PRIVACY POLICY
Version: 09 May 2023
PURPOSE
Home Care Nurses Australia (HCNA) is committed to honouring its duty of care in relation to safeguarding client and staff personal health information and communications and disclosures and ensuring procedures are in place and followed to protect personal and/or sensitive information.
This policy outlines HCNA practices and standards in relation to maintaining client and staff privacy and confidentiality. Importantly it also outlines HCNA'Ss responsibilities in relation to:
- where disclosure/s of client and staff personal and/or sensitive information is not regarded as a breach of confidentiality
- where extra-ordinary limitations exist in relation to admissibility of evidence and confidentiality in client matters
SCOPE OF APPLICATION
This policy relates to all employees, Directors, contractors, work placement/ experience students and volunteers. For the purpose of this policy, the term 'employee' will be used to cover these individuals.
POLICY STATEMENT
This Privacy Policy explains how Home Care Nurses Australia, Australia handles information and complies with the requirements of the Australian Privacy Act 1988 (Cth) ("Privacy Act"), 13 Australian Privacy Principles (APPs) and relates to HCNA'S collection and handling of information that is covered by the Privacy Act, and regulates how Home Care Nurses Australia (HCNA) may collect, use, disclose, and store personal information and how individuals may access and correct personal information which HCNA holds about them, but is not intended to cover other types of information not covered by the Privacy Act.
HCNA acknowledges that client and staff privacy is integral to professional practice and provision of services and as such the 13 Australian Privacy Principles are adhered to in the collection, security, access, correction, use and disposal of client and staff personal and/or sensitive information including:
- Open and transparent management of personal information
- Anonymity and pseudonymity
- Collection of solicited personal information
- Dealing with unsolicited personal information
- Notification of the collection of personal information
- Use or disclosure of personal information
- Direct marketing
- Cross-border disclosure of personal information
- Adoption, use or disclosure of government related identifiers
- Quality of personal information
- Security of personal information
- Access to personal information
- Correction of personal information
TERMS USED - SEE ANNEX A
OPEN AND TRANSPARENT MANAGEMENT OF PERSONAL INFORMATION
Having the confidence of clients and staff is a professional privilege and will be respected at all times. This includes the right of clients to provide informed consent to the collection of information as part of the initial contracting of services.
HCNA will make its Privacy Policy available to clients, and/or their guardians, through its web page and to staff through the Intranet. At all stages of service delivery clients, and/or their guardians, will be provided with the details of the kind of personal information that will be collected about them in order that services can be provided and how this information will be collected, stored and used.
Information collected about clients will be for the prime purposes of identifying the client for the purpose of delivering services, to contact the client, maintain case notes and provide effective referrals. Information collected about staff, volunteers and/or contractors will be for the prime purpose of recording information related directly to their employment, and work, with HCNA.
ANONYMITY AND PSEUDONYMITY
HCNA will provide clients, and/or their guardians, with the option of service delivery anonymously or through using a pseudonym, provided that this is lawful and practicable. This option is subject to the following limited exceptions: where it is impracticable for HCNA to deal with an individual who has not identified themselves, or where the law or a court/tribunal order requires or authorises HCNA to deal with individuals who have identified themselves. An individual who chooses to access the services of Home Care Nurses Australia (HCNA) anonymously will be so advised.
ADOPTION, USE OR DISCLOSURE OF GOVERNMENT RELATED IDENTIFIERS
HCNA will not adopt, use or disclose a government- related identifier unless an exception applies. For a definition of the terms 'identifier' and 'government- related identifier' please refer to Schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth).
TYPES OF PERSONAL INFORMATION COLLECTED AND HELD
HCNA will not collect personal or sensitive information unless the information is reasonably necessary for the delivery of services to clients and staff, by HCNA. Sensitive information must only be collected with an individual's written consent, or that if their guardian.
