Access Wellbeing Services (AWS), as a division of Centrecare is committed to protecting and upholding the right to privacy of customers, clients, staff, volunteers, Board/Management Committee members and representatives of agencies we deal with. In particular, Centrecare/AWS is committed to protecting and upholding the rights of our clients to privacy in the way we collect, store and use information about them, their needs and the services we provide to them.
Centrecare/AWS requires staff, volunteers, and Board/Management Committee members to be consistent and careful in the way they manage what is written and said about individuals and how they decide who can see or hear this information.
Centrecare/AWS will ensure that:
- It meets its legal and ethical obligations as an employer and service provider in relation to protecting the privacy of clients and organizational personnel. Colleagues are not to forward a staff member’s mobile number to a third party without expressed permission.
- Clients are provided with information about their rights regarding privacy.
- Clients and organisational personnel are provided with privacy when they are beinginterviewed or discussing matters of a personal or sensitive nature.
- All staff, Board/Management Committee members and volunteers understand what isrequired in meeting these obligations.
- No information will be published where you could be identified without your consent.
This policy conforms to the Federal Privacy Act (1988) and the Australian Privacy Principles March 2014 which govern the collection, use and storage of personal information.
This policy will apply to all records, whether hard copy or electronic, containing personal information about individuals, and to interviews or discussions of a sensitive personal nature.
Dealing with personal information
In dealing with personal information, Centrecare/AWS staff will:
- Ensure privacy for customers, clients, staff, volunteers, or Board/Management Committee members when they are being interviewed or discussing matters of a personal or sensitive nature.
- Only collect and store personal information that is necessary for the functioning of the organisation and its activities.•Use fair and lawful ways to collect personal information.
- Collect personal information only by consent from an individual.
- Ensure that people know what sort of personal information is held, what purposes it is held it for and how it is collected, used, disclosed and who will have access to it.
- Ensure that personal information collected or disclosed is accurate, complete, and up-to-date, and provide access to any individual to review information or correct wrong information about themselves.
- Take reasonable steps to protect all personal information from misuse and loss and from unauthorised access, modification or disclosure.
- Destroy or permanently de-identify personal information no longer needed and/or after legal requirements for retaining documents have expired. Some important records and documents may be held indefinitely, for example information held in relation to adoption.
- All client personal information is only stored for 12 months after no contact with the organisation.
Responsibilities for managing privacy
- All staff are responsible for the management of personal information to which they have access, and in the conduct of research, consultation, or advocacy work.
- The Chief Corporate Services is responsible for content in Centrecare publications, communications and web site and must ensure the following:
- Appropriate consent is obtained for the inclusion of any personal information about any individual including Centrecare personnel.
- Information being provided by other agencies or external individuals conforms to privacy principles.
- The website contains a Privacy Statement that makes clear the conditions of any collection of personal information from the public through their visit to the website.
- The Chief Corporate Services is responsible for safeguarding personal information relating to Centrecare staff, Board/Management Committee members, volunteers, and contractors.
Privacy information for clients
At initial assessment the clients will be told what information is being collected, how their privacy will be protected and their rights in relation to this information.
Access to Personal Information
- A client or staff member may request in writing to view their personal file.
- Client files are reviewed by a manager to ensure that third party identities are not included in the file to be viewed.
- A Centrecare manager will be present while the file is being viewed by the client or staff member.
- No notes, photocopies, or photographs of the file can be made by the client or staff member.
- All files remain the property of Centrecare.
- If access is denied, Centrecare will provide a reasonable explanation.
Privacy for interviews and personal discussions
To ensure privacy for clients or staff when discussing sensitive or personal matters, the organisation will:
- Make appointments through a dedicated Client Liaison Officer in a private interview space.
- Conduct counselling/interviews in a private interview space.
- Ensure home visits are conducted with clients in a private area.
- Desks between staff are spaced at the regulatory Occupation Health and Safety distance.
Dealing with an eligible data breach
An eligible data breach is one where there is unauthorised access, unauthorised disclosure, or loss of personal information that a reasonable person would conclude is likely to result in serious harm to the individuals concerned, even though immediate remedial action has been taken. Individuals who are affected by the confirmed eligible data breach will be notified of the breach promptly. The data breach will also be reported to the Office of the Australian Information Commissioner (OAIC) as soon as practicable, by either calling 1300 363 992, or using the Online Notifiable Data Breach Form, which can be found on the OAIC website.
Participants in research projects
People being invited to participate in a research project must be:
- Given a choice about participating or not.
- Given the right to withdraw at any time.
- Informed about the purpose of the research project, the information to be collected, and how information they provide will be used.
- Given copies of any subsequent publications.
The collection of personal information will be limited to that which is required for the conduct of the project. Individual participants will not be identified.
Organisational participants in research projects will generally be identified in Centrecare research, unless the nature of a particular project requires anonymity, or an organisation specifically requests it.
If you feel aggrieved by anything we do in relation to how we handle your sensitive and private information, please put your concerns in writing and send them to the Chief Corporate Services, Centrecare, 456 Hay Street, Perth WA 6000. We will respond within 30 days. If you are still dissatisfied after you receive our reply, you may appeal in writing to “The Office of the Australian Information Commissioner (OAIC), GPO Box 5218 Sydney NSW 1042” or through the website http://www.oaic.gov.au. You may also phone the Commissioner’s hotline on 1300 363 992.
Limits to Confidentiality
There are limits to confidentiality as required by law and these are when there is:
- Immediate or grave danger to the client or others (e.g. if one has reason to believe that the subject is suicidal or homicidal).
- Recent or ongoing child abuse.
- Recent or ongoing abuse of a dependent adult.
- Diseases or conditions subject to mandatory public health reporting.
- Serious crime.
This document is uncontrolled when printed
Reviewed: August 2023