Privacy and Condentiality Policy
Privacy and Condentiality Policy
Policy:
Description:
This policy ensures we protect and handle personal information in accordance with the NDIS and relevant privacy legislation. We acknowledge an individual’s right to privacy while recognising that personal information is required to be collected, maintained and administered in order to provide a safe working environment and a high standard of quality.
The information we collect is used to provide services to participants in a safe and healthy environment with individual requirements, to meet duty of care obligations, to initiate appropriate referrals, and to conduct business activities to support those services.When:
- applies to all personal information and sensitive personal information including the personal information of employees and participants
- applies to all company confidential information – that is any information not publicly available.
In Relation to:
Applies to all representatives including key management personnel,
directors, full time workers, part time workers, casual workers,
contractors and volunteers.
Created by:
Zara England
Approved By:
Zara England
Approved Date:
10 Jun 2025
Review Date:
30 Apr 2026
Details of Policy
1. Privacy and confidentiality guidelines
To support the privacy and confidentiality of individuals:
● we are committed to complying with the privacy requirements of the Privacy Act, the Australian Privacy Principles and for Privacy Amendment (Notifiable Data Breaches) as required by organisations providing disability services
● we are fully committed to complying with the consent requirements of the NDIS Quality and Safeguarding Framework and relevant state or territory requirements
● we provide all individuals with access to information about the privacy of their personal information
● each individual has the right to opt out of consenting to and providing their personal details if they wish
● individuals have the right to request access to their personal records by requesting this with their contact person
● where we are required to report to government funding bodies, information provided is non-identifiable and related to services and support hours provided, age, disability, language, and nationality
● personal information will only be used by us and will not be shared outside the organisation without your permission unless required by law (e.g. reporting assault, abuse, neglect, or where a court order is issued)
● images or video footage of participants will not be used without their consent
● participants have the option of being involved in external NDIS audits if they wish.
2. Security of Information
To keep information secure:
● we take reasonable steps to protect the personal information we hold against misuse, interference, loss, unauthorised access, modification and disclosure
● we ensure personal information is accessible to the participant and is able for use only by relevant workers
● we ensure security for personal information includes password protection for IT systems, locked filing cabinets and physical access restrictions with only authorised personnel permitted access
● we ensure personal information no longer required is securely destroyed or de-identified.
3. Data Breaches
As part of information security responsibilities:
● we will take reasonable steps to reduce the likelihood of a data breach occurring including storing personal information securely and accessible only by relevant workers
● if we know or suspect your personal information has been accessed by unauthorised parties, and we think this could cause you harm, we will take reasonable steps to reduce the chance of harm and advise you of the breach, and if necessary the Office of the Australian Information Commissioner.
4. Breach of Privacy and Confidentiality
A breach of privacy and confidentiality is an incident:
● follow the Manage incident process to resolve
● may require an investigation
● an intentional breach will result in disciplinary action up to and including termination of employment.
5. Personal Information Collection Statement
We collect information about you for the primary purpose of providing quality supports and services to you. We need to collect some personal information from you to ensure our services meet your needs. If you do not provide this information, we may be unable to fully provide these services. This information will also be used for:
- administrative purposes for running our service
- billing you directly, through the NDIS, or other agency if required
- use within our service to ensure you are provided with quality supports and services
- disclosure of information to the NDIA, the NDIS Quality and Safeguards Commission, or other government agencies if needed
- disclosure of information to health professionals to ensure high quality health care for you if needed
- disclosure to other providers, with your consent, in order to provide appropriate services
You may contact us by email, mail or phone using the details provided at the bottom of this page. You have the right to gain access to the information we hold about you.
Our privacy policy (available upon request) contains information on how you may request access to, and correction of, your personal information and how you may complain about a breach of your privacy and how we will deal with such a complaint.
We need to collect information about you for the primary purpose of providing quality supports and services. In order to fully provide these services, we need to collect some personal information from you. This information will also be used for the administrative purposes of running the practice such as billing you or through the NDIS. Information will be used within the service for planning and managing your plans and supports. We may disclose information regarding you to other service providers or health professionals only with your consent. We will not disclose your information to commercial companies, however specific service or product information as deemed suitable for your management, may be forwarded to you by us, unless you instruct us not to forward this type of information. We do not disclose your personal information to overseas recipients. Your personal information will only be used by us and will not be shared outside the organisation without your permission, unless required by law (eg reporting assault, abuse, neglect, or where a court order is issued).
File information is stored securely and accessed only by our workers. We take all reasonable steps to ensure that information collected about you is accurate, complete and up-to-date. You may have access to your information on request and if you believe that any of the information is inaccurate, we may amend it accordingly. If you do not provide relevant personal information, in part or in full, this may result in the provision of incomplete support or services which may impact on your plans and goals
We do not disclose your personal information to overseas recipients.
We have a privacy policy that is available on request and attached to this consent form. This policy provides guidelines on the collection, use,disclosure and security of your information.
To ensure the process of quality support and services, information about you may be given to other service providers who also provide you services.
Any concerns you may have about this statement or the information we store about you can be directed to the contact listed below.