HCNA will record e-mail addresses only after direct receipt of a message. E-mail addresses will not be added to a mailing list unless they have been provided in order to subscribe to Home Care Nurses Australia's (HCNA) mailing list.
Personal information collected by e-mail or electronic forms will be used only for the purpose for which it was provided and will not be disclosed without consent, except where authorised or required by law.
Home Care Nurses Australia (HCNA) collects and holds information from employees, Clients, contractors and Certification authorities. We collect and hold this information when it is necessary for business purposes.
CORRECTION OF PERSONAL INFORMATION
HCNA will take reasonable steps to correct personal information to ensure that, having regard to the purpose for which it is held, it is accurate, up-to-date, complete, relevant and not misleading, if either:
- HCNA is satisfied that it needs to be corrected, or
- An individual requests that their personal information be corrected.
HCNA will endeavour to notify other relevant organisations (such as referral agencies or other) that have been provided with the personal information of any correction, if that notification is requested by the individual.
HCNA will respond to a correction request or a request to associate a statement by the individual within a reasonable period after the request is made and will not charge the individual for making the request, for correcting the personal information, or for associating the statement with the personal information.
When HCNA refuses an individual's correction request, HCNA will provide the individual with written reasons for the refusal and notify them of available complaint mechanisms.
DEALING WITH UNSOLICITED PERSONAL INFORMATION
When a HCNA staff member receives unsolicited personal information, they must determine whether it would have been permitted to collect the information under Principle 3, 'Collection of Solicited Personal Information'. If so, Principles 5 to 13 will apply to that information.
If the information could not have been collected under Principle 3, and the information is not contained in a Commonwealth record, the HCNA staff member in possession of that information must notify their manager as soon as practicable to determine whether the information should be destroyed or de-identified and if it is lawful and reasonable to do so.
NOTIFICATION OF THE COLLECTION OF PERSONAL INFORMATION
At all stages of service delivery, clients, and/ or their guardians, will be provided with the details of the kind of personal information that will be collected about them in order that services can be provided and how this information will be collected, stored and used.
HCNA staff will be provided with the details of the kind of personal information that will be collected about them as part of their employment with HCNA.
USE OR DISCLOSURE OF PERSONAL INFORMATION
HCNA will collect information for the following uses:
- To identify the individual for the purpose of delivering services.
- To contact the individual, maintain files and case notes and provide effective referrals.
- To maintain records related to the employment relationship between HCNA and staff, volunteers and/ or contractors.
- To report statistics under contract arrangements with government departments and other required bodies.
- Oral or written feedback required in referring an individual for further services.
- Informing a referring agent that the party has attended a HCNA service following referral.
- Discussion of specific case details during supervision, training or professional consultation on the case.
- To seek follow up of individuals for research and program evaluation.
- For reporting of serious matters as required by law.
Home Care Nurses Australia endeavours, so far as is reasonably practicable, not to disclose information to other organisations unless:
- it is to protect the personal health information, rights, property or personal safety of any Home Care Nurses Australia clients, member of the public, or supplier of Home Care Nurses Australia (HCNA) or the interests of Home Care Nurses Australia; or
- some or all of the information may be transferred to another affiliated organisation as part of client service delivery, or some or all of Home Care Nurses Australia's (HCNA) business; or
- the owner of the information gives written consent; or
- such disclosure is otherwise required or permitted by law, regulation, or rules.
We require our external service providers such as contractors to adhere to our Privacy Policy and not to keep, use or disclose information we provide to them for any purposes that are not consistent with this Policy.
DIRECT MARKETING
HCNA will only use or disclose personal information for direct marketing purposes where the individual has either consented to their personal information being used for direct marketing or has a reasonable expectation that their personal information will be used for this purpose. Individuals will be provided with opt-out mechanisms in these circumstances. HCNA will seek client permission for the use of personal or private information to undertake research and/or evaluation activities.
OUR WEBSITE
This Privacy Policy applies to any information we collect via our website https://hcna.com.au/ including information you provide to us such as when you make an enquiry.
