Privacy and Confidentiality Policy

Policy

  1. Forrest Personnel respects and values the privacy of all information we handle on behalf of our participants, members, suppliers, contractors and customers by complying with the Commonwealth Privacy Act 1988 and the National Privacy Principles. Confidentiality is our stock in trade and the bedrock of our trust relationship with Participants.
  2. All employees of Forrest Personnel must observe and respect the confidentiality of information obtained as a result of or during the course of employment. Forrest Personnel also protects its Intellectual Property and the Confidentiality of its information.

Definitions

Confidential Information

  1. ‘Confidential information’ includes all information that relates to a Participant or has been specifically designated as confidential by Forrest Personnel, any information which relates to the commercial and financial activities of Forrest Personnel or any unauthorised disclosure of
    which would embarrass, harm or prejudice Forrest Personnel or a Participant. It does not extend to information already in the public domain unless such information arrived there by unauthorised means.

Intellectual Property

  1. All records, documents and other papers, plans, keys, tools, instruments, manuals, software, discs, etc together with any copies or extracts, made or acquired by employees in the course of employment remain the property of Forrest Personnel.
  2. Any changes, innovations and ideas initiated by an employee in the course of his/her employment with, belong to Forrest Personnel.

Personal Information

  1. Personal information refers to “information or an opinion about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion” (Privacy Act 1988). For the purposes of this Policy, “Personal information” refers to information that relates to individuals and which identifies them (e.g. an individual’s name, address, telephone number or photograph).

Sensitive Information

  1. Sensitive information is information about an individual’s race or ethnic origin, political opinions or membership, religious beliefs or affiliations, philosophical beliefs, membership of professional or trade association or union, sexuality, criminal record or health information. An individual’s consent is required to collect or disclose sensitive information.

Participant Consent to Disclosure Confidential Information

  1. Forrest Personnel recognises its legal and ethical responsibilities in maintaining the privacy and confidentiality of the consumer information it holds. Privacy relates to the non-use of any disclosed personal information for any purpose other than that consented to by the Participant. Confidentiality can be defined as the non-disclosure of personal information pertaining to a Participant or consumer, which has been given to staff by that person. With this in mind Forrest Personnel ensures that all staff receive adequate training in respect to confidentiality at orientation as well as having access to information and in-service training where relevant.
  2. Confidentiality applies to both verbal and written information including electronic transmission of information. The Participant, in sharing information about him/herself is not giving permission that it is to be used indiscriminately and all staff should be mindful of their obligations in this area. If information needs to be disclosed to another professional the Participant must provide consent to this disclosure. Such consent needs to be evidenced on the Participant’s record.

Disclosure of Confidential Information without Participant Consent

Information will be disclosed with the authority of the General Manager of Clinical Governance when:

  • Information must be disclosed to prevent loss of life or grievous injury
  • Protection of children is involved
  • Required by law – e.g. Freedom of Information Act

National Privacy Principles

  1. The NPP’s set standards for taking “reasonable” and “practical” steps to collect, store, use and disclose an individual’s “personal information” collected after 21 December 2001 and requires personal information held by organisations to be complete, accurate and secure. It also allows individuals to access their information. Organisations are also to take reasonable steps to ensure that personal information is protected from misuse, loss or unauthorised access or disclosure.
  2. Forrest Personnel is bound by the NPP’s in respect to personal and sensitive information collected on or after 21 December 2001 as well as personal and sensitive information collected prior to 21 December 2001 which is used or disclosed after that date.

Employee Privacy and Confidentiality Procedure

  1. All Forrest Personnel employees, volunteers and students are required to sign a Confidentiality Agreement which is placed in their personnel file. This document will form part of the New Employees Package.

Collection

  1. Forrest Personnel will only collect relevant personal and sensitive information through lawful and fair means directly from individuals, where possible, and advise them if personal or sensitive information has been collected from another individual or organisation. Forrest
    Personnel will obtain written consent for all sensitive information collected. Personal information will only be collected where it is necessary for Forrest Personnel to provide services or to maintain relationships.

