Purpose

The privacy and confidentiality policy serves as a cornerstone in safeguarding sensitive information and fostering trust between the organisation and its clients, employees, and stakeholders.

The primary purpose of such a policy is to articulate the organisation's commitment to protecting the privacy and confidentiality of personal and sensitive data collected or handled during its operations. This policy outlines the procedures and measures in place to ensure that information is collected, stored, processed, and shared in a secure and ethical manner, in compliance with applicable laws and regulations. By establishing clear guidelines for the handling of confidential information, including data encryption, access controls, and confidentiality agreements, the policy helps mitigate the risk of unauthorised access, data breaches, and misuse of information.

The privacy and confidentiality policy promotes transparency and accountability, as it informs individuals about their rights regarding their personal data and how it will be used.
Ultimately, the purpose of a privacy and confidentiality policy is to uphold the trust and confidence of stakeholders, protect sensitive information, and demonstrate the organisation's commitment to respecting privacy rights and maintaining confidentiality.

​

Scope

This extends to all workers (includes workers, students, contractors, and volunteers) and participants and meets relevant laws and regulations and standards.

Workers are expected to be familiar with and apply this policy in all their actions.

​

Policy

We are committed to protecting and upholding clients right to privacy and confidentiality.

We acknowledge our requirement to comply with the Australian Privacy Act (1988) (Cth) and the Australian Privacy Principles.

This policy is to be read alongside the Privacy and Dignity Policy found in the Rights and Responsibilities Manual.

​

Definitions

Worker:
Anyone who carries out work for a person conducting a business or undertaking regardless of whether they are full-time, part-time or casual. This can be an:

• employee

• contractor or subcontractor, or an employee thereof

• outworker, such as a contractor or worker who is engaged to work from their home or at a place that would not previously have been thought of as a business premise

• apprentice or trainee

• school-based work experience student

• labour hire worker

• volunteer.
   

Procedures

Privacy and Consent for Clients:

Personal information may be collected from prospective or current clients communicating with us in the following formats: standard forms in writing, or over the Internet; email or during a telephone conversation with us.

We will seek the consent of the client before disclosing information to any other party. Disclosure will strictly be based on a ‘need to know,’ basis. This will be discussed with clients when developing their Service Agreement and reminded at yearly reviews and when a Client Consent form is documented or updated.

With the client’s consent, we may collect personal information from other service providers, chosen supporters and/or community members, who the client requests to be involved. Additional consent will need to be sought to share information with other providers or informal community supports if identified at Service Agreement, Assessment, Support Planning, or ongoing support meetings.

Clients can change their mind at any time about consenting to a party accessing their personal information. When we agree to provide supports to a client, we are required to obtain the consents necessary to provide those supports.

Clients may withdraw consents at any time. Workers managing their supports will be aware of consents that are essential for us to provide those supports and must explain the consequences to clients (and/or their chosen supporters) if withdrawal of consents affects provision of supports.

Where clients are unable to provide consent, workers managing supports for that client such as a family member, carer, guardian, or advocate who is legally allowed to act on a behalf of a client can provide consent.
Client consents must be placed on the client’s individual file. Where a written consent could not be obtained this should be documented on the client’s file.

​

Confidentiality:
We are committed to maintaining the confidentiality of information relating to clients.

Information that a client has provided to assist in the delivery of supports is always confidential, unless that client consents to disclosure (in writing).

Our personnel must not disclose information about a client that is identifiable directly or indirectly to that person without the written consent of that person, unless required by law. Where written consent is not available or appropriate, you must facilitate the client to be supported by a carer, family member or advocate empowered to make an informed decision about consent.

From time to time, additional consents may be sought; for example, to allow other personnel to investigate complaints or incidents. If consent is denied, investigation can proceed based on de-identified documents, unless the law requires disclosure.

​

Opt In and Opt Out of Audit Process for Clients:
For the purposes of external audits as part of registration renewal, clients will be opted into the audit process unless they opt out. This means:


• A consent form is completed for each client, which includes an opt out process for audits.

• Prior to each audit, we will remind clients about the audit process, including the ‘opt out option’ indicating:

  • Clients agree to talk with the audit team which may include face to face, phone or skype or other method as suitable to the client.

  • Clients agree to have their files reviewed.

• If clients do not wish to engage in the audit process, this is called an ‘opt out’.

We will ensure that all clients involved in the audit process have consented to do so, with evidence of such placed on the client’s file.

​

General Business Information:
We may publish information on our business activities. If client stories or photographs are used on any published material or the web site, specific consent must be obtained and documented.

​

Monitoring and Review

We will review these policies and procedures at least annually. This process will include a review and evaluation of current practices and service delivery types, contemporary policy and practice in this clinical area, the Incident Register and will incorporate worker, client, and another stakeholder feedback. Feedback from service users, suggestions from worker and best practice developments will be used to update these policies.

The Document Control Register and Continuous Improvement Register will be used to record and monitor progress of any improvements identified and where relevant feed into service planning and delivery processes.

​

Date

Privacy and Confidentiality Policy and Procedure v9.10.2023