ACCESS TO INFORMATION
HCNA clients, contractors, and organisations outside of Home Care Nurses Australia will sometimes have access to information held by HCNA, such as Home Care Nurses Australia clients and worker details, such as names and contact details.
We will provide access to information upon request by an individual, except in situations where release is unauthorised by the owner of that information and in situations where granting such access would infringe another person's privacy or a customer or supplier's request for anonymity.
When you make a request to access information, we will require you to provide some form of identification (such as a driver's licence, or passport) so we can verify that you are the person or customer or supplier's authorised representative to whom the information relates.
If you believe that information we hold about you, or the organisation you are authorised to represent, is either incorrect or out of date, or if you have concerns about how we are handling your information, please contact us and we will try to resolve those concerns.
If at any time you want to access information you believe we hold, you may contact us by emailing us at [email protected]
TRANSFER OF INFORMATION OUTSIDE AUSTRALIA/CROSS-BORDER DISCLOSURE OF PERSONAL INFORMATION
In addition to disclosures permitted under this Privacy Policy, Home Care Nurses Australia may disclose information to organisations such as our ISO Certification Body, within the Certification global network.
International ISO Standards Certification and Accreditation organisations are not Australian entities and are not or regulated by the Australian Privacy Act, and accordingly may not be subject to privacy laws that provide the same level of protection as Australia.
Any such disclosure, or transfer, of information does not change our commitment to safeguard information, consistent with our management system information security controls.
If for any circumstance HCNA was to disclose personal information to an overseas recipient, HCNA will take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles (other than APP 1) in relation to that information.
QUALITY 0F PERSONAL INFORMATION
HCNA will take reasonable steps to ensure the personal information it collects is relevant, accurate, up-to- date and complete. HCNA will ensure that personal information is relevant, as well as, accurate, up-to-date and complete, having regard to the purpose of the use or disclosure.
- Clients can request to correct information of a minor nature such as their personal contact details through discussion with the HCNA office.
- Clients can request to correct or amend more significant client information such as file notes on the grounds that it is inaccurate, incomplete, out-of-date or misleading. Approval for these types of changes can only be granted by the Managing Director. Any such changes are to be clearly marked. Words changed are not to be deleted or documents are not to be removed from the file. One clear line is to be marked through the word or sentence so that the original text is readable, and the approved change is to be marked with a date and signature. (Liquid paper or similar product is not to be used).
- Request documents and processes must be documented with copies of all correspondence kept in a confidential and secure file.
SECURITY OF PERSONAL INFORMATION
Information that we have collected is stored electronically. Relevant information is available to Home Care Nurses Australia (HCNA) staff and contracted workers and is used in accordance with this policy and Home Care Nurses Australia's (HCNA) Information/Data Security Policy.
Home Care Nurses Australia (HCNA) will endeavour to take all reasonable steps to keep secure any information which we hold, keeping the information accurate and up to date and not retaining information once there is no longer a legal or business need for us to do so.
HCNA will take reasonable steps to protect the personal information it holds from interference, in addition to misuse and loss, and unauthorised access, modification and disclosure.
HCNA will take reasonable steps to destroy or de-identify personal information when it no longer needs it forany authorised purpose.
ACCESS TO PERSONAL INFORMATION
Clients
Where a client requests access to their client records, staff should refer to the Managing Director for approval.
For Employees, Volunteers and Contractors
The HR Manager will review the file and assess any information that may compromise the possible safety, privacy or confidentiality of other persons and consider the request.
In the event the approval is granted, arrangements will be made with the employee for viewing their file in the presence of the HR Manager.
Copies of documents in the file may be made with the approval of the HR Manager.
The employee may have a legal advocate or appropriate support person with them at the time of viewing the file.
All records remain the property of HCNA and may not be removed from HCNA premises.