Use and Disclosure

  1. Forrest Personnel uses and discloses personal and sensitive information to other organisations or individuals only after we have received prior consents or if it is permitted by law (e.g. duty of care issues). Forrest Personnel does not use or disclose personal or sensitive information about an individual for a purpose other than the reason it was intended.
  2. Personal information is only disclosed if it relates to a purpose the individual would reasonably expect, or it is in accordance with the law, or it is authorised by the individual (except when it relates to a serious threat or an individual’s life, is unlawful or required by law).
  3. Forrest Personnel may use personal details for the purpose of providing information to individuals, promoting events or products that may be of interest.
  4. If at any time individuals do not wish to receive this information, they have the option to ask Forrest Personnel not to send them any further information by contacting any member of staff.

Data Quality

  1. Forrest Personnel will take reasonable steps to ensure that personal and sensitive information collected, used or disclosed is accurate, complete and up-to-date.
  2. If an individual believes their personal and sensitive information held is inaccurate, incomplete or out-of-date, they are to advise Forrest Personnel.

Data Security

  1. Forrest Personnel will take reasonable steps to protect personal and sensitive information held from misuse and loss from unauthorised access, modification or disclosure. All information will be held secure through computer security controls and in locked cabinets. Forrest Personnel will destroy or permanently de-identify all personal and sensitive information no longer needed.

Openness

  1. Forrest Personnel is open about handling personal and sensitive information through the development and availability of its documents relating to privacy. This Privacy Policy provides the framework for informing individuals about the sort of personal and sensitive information held, for what purposes, and how the information is collected, held, used and disclosed. It also informs individuals about their rights to request access to their personal and sensitive information and complain if they believe their privacy has been breached.

Access and Correction

  1. Forrest Personnel provides individuals with access to, and the correction of their personal and sensitive information held about them collected prior to 21 December 2001 if it is still used, and their information collected after 21 December 2001.
  2. This is with the exception of the following;
    • It relates to a serious threat or impact upon another individual’s privacy;
    • The request is considered frivolous or vexatious;
    • It relates to legal proceedings;
    • Access is unlawful or denial of access is authorised by law; and
    • Access would prejudice statutory or legal obligations.
  3. All requests to access an individual’s personal and sensitive information are to be made by the individual to any member of staff. If the individual wishes to authorise another to access their personal information written authority is to be given first. Access will be provided immediately.

Identifiers

  1. Forrest Personnel does collect some identifiers, but does not adopt, use or disclose identifiers of an individual that has been assigned or contracted by the Commonwealth Government (e.g. a Tax File Number).

Anonymity

  1. Wherever it is lawful and practicable, Forrest Personnel will provide individuals with the option of not identifying themselves.

Trans Border Data Flows

  1. Forrest Personnel does not transfer personal and sensitive information overseas.

Sensitive Information

  1. Forrest Personnel only uses and discloses sensitive information collected with prior consents after justifying the need and legality to collect and hold such information. Sensitive information is only disclosed if it relates to a serious and imminent threat to life or safety.

End of Employment

  1. Restrictions regarding confidential information continue to apply to an employee after the termination of his/her employment with Forrest Personnel.
  2. All records must be returned to Forrest Personnel. Copies in the possession of the employee (including electronic records) must be destroyed.

Participant Privacy, Dignity and Confidentiality

  1. Forrest Personnel respects and values the privacy, dignity and confidentiality of all participants.
  2. Forrest Personnel believes that all Participants should receive the same level of privacy dignity and confidentiality as is expected by the rest of the community and is committed to ensuring the rights of Participants are upheld.
  3. To specify the standards of Privacy, Dignity and Confidentiality in Forrest Personnel Personnel’s dealings with prospective, current and past users of Forrest Personnel Personnel’s services. The policy has been framed around individuals’ rights as they are specified in the Privacy Act (1988), Freedom of Information Act (1982), Disability Services Act (1993) and Standard 4 of the Disability Services Standards (1993).

Participant Privacy and Confidentiality Procedure

Information Collection

  1. All Staff and Volunteers will:
    • Ensure collection of personal and sensitive information is for the primary purpose of service provision and communication to service recipient.
    • At the time of registration advise participants that all files are stored in a lockable filing cabinet when not in active use by Staff. Also advise that all other participant information is maintained on the computer system and is protected by password and daily backup.
    • Provide the participant with a copy of Forrest Personnel Personnel’s Privacy Statement if requested.
    • Collect information from the participant directly or indirectly.
    • Inform the participant of the organisations to whom information is usually disclosed and the reason and obtain Authority to Release and Obtain Information Form.

