Platinum Allied Health Australia (PAHA) is committed to honouring its duty of care in relation to safeguarding client and staff personal health information and communications and disclosures and ensuring procedures are in place and followed to protect personal and/or sensitive information.
This policy outlines PAHA practices and standards in relation to maintaining client and staff privacy and confidentiality. Importantly it also outlines PAH's responsibilities in relation to:
a. where disclosure/s of client and staff personal and/or sensitive information is not regarded as a breach of confidentiality
b. where extra-ordinary limitations exist in relation to admissibility of evidence and confidentiality in client matters
SCOPE OF APPLICATION
This policy relates to all employees, Directors, contractors, work placement/ experience students and volunteers. For the purpose of this policy, the term ?employee' will be used to cover these individuals.
PAH acknowledges that client and staff privacy is integral to professional practice and provision of services and as such the 13 Australian Privacy Principles are adhered to in the collection, security, access, correction, use and disposal of client and staff personal and/or sensitive information including:
- Open and transparent management of personal information
- Anonymity and pseudonymity
- Collection of solicited personal information
- Dealing with unsolicited personal information
- Notification of the collection of personal information
- Use or disclosure of personal information
- Direct marketing
- Cross-border disclosure of personal information
- Adoption, use or disclosure of government related identifiers
- Quality of personal information
- Security of personal information
- Access to personal information
- Correction of personal information
TERMS USED - SEE ANNEX A
OPEN AND TRANSPARENT MANAGEMENT OF PERSONAL INFORMATION
Having the confidence of clients and staff is a professional privilege and will be respected at all times. This includes the right of clients to provide informed consent to the collection of information as part of the initial contracting of services.
Information collected about clients will be for the prime purposes of identifying the client for the purpose of delivering services, to contact the client, maintain case notes and provide effective referrals. Information collected about staff, volunteers and/or contractors will be for the prime purpose of recording information related directly to their employment, and work, with PAHA.
ANONYMITY AND PSEUDONYMITY
PAH will provide clients, and/or their guardians, with the option of service delivery anonymously or through using a pseudonym, provided that this is lawful and practicable. This option is subject to the following limited exceptions: where it is impracticable for PAHA to deal with an individual who has not identified themselves, or where the law or a court/tribunal order requires or authorises PAH to deal with individuals who have identified themselves. An individual who chooses to access the services of Platinum Allied Health Australia (PAHA) anonymously will be so advised.
ADOPTION, USE OR DISCLOSURE OF GOVERNMENT RELATED IDENTIFIERS
PAHA will not adopt, use or disclose a government- related identifier unless an exception applies. For a definition of the terms ?identifier' and ?government- related identifier' please refer to Schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth).
TYPES OF PERSONAL INFORMATION COLLECTED AND HELD
PAHA will not collect personal or sensitive information unless the information is reasonably necessary for the delivery of services to clients and staff, by PAHA. Sensitive information must only be collected with an individual's written consent, or that if their guardian.
PAHA will record e-mail addresses only after direct receipt of a message. E-mail addresses will not be added to a mailing list unless they have been provided in order to subscribe to Platinum Allied Health Australia (PAHA)' mailing list.
Personal information collected by e-mail or electronic forms will be used only for the purpose for which it was provided and will not be disclosed without consent, except where authorised or required by law. Platinum Allied Health Australia (PAHA) collects and holds information from employees, Clients, contractors and Certification authorities. We collect and hold this information when it is necessary for business purposes.
CORRECTION OF PERSONAL INFORMATION
PAHA will take reasonable steps to correct personal information to ensure that, having regard to the purpose for which it is held, it is accurate, up-to-date, complete, relevant and not misleading, if either:
a. PAH is satisfied that it needs to be corrected, or
b. An individual requests that their personal information be corrected.
PAHA will endeavour to notify other relevant organisations (such as referral agencies or other) that havebeen provided with the personal information of any correction, if that notification is requested by the individual.
PAHA will respond to a correction request or a request to associate a statement by the individual within a reasonable period after the request is made and will not charge the individual for making the request, for correcting the personal information, or for associating the statement with the personal information.
When PAHA refuses an individual's correction request, PAHA will provide the individual with written reasons for the refusal and notify them of available complaint mechanisms.
DEALING WITH UNSOLICITED PERSONAL INFORMATION
When a PAHA staff member receives unsolicited personal information, they must determine whether it would have been permitted to collect the information under Principle 3, 'Collection of Solicited Personal Information'. If so, Principles 5 to 13 will apply to that information.
