves or it is impractical for us to deal with an individual who has not identified him/herself.
- MANNER OF COLLECTION AND HOLDING
- 4.1We collect individuals’ personal information by lawful and fair means.
We primarily collect personal information about an individual from the individual, except where:
- The individual has consented to us collecting personal information from someone other than the individual by completing a consent form;
- We are required or authorised under an Australian law, or a court/tribunal order to collect personal information about an individual from someone other than the individual; or
- It is unreasonable or impracticable to do so.
- 4.3In the event that we come into possession of personal information about an individual via a third party, which is not reasonably necessary for or directly related to one or more of our functions or activities, we will destroy the information or de-identify it as soon as reasonably practicable provided that it is lawful to do so in accordance with the process set out at paragraph 4.6 below.
- 4.4We hold personal information on the following terms:
- All personal information collected by us for the purpose of providing a service to an individual will be retained for a minimum of 7 years following the date of the last service provided to the individual.
- Personal information collected which is not relevant to the services requested will not be retained but shall be destroyed as soon as practicable after collection.
- At the time any file maintained by us is considered to be finalised, the file is to be referred to the Privacy Officer for a determination of the period it is to be retained. The retention period will be recorded by the Privacy Officer on the outside of the file.
- Only staff specifically authorised or required to use or refer to it may have access to any personal information about an individual held by us.
- 4.5We secure personal information as follows:
- All personal information and sensitive information collected by us is stored in lockable filing cabinets or similar facilities in lockable offices. Where this is not practicable, eg. where access is required continually, all records used in such circumstances are to be maintained under the constant supervision of a responsible staff member and access limited to persons requiring access to the record for the provision of services by us.
- All personal information and sensitive information in electronic form is stored in secured folders and software protected by passwords.
- Sensitive information retained by us shall be removed from such safe storage only for the use of staff members tending to the provision of services to a client or for other legitimate reference.
- The Privacy Officer shall be consulted prior to any personal information held on files being copied or disclosed to third parties. The Privacy Officer shall determine whether the written consent of the client is required before personal information can be released. Copies of such personal information are to be treated as if they were original records.
- 4.6We destroy personal information as follows:
- Any personal information no longer required which is in written or paper form is destroyed by means of shredding, pulping, burning or disintegration of the written documents.
- A suitable contractor who provides a guarantee of secure destruction may be engaged to dispose of information held in written or paper form. A certificate is to be requested from such contractor confirming destruction of the said records.
- Electronic records are to be overwritten before deletion. All electronic data storage devices, including back up devices, are audited at least once every 18 months to ensure no non-essential data is retained in electronic form.
- All discs, including hard drives, are degaussed prior to sale or disposal so as to ensure no electronic data continues to be stored thereon.
- A register is to be maintained recording all files destroyed and a copy of all letters of advice is to be maintained in association with the register for a further period of 7 years.
- Certain original documents will not be destroyed at any time without legal advice. These include:
- Any Will or Power of Attorney, Power of Guardianship or Medical Power of Attorney;
- Any Certificate of Birth, Death, Marriage or Divorce;
- Any other legal document purporting to have continuing effect.
- PURPOSES OF COLLECTION
- 5.1We will only use personal information for the following purposes unless otherwise required or permitted by law:
- To provide housing and related services to our clients;
- To fulfil our duty of care and legal obligations;
- To ensure that clients receive appropriate healthcare, social support and spiritual support as and when required;
- For our promotion and marketing activities from time to time;
- To assess the suitability of a job applicant or potential contractor;
- For our internal management purposes;
- To manage our relationships with clients and where applicable, to manage the payment and recovery of amounts payable to us by a client;
- To enable volunteers to work together and to keep such groups informed about matters concerning them; and
- For other purposes which are reasonably necessary in connection with our normal functions and activities.
- 5.2If we are unable to collect personal information relating to an individual, we may be unable to provide the individual with the services he/she requires or continue our relationship with him/her.
- 5.3We will only use sensitive information for the following purposes unless otherwise permitted or required by law or unless we obtain the individual’s consent:
- To provide appropriate housing services to clients, to look after clients’ medical, social and spiritual wellbeing, to satisfy our legal obligations and to satisfy our duty of care;
- To assess the eligibility of prospective clients for our services; and
To assess whether it is appropriate for certain volunteers, students, job applicants and potential contractors to be on or about our premises or interact with clients from time to time.
