POLICY
We will use all reasonable efforts to protect the privacy of individuals’ personal information and to comply with the obligations imposed by the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APPs), the Aged Care Act and the Aged Care Principles.
This policy applies to all staff (including contracted agency staff) and volunteers.
We will only collect personal information by lawful and fair means and will only collect personal information that is necessary for one or more of our organisation’s functions or activities.
If it is reasonable and practicable to do so, we will collect personal information about an individual only from that individual.
In meeting our obligations with respect to the privacy of our clients we acknowledge that people with vision or hearing impairments and those of culturally and linguistically diverse people may require special consideration.
PURPOSE OF POLICY
PROCEDURE
What is “Personal Information”?
Personal Information is information or an opinion, whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
What is “Sensitive Information”?
Sensitive Information includes information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record, biometric information, biometric templates, health information about an individual and genetic information.
What is “Health Information”?
Health Information is:
What is “Unsolicited Information”?
Unsolicited Information is all personal information received from an individual that we did not actively seek to collect.
What is an “Employee Record”?
An Employee Record is a record of personal information relating to the employment of the employee. Examples of personal information relating to the employment of the employee are Health Information about the employee and personal information about all or any of the following:
COLLECTION, USE AND DISCLOSURE
We will collect and use information about you during the course of your relationship with us.
We explain below when and how we may collect, use and disclose this information.
It is important that the information we hold about you is up to date. You must let us know when the information you have provided has changed.
We will only collect Personal Information about an individual by fair and lawful means and only if the information is necessary for one or more of our functions as an aged care provider and collection of the Personal Information is necessary to:
Some individuals may not want to provide information to us. The information we request is relevant to providing them with the care and services they need. If the individual chooses not to provide us with some or all of the information we request, we may not be able to provide them with the care and services they require.
We will not collect your Sensitive Information (including Health Information) unless the collection of the information is reasonably necessary for or directly related to one or more of our functions and:
METHODS OF COLLECTION
Personal Information and Sensitive Information (including Health Information), may be collected:
We will collect Personal Information from the client or resident unless:
At admission, a client or resident should identify any parties from whom they do not wish Personal Information accessed or to whom they do not wish Personal Information provided. This should be recorded in the file of the client or resident and complied with to the extent permitted by law.
Unsolicited Information
If we receive Personal Information from an individual that we have not solicited and we could not have obtained the information by lawful means, we will destroy or de-identify the information as soon as practicable and in accordance with the law.
Staff records
We must keep a record in respect of staff about:
We may also collect Personal Information about a staff member relating to their employment being Employee Records (as defined above).
Notification
We will at or before the time or as soon as practicable after we collect Personal Information from an individual take all reasonable steps to ensure that the individual is notified or made aware of:
Use and disclosure of information
a) Permitted disclosure
We may not use or disclose Personal Information for a purpose other than the primary purpose of collection, unless:
If we receive Personal Information from an individual that we have not solicited, we will, if it is lawful and reasonable to do so, destroy or de-identify the information as soon as practicable.
We will not disclose an individual’s Personal Information to an overseas recipient. If we do, we will take all steps that are reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles, unless:
We may disclose Health Information about an individual to a person who is responsible for the individual if:
iii) the disclosure is not contrary to any wish previously expressed by the individual of which the service manager is aware, or of which the service manager could
reasonably be expected to be aware and the disclosure is limited to the extent reasonable and necessary for providing care or treatment.
A person responsible is a parent, a child or sibling, a spouse, a relative, a member of the individual’s household, a guardian, an enduring power of attorney, a person who has an intimate personal relationship with the individual, or a person nominated by the individual to be contacted in case of emergency, provided they are at least 18 years of age.
ACCESS
You have a right to request that we provide you access to the Personal Information we hold about you (and we shall make all reasonable attempts to grant that access) unless providing access:
Requesting access
Requests for access to information can be made orally or in writing and addressed to the service manager of the relevant service. We will respond to each request within a reasonable time.
Declining access
An individual’s identity should be established prior to allowing access to the requested information. If unsatisfied with the individual’s identity or access is requested from an unauthorised party, we can decline access to the information.
We can also decline access to information if:
We will provide in writing the reasons for declining access to the requested information. Granting access
On request (and after determining an individual’s right to access the information) we should provide access to Personal Information.
Charges
If we charge for providing access to Personal Information, those charges will not be excessive.