What is Not Regarded as a Breach of Confidentiality
The following activities are not considered to be a breach of confidentiality or privacy as they are necessary for the proper discharge of professional services by HCNA:
- Discussion of specific case details during supervision, training, or professional consultation on a case;
- Providing HCNA staff access to client documents in order to analyse or maintain records and report service delivery and client statistics to stakeholders in unidentifiable client database/s.
- For the purpose of internal Clinical Audits.
- Reporting of serious matters as required by law.
- Responding to a subpoena or court order to supply information, however it is noted that strict procedures are to be followed if a subpoena is served on any HCNA staff member or the Organisation to produce documents and/or appear in court.
- The sharing of employee information with external agencies for employment- related matters, for example, workers compensation claims, industrial relations matters, employment checks.
CONCERNS OR COMPLAINTS
If Home Care Nurses Australia becomes aware of any ongoing concerns or problems relating to our Privacy Policy, we will take these issues seriously and work to address any concerns that have been brought to our attention.
If you have any further queries relating to our Privacy Policy, or you have a problem or wish to make a compliant, please contact us on [email protected]/ or contact us via our Complaints Handling process.
If you are not satisfied with our handling of your concern or complaint you may make a complaint to the Australian Information Commissioner (www.oaic.gov.au).
Concerns or complaints in relation to management of client and staff personal and sensitive information should be directed to the Managing Director.
IMPLEMENTATION
Policy Authorised by
Managing Director
Effective from
09 May 2023
Responsibilities
- Administration of the Privacy Policy resides with the Executive Services Manager.
- Monitoring of employees adhering to this Policy will be conducted by the Line Manager and other managers; with support from the Managing Director and Executive Services Manager as deemed necessary.
- Coordinators and Managers are responsible for ensuring staff are suitably qualified and trained in the standards of privacy and confidentiality.
- Each Line Manager is responsible for ensuring that all employees under their direction act according to the conditions of this Policy.
REVIEW AND AMENDMENT
This Privacy Policy may be updated from time to time to keep abreast of our changing operating environment or legislative changes. Each time this Policy is changed it is given a new version, by date if issue. It is not our policy to give any specific notices regarding changes to this Policy, other than posting the updated version on our website. This policy shall remain current unless further reviewed or amended. The policy shall be reviewed within a three year period.
Review History
09th May 2023: Privacy Policy approved by the Managing Director
APPENDIX
Background
This policy has been developed consistent with relevant Federal and State legislation. Key legislation underpinning this policy includes but is not limited to:
- Privacy Act 1988 (Cth)
- Information Privacy Act 2009 (QLD)
- Privacy and Data Protection Act 2014 (VIC)
- Crimes Act 1958 (VIC)
Terms Used
In this Privacy Policy, we use the following terms:
"Personal Information" as it is defined in the Privacy Act 1988 (Cth) means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information, or opinion, is true or not; and
- whether the information, or opinion, is recorded in a material form or not.
Personal information also includes 'sensitive information' which is information such as your race, religion, political opinions or sexual preferences, biometric information used for biometric verification or identification, biometric templates and health information. Information which is 'sensitive information' attracts a higher privacy standard under the Privacy Act 1988 (Cth) and is subject to additional mechanisms for your protection.
"Sensitive information" means information or an opinion about an individual such as race or ethnic origin, political opinions/associations or religious or philosophical beliefs, criminal record, sexual preferences, professional or health information and records, criminal history checks, working with children checks, income and bank details, and grievances, etc. It includes personal and sensitive information that is maintained electronically, in case notes, employee files, on video, audio cassette, photographed, written/printed or verbal information given by, or about, a client, a staff member, a volunteer or contractor to an HCNA staff member. It also includes professional opinion/s if the individual can be identified from that opinion/information.
"Health Information" as defined in the Privacy Act 1988 (Cth) is a particular subset of "personal information" and means information, or an opinion, about:
- the health (at any time) of an individual; or
- an individual's expressed wishes about the provision, to them, of health services; or
- a health service provided or to be provided to an individual that is also personal information.