If the information could not have been collected under Principle 3, and the information is not contained in a Commonwealth record, the PAHA staff member in possession of that information must notify their manager as soon as practicable to determine whether the information should be destroyed or de-identified and if it is lawful and reasonable to do so.
NOTIFICATION OF THE COLLECTION OF PERSONAL INFORMATION
At all stages of service delivery, clients, and/ or their guardians, will be provided with the details of the kind of personal information that will be collected about them in order that services can be provided and how this information will be collected, stored and used. PAHA staff will be provided with the details of the kind of personal information that will be collected about them as part of their employment with PAH.
USE OR DISCLOSURE OF PERSONAL INFORMATION
PAH will collect information for the following uses:
a. To identify the individual for the purpose of delivering services.
b. To contact the individual, maintain files and case notes and provide effective referrals.
c. To maintain records related to the employment relationship between PAH and staff, volunteers and/or contractors.
d. To report statistics under contract arrangements with government departments and other required bodies.
e. Oral or written feedback required in referring an individual for further services.
f. Informing a referring agent that the party has attended a PAH service following referral.
g. Discussion of specific case details during supervision, training or professional consultation on the case.
h. To seek follow up of individuals for research and program evaluation.
i. For reporting of serious matters as required by law.
Platinum Allied Health Australia endeavours, so far as is reasonably practicable, not to disclose information to other organisations unless:
a. it is to protect the personal health information, rights, property or personal safety of any Platinum Allied Health Australia clients, member of the public, or supplier of Platinum Allied Health Australia (PAHA) or the interests of Platinum Allied Health Australia; or
b. some or all of the information may be transferred to another affiliated organisation as part of client service delivery, or some or all of Platinum Allied Health (PAH)' business; or
c. the owner of the information gives written consent; or
PAH will only use or disclose personal information for direct marketing purposes where the individual has either consented to their personal information being used for direct marketing or has a reasonable expectation that their personal information will be used for this purpose. Individuals will be provided with opt-out mechanisms in these circumstances. PAH will seek client permission for the use of personal or private information to undertake research and/or evaluation activities.
ACCESS TO INFORMATION
PAHA clients, contractors, and organisations outside of Platinum Allied Health will sometimes have access to information held by PAHA, such as Platinum Allied Health Australia clients and worker details, such as names and contact details.
We will provide access to information upon request by an individual, except in situations where release is unauthorised by the owner of that information and in situations where granting such access would infringe another person's privacy or a customer or supplier's request for anonymity.
When you make a request to access information, we will require you to provide some form of identification (such as a driver's licence, or passport) so we can verify that you are the person or customer or supplier's authorised representative to whom the information relates.
If you believe that information we hold about you, or the organisation you are authorised to represent, is either incorrect or out of date, or if you have concerns about how we are handling your information, please contact us and we will try to resolve those concerns.
If at any time you want to access information you believe we hold, you may contact us by emailing us at https://platinumalliedhealth.com.au/contact/
TRANSFER OF INFORMATION OUTSIDE AUSTRALIA/CROSS-BORDER DISCLOSURE OF PERSONAL INFORMATION
Any such disclosure, or transfer, of information does not change our commitment to safeguard information, consistent with our management system information security controls.
If for any circumstance PAHA was to disclose personal information to an overseas recipient, PAHA will take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles (other than APP 1) in relation to that information.
QUALITY OF PERSONAL INFORMATION
PAHA will take reasonable steps to ensure the personal information it collects is relevant, accurate, up-to- date and complete. PAHA will ensure that personal information is relevant, as well as, accurate, up-to-date and complete, having regard to the purpose of the use or disclosure.
a. Clients can request to correct information of a minor nature such as their personal contact details through discussion with the PAHA office.
b. Clients can request to correct or amend more significant client information such as file notes on the grounds that it is inaccurate, incomplete, out-of-date or misleading. Approval for these types of changes can only be granted by the Managing Director. Any such changes are to be clearly marked. Words changed are not to be deleted or documents are not to be removed from the file. One clear line is to be marked through the word or sentence so that the original text is readable, and the approved change is to be marked with a date and signature. (Liquid paper or similar product is not to be used).
c. Request documents and processes must be documented with copies of all correspondence kept in a confidential and secure file.