Disclosure of Information

  1. All Staff and Volunteers will:
    • Ensure disclosure of an individual’s personal or sensitive information to a third party for any reason other than the main purpose of collection is prohibited, unless the individual is informed and provides informed consent to do so.
    • Personal and sensitive information will only be released without consent if required to do so by law or in a medical emergency.
    • The disclosure is necessary to prevent or lessen a serious and imminent threat to the life, health or safety of the individual or of another person. Ordinarily an imminent threat would be a threat of bodily injury, mental health, illness or death.
    • The disclosure is required or authorised by law.
    • The disclosure is reasonably necessary for the enforcement of the law.
    • Anyone providing information about a Participant is to be made aware that the agency policy is to make all that information available to the participant.
    • Where a professional report is requested by a participant for viewing the permission/supervision of the author of the report is required.

Handling of Personal Information (Data Security)

  1. All Staff and Volunteers will:
    • Ensure Personal Information is Stored Securely
    • Protect personal information from misuse, loss and from unauthorised access, modification or disclosure.
    • Should a participant file need to be transported then it is to be locked in the boot of the vehicle/ out of sight or, if posted must be sent by registered post.
    • Unauthorised people are not to have access to the area where records are kept unless supervised.
    • Information containing personal or sensitive information that is no longer required is to be disposed of by placing the information in a confidential bin for secure shredding. If sites do not have a confidential bin or shredder, forward the documents to the Head office in Bunbury requesting that they be destroyed by secure means.
    • If a participant deregisters from Forrest Personnel, their file is to be forwarded to Administration for archiving.
    • Archived files will be retained for a full 7 years from the date of deregistration.
    • If it is required to send personal or sensitive information outside the organisation via e-mail, which has been consented to by the individual, the standard practice will be to use the participants Job Seeker Identification (JSID).
    • Participant personal information is not to be displayed on notice boards, or in areas where it is easily accessed by third parties.

Access to Information by Participant

  1. Response to Access Request:
    • Under the Privacy Act individuals have access to view personal information that the organisation holds on them.
    • Participants can make a verbal request to view their file at any time
    • Staff member has 24 hours to retrieve file and provide for participant to read while in the office.
  2. Inform Participant of the following:
    • A member of Forrest Personnel staff will be present at all times to address any concerns and take any action requested.
    • File contents are not to be removed or marked.
    • If information is recorded incorrectly, they have a right to have it corrected or a note made to state that the information is in dispute.
    • Where a professional report is requested by a participant for viewing the permission/supervision of the author of the report is required.
    • Participant may request to have copies of any information in the file.
    • Participant may have any other party present with them to view the file.
    • If a Participant requests copied information to be forwarded to them and the request is made in any manner except in person it should be through a signed letter.
    • Copies only will be forwarded no originals.

Interviews and Meetings

  1. Interviews and meetings are to be held in interview rooms/venues to ensure privacy for the participant.

Record Management

  1. Records are to be maintained in accordance with Forrest Personnel Personnel’s Filing and Archiving Log. Refer to Document Control and Records Management.

Continuous Improvement of Privacy and Security

  1. All suggestions and problems will be brought to attention of Area Manager.
  2. Area Manager will notify GM Services.
  3. Key risks are to be identified, assessed and mitigated as risks by the Quality and Compliance
    Committee as part of Forrest Personnel’s overall Risk Management strategy on the advice of
    the GM Clinical Governance and GM Services.

Complaints about Breaches of Privacy

  1. If an individual believes that their personal and sensitive information has not been treated with privacy she/he can contact the CEO by telephoning (08) 9792 3333 or by forwarding a written complaint to the following address:

    CEO, Forrest Personnel
    PO Box 6309
    SOUTH BUNBURY
    Western Australia 6230

  2. If a Participant is of the opinion that Forrest Personnel has breached their privacy they may:
    • Make a complaint (Participant/Stakeholder Complaints),
    • Phone Forrest Personnel Personnel’s GM Services on (08) 9792-3333, or
    • Phone the Privacy Commissioner on 1300 363 363

Review

Authority: Chief Executive Officer
Created: May 2013
Reviewed: October 2017
Approved: May 2016