Privacy and Confidentiality Policy
You can download our Privacy and Confidentiality Policy by clicking the link below (PDF document):
|TITLE OF AUTHOR:||Project Manager, Accreditation|
|NAME OF RESPONSIBLE DIRECTOR:||Jessian Polk|
|EFFECTIVE DATE:||November 2018|
|NEXT REVIEW DATE:||November 2019|
This policy ensures AUSCARE SUPPORT protects and handles personal information in accordance with the NDIS and relevant privacy legislation. AUSCARE SUPPORT acknowledges an individual’s right to privacy while recognising that personal information is required to be collected, maintained and administered in order to provide a safe working environment and a high standard of quality.
The information we collect is used to provide services to participants in a safe and healthy environment with individual requirements, to meet duty of care obligations, to initiate appropriate referrals, and to conduct business activities to support those services.
This policy applies to all personal information, including sensitive personal information, used and held by AUSCARE SUPPORT for participants and employees.
This policy applies to all personal information and sensitive personal information including the personal information of AUSCARE SUPPORT employees and participants.
This policy applies to all AUSCARE SUPPORT company confidential information – that is, any information not publicly available.
This policy applies to all areas of AUSCARE SUPPORT’s service at all times.
This policy applies to everyone in the organisation including key management personnel, full-time workers, part-time workers, casual workers, contractors and volunteers.
Personal information includes (regardless of its accuracy):
- phone number
- email address
- date of birth
- recorded opinions or notes about someone
- any other information that could be use to identify someone.
Sensitive personal information can include personal information that is normally private, such as:
- health information
- political opinions
- membership of a political association, professional or trade association or trade union
- religious beliefs or affiliations
- philosophical beliefs
- criminal record
- biometric information (such as finger prints)
A data breach is a type of security incident where personal, sensitive or confidential information normally protected, is deliberately or mistakenly copied, sent, viewed, stolen or used by an unauthorised person or parties. A data breach where people affected by the data breach are at risk of serious harm as a result, is reportable to the Office of the Australian Information Commissioner.
- AUSCARE SUPPORT is fully committed to complying with the privacy requirements of the Privacy Act, the Australian Privacy Principles and for Privacy Amendment (Notifiable Data Breaches) as required by organisations providing disability services
- AUSCARE SUPPORT is fully committed to complying with the consent requirements of the NDIS Quality and Safeguarding Framework
- AUSCARE SUPPORT will provide all individuals with access to information about the privacy of their personal information
- individuals have the right to request access to their personal records by requesting this with their contact person
- where AUSCARE SUPPORT is required to report to government funding bodies, information provided is non-identifiable and related to service and support hours provided age, disability, language, and nationality
- personal information will only be used by AUSCARE SUPPORT and will not be shared outside the organisation without your permission unless required by aw (eg reporting assault, abuse, neglect, or where a court order is issued).
- AUSCARE SUPPORT takes reasonable steps to protect the personal information we hold against misuse, interference, loss, unauthorised access, modification and disclosure
- personal information is accessible to the participant and is available for use by relevant workers
- security for personal information includes password protection for IT systems, locked filing cabinets and physical access restrictions with only authorised personnel permitted access
- personal information no longer required is securely destroyed or de-identified.
- AUSCARE SUPPORT will take reasonable steps to reduce the likelihood of a data breach occurring including storing personal information securely and accessible on by relevant workers
- if AUSCARE SUPPORT knows or suspects your personal information has been accessed by unauthorised parties, and we think this could cause you harm, we will take reasonable steps to reduce the chance of harm and advise you of the breach, and, if necessary, the Office of the Australian Information Commissioner.
- a breach of privacy and confidentiality is an incident – follow the Manage Incident process to resolve
- a breach of privacy and confidentiality may require an investigation
- an intentional breach of privacy and confidentiality will result in disciplinary action up to and including termination of employment.
|VERSION||DATE||AUTHOR||SUMMARY OF CHANGES|
|1.0||16/11/18||Project Manager, Accreditation||New Policy|