SECURITY OF PERSONAL INFORMATION
Information that we have collected is stored electronically. Relevant information is available to Platinum Allied Health Australia (PAHA) staff and contracted workers and is used in accordance with this policy and Platinum Allied Health Australia's (PAHA) Information/Data Security Policy. Platinum Allied Health Australia (PAHA) will endeavour to take all reasonable steps to keep secure any information which we hold, keeping the information accurate and up to date and not retaining information once there is no longer a legal or business need for us to do so.
PAHA will take reasonable steps to protect the personal information it holds from interference, in addition to misuse and loss, and unauthorised access, modification and disclosure.
PAHA will take reasonable steps to destroy or de-identify personal information when it no longer needs it for any authorised purpose.
ACCESS TO PERSONAL INFORMATION
Where a client requests access to their client records, staff should refer to the Managing Director for approval.
For Employees, Volunteers and Contractors
The HR Manager will review the file and assess any information that may compromise the possible safety, privacy or confidentiality of other persons and consider the request.
In the event the approval is granted, arrangements will be made with the employee for viewing their file in the presence of the HR Manager.
Copies of documents in the file may be made with the approval of the HR Manager.
The employee may have a legal advocate or appropriate support person with them at the time of viewing the file.
All records remain the property of PAH and may not be removed from PAH premises.
What is Not Regarded as a Breach of Confidentiality
The following activities are not considered to be a breach of confidentiality or privacy as they are necessary for the proper discharge of professional services by PAHA:
a. Discussion of specific case details during supervision, training, or professional consultation on a case;
b. Providing PAHA staff access to client documents in order to analyse or maintain records and report service delivery and client statistics to stakeholders in unidentifiable client database/s.
c. For the purpose of internal Clinical Audits.
d. Reporting of serious matters as required by law.
e. Responding to a subpoena or court order to supply information, however it is noted that strict procedures are to be followed if a subpoena is served on any PAHA staff member or the Organisation to produce documents and/or appear in court.
f. The sharing of employee information with external agencies for employment- related matters, for example, workers compensation claims, industrial relations matters, employment checks.
CONCERNS OR COMPLAINTS
If you are not satisfied with our handling of your concern or complaint you may make a complaint to the Australian Information Commissioner (www.oaic.gov.au).
Concerns or complaints in relation to management of client and staff personal and sensitive information should be directed to the Managing Director.
Policy Authorised by
27th July 2022
b. Monitoring of employees adhering to this Policy will be conducted by the Line Manager and other managers; with support from the Managing Director and Human Resources Manager as deemed necessary.
c. Coordinators and Managers are responsible for ensuring staff are suitably qualified and trained in the standards of privacy and confidentiality.
d. Each Line Manager is responsible for ensuring that all employees under their direction act according
to the conditions of this Policy.
REVIEW AND AMENDMENT
This policy shall remain current unless further reviewed or amended. The policy shall be reviewed within a three year period.
This policy has been developed consistent with relevant Federal and State legislation. Key legislation underpinning this policy includes but is not limited to:
a. Privacy Act 1988 (Cth)
b. Information Privacy Act 2009 (QLD)
c. Privacy and Data Protection Act 2014 (VIC)
d. Crimes Act 1958 (VIC)
"Personal Information" as it is defined in the Privacy Act 1988 (Cth) means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
a. whether the information, or opinion, is true or not; and
b. whether the information, or opinion, is recorded in a material form or not.
Personal information also includes 'sensitive information' which is information such as your race, religion, political opinions or sexual preferences, biometric information used for biometric verification or identification, biometric templates and health information. Information which is 'sensitive information' attracts a higher privacy standard under the Privacy Act 1988 (Cth) and is subject to additional mechanisms for your protection.
"Sensitive information" means information or an opinion about an individual such as race or ethnic origin, political opinions/associations or religious or philosophical beliefs, criminal record, sexual preferences, professional or health information and records, criminal history checks, working with children checks, income and bank details, and grievances, etc. It includes personal and sensitive information that is maintained electronically, in case notes, employee files, on video, audio cassette, photographed, written/printed or verbal information given by, or about, a client, a staff member, a volunteer or contractor to an PAH staff member. It also includes professional opinion/s if the individual can be identified from that opinion/information.
"Health Information" as defined in the Privacy Act 1988 (Cth) is a particular subset of 'personal information' and means information, or an opinion, about:
a. the health (at any time) of an individual; or
b. an individual's expressed wishes about the provision, to them, of health services; or
c. a health service provided or to be provided to an individual that is also personal information.