PERSONAL INFORMATION QUALITY
We aim to ensure that the Personal Information we hold is accurate, complete and up-to-date. Please contact us if any of the Personal Information you have provided to us has changed. Please also contact us if you believe that the information we have about you is not accurate, complete or up-to-date.
CORRECTION
If an individual establishes the Personal Information held about them is inaccurate, incomplete, out-of-date, irrelevant or misleading we must take reasonable steps to correct the information.
If we refuse to correct the Personal Information as requested by the individual, we will give the individual written notice that sets out:
the reasons for the refusal, except to the extent that it would be unreasonable to refuse;
If we disagree with an individual about whether information is accurate, complete and up-to-date, and the individual asks us to associate with the information a statement claiming that the information is inaccurate, incomplete, out-of-date, irrelevant or misleading we must take reasonable steps to do so.
We will not use or disclose Personal Information about an individual for the purposes of direct marketing, unless the information is collected directly from you and:
Sensitive Information
We will not use or disclose Sensitive Information about an individual for the purposes of direct marketing, unless the individual has consented to the information being used for direct marketing.
An individual’s rights in relation to direct marketing activities
If we use information for the purposes of direct marketing the individual may:
PERSONAL INFORMATION SECURITY
We are committed to keeping secure the Personal Information you provide to us. We will take all reasonable steps to ensure the Personal Information we hold is protected from misuse, interference, loss, from unauthorised access, modification or disclosure.
Information of a Client or Resident
Security measures
Our security measures include, but are not limited to:
This applies to staff (including contracted staff) who are required to have up-to-date virus protection software and firewalls installed on any device used to access documents containing Personal Information.
Contractors working on our behalf are required to:
We will, as soon as practicable and in accordance with the law, destroy or de-identify any Personal Information that is no longer required for our functions.
MEDIA
No member of staff shall make any statement to the press, radio or television station or to any reporter for the media. If a staff member is approached to make a statement or comment they must refer the person to our Public Relations or Media Manager
PRIVACY OFFICER
We have appointed a Privacy Officer to manage and administer all matters relating to protecting the privacy of individual’s Personal Information.
The Privacy Officer can be contacted if any relevant person wishes to obtain more information about any aspect of this policy or about the way in which we operate to protect the privacy of individual’s Personal Information.
As stated above, complaints may also be made to the Privacy Officer if any person suspects we have breached this Privacy Policy, the Australian Privacy Principles or they are otherwise unhappy with the management of their or if they are responsible for another person, that person’s Personal Information.
If you wish to make a complaint about the way we have managed your Personal Information you may make that complaint verbally or in writing by setting out the details of your complaint to the Privacy Officer at:
Name of the Organisation: Trinity Manor
Postal Address: P.O. Box 190, Balwyn, VIC 3103
Phone: 03 9091 5200
Online: Contact Us Page
The Privacy Officer will follow the organisation’s Complaints Procedure which involves a response as soon as practicable and action taken based on a risk assessment and within 30 days. A copy of the procedure is available upon request.
Alternatively, complaints may also be referred to a number of services as set out below:
(a) Australian Information Commissioner
The Australian Information Commissioner receives complaints under the Act. Complaints can be made:
Online: http://www.oaic.gov.au/privacy/making-a-privacy-complaint
By fax: on +61 2 9284 9666
In writing:
Address your letter to the Australian Information Commissioner at the:
Address your letter to the Australian Information Commissioner at the:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
OR
Office of the Australian Information Commissioner
GPO Box 2999
Canberra ACT 2601
(b) Aged Care Complaints Commissioner
The Aged Care Complaints Commissioner receives complaints about aged care services under the Act. Complaints can be made:
Online: https://www.agedcarecomplaints.gov.au/raising-a-complaint/lodge-a-complaint/online-complaints-forms/
By phone: on 1800 550 552.
Or if you need an interpreter you can phone the Translating and Interpretation Service on 131 450 and ask them to put you through to the Aged Care Complaints Commissioner on 1800 500 552.
For hearing or speech impaired TTY users phone 1800 555 677 then ask for 1800 550 552.
For Speak and Listen users phone 1800 555 727 then ask for 1800 550 552.
For Internet relay users connect to https://internet-relay.nrscall.gov.au/.
In writing to:
Aged Care Complaints Commissioner
GPO Box 9848
Melbourne, Victoria