- 6.1We may disclose personal information about individuals to the following types of entities if required in connection with the purposes listed above:
- Medical/healthcare professionals and people providing services to us or a client;
- Contractors, consultants, advisers, associates and related entities;
- Any industry body, tribunal, court or otherwise in connection with any complaint made by an individual about us;
- Job referees (if referees have been provided to assist with a job application, the assessment of a potential contract between an individual and us or for any other purpose);
- Government departments, police agencies and agencies who complete police checks such as CrimeTrac; and
- Other entities with the individual’s consent or as permitted or required by law.
- 6.2We will not disclose credit related information to entities such as other credit providers or credit reporting bodies without the individual’s consent.
- ACCESS AND CORRECTION
- 7.1If an individual makes a request for access to personal information we hold about him/her:
- We will give access to the personal information we hold about him or her except where:
- We hold a reasonable belief that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
- Giving access would have an unreasonable impact on the privacy of other individuals;
- The request for access is frivolous or vexatious;
- The information relates to existing or anticipated legal proceedings between the entity and the individual and would not be accessible by the process of discovery in those proceedings;
- Giving access would reveal the intentions of the entity in relation to negotiations with the individual in such a way as to prejudice those negotiations;
- Giving access would be unlawful;
- Denying access is required or authorised by or under an Australian law or a Court/tribunal order;
- Both of the following apply:
- We have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to the our functions or activities has been, is being, or may be engaged in; and
- Giving access would be likely to prejudice the taking of appropriate action in relation to the matter;
- Giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
- Giving access would reveal evaluative information generated within the entity in connection with a commercially sensitive decision-making process.
- 7.2We will respond to such a request within a reasonable period after the request is made, generally within 14 days.
- 7.3If the request is granted, we will give access by the means requested and will not charge for the provision of the requested personal information.
- 7.4If the request is denied, we will write to the individual setting out the grounds for refusal and the process for making a complaint if necessary.
- 7.5We will take such steps as are reasonable to ensure that the personal information we hold about individuals is correct, accurate, up to date, relevant and not misleading.
- 7.6If an individual makes a request for us to correct personal information we hold about him/her, we will review the request and respond within a reasonable period after the request is made, generally within 14 days.
- 7.7If the request is granted, we will correct the personal information and inform those we have shared the personal information with (if applicable) know of the correction.
- 7.8If the request is denied, we will write to the individual setting out the grounds for refusal and the process for making a complaint if necessary.
- OVERSEAS DISCLOSURE
- 8.1We do not operate overseas however if we do disclose personal information to an overseas recipient we will take all reasonable steps to ensure that the overseas recipient does not breach the APPs unless:
- The overseas recipient is subject to similar laws to the APPs and the individual has mechanisms to take action against the overseas recipient;
- We reasonably believe the disclosure is necessary or authorised by Australian law; or
- The relevant individual provided express consent to the disclosure.
- 9.1When an individual visits our website, we may collect information such as browser type, operating system and details of the website visited immediately before coming to our website. This information is used in an aggregated manner to assess how individuals use our website so that we can improve our service.
- 10.1If you are of the view that we have breached the Act, the APPs or any code which stipulates how we may deal with your personal information, you may make a complaint by writing to the Privacy Officer.
- 10.2You will be contacted within 24 hours on week days, or as soon as possible in relation to complaints received on weekends, regarding your complaint. The Privacy Officer will, if necessary, go on to investigate the complaint further.
- 10.3Within 14 days, you will be advised of the outcome of the Privacy Officer’s investigation, including any corrective action to be undertaken. In the event that the Privacy Officer is unable to determine the complaint within 14 days, you will be notified of this and advised of the outcome of the investigation as soon as possible.
- 10.4In the event that a complaint of possible breach of the Act and/or the APPs is found to be vexatious, unreasonable or disrespectful, the Privacy Officer may, at their discretion, discontinue their investigation and in such case will record their reasons for so doing on the relevant file and advise the complainant of same.
- 10.5If you are not satisfied with our response to your complaint, you may make a complaint to the Office of the Australian Information Commissioner by visiting the following website and following the steps therein:http://www.oaic.gov.au/privacy/privacy-complaints.
- CONTACT US
- 11.1You can contact Onkaparinga Valley Residential Care’s Privacy Officer, [Residential Care Manager], about any privacy related issue by phone, post or email as follows:
- POLICY REVIEW AND AMENDMENT
- 12.1The application of this policy will be monitored and reviewed by the Privacy Officer through the conduct of internal and external audits.
- 12.2This policy will be reviewed regularly. At the conclusion of the review the Privacy Officer will submit a report to the Board of Management regarding the organisation’s compliance with its privacy obligations. The terms of this policy may be amended accordingly from time to time.