Diversicare will use all reasonable efforts to protect the privacy of your personal information and to comply with the obligations required by the Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs).
Our policy applies to all staff (including contracted agency staff) and volunteers.
We will only collect personal information by lawful and fair means and will only collect personal information that is necessary for one or more of our organisation’s functions or activities.
If it is reasonable and practicable to do so, we will only collect personal information about you from you.
In meeting our obligations with respect to the privacy of our clients we acknowledge that people with vision or hearing impairments and those of culturally and linguistically diverse backgrounds may require special assistance and consideration.
The purpose of this policy and procedure is to:
i) ensure personal information is managed in an open and transparent way;
ii) protect the privacy of personal information including Health Information of clients;
iii) provide for the fair collection and handling of personal information;
iv) ensure that personal information we collect is used and disclosed for relevant purposes only;
v) regulate the access to and correction of personal information; and
vi) ensure the confidentiality of personal information through appropriate storage and security.
Personal Information is information or an opinion, whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Sensitive Information includes information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record, biometric information, biometric templates, health information about an individual and genetic information.
Health Information is:
i) information or an opinion about:
ii) other personal information collected to provide, or in providing, a health service;
iii) other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances; or
iv) genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual.
Unsolicited Information is all personal information received from an individual that we did not actively seek to collect.
We will collect and use information about you during the course of your relationship with Diversicare. Below is detailed when and how this information may be collected, used and disclosed.
It is important that the information we hold is up to date.
We will only collect Personal Information about you by fair and lawful means and only if the information is necessary for one or more of our functions as an aged care provider and collection of the Personal Information is necessary to:
i) comply with the provisions of state or commonwealth law;
ii) provide data to government agencies in compliance with state or commonwealth law;
iii) determine eligibility to entitlements provided under any state or commonwealth law;
iv) provide appropriate services and care;
v) enable contact with a nominated person regarding a client’s health status; and
vi) lawfully liaise with a nominated representative and to contact family if requested or needed.
You may not want to provide some information to us. The information we request is only relevant to providing you with the care and services you may need. If you choose not to provide us with some or all of the information we request, we may not be able to provide you with the care and services you require.
We will not collect your Sensitive Information (including Health Information) unless the collection of the information is reasonably necessary for or directly related to one or more of our functions and:
i) you have consented to the collection of this information; or
ii) the collection of the information is required or authorised by or under an Australian law or a court/tribunal order; or
iii) a permitted general situation exists to the collection of the information; or
iv) a permitted health situation exists in relation to the collection of the information; or
Personal Information and Sensitive Information (including Health Information), may be collected:
i) from you;
ii) from any person or organisation that assesses health status or care requirements, for example the Aged Care Assessment Team;
iii) from your health practitioner;
iv) from other health providers or facilities;
v) from family members or significant persons; and
vi) from your legal advisor.
We will collect Personal Information from you unless:
i) we have your consent to collect the information from someone else; or
ii) we are required or authorised by law to collect the information from someone else; or
iii) it is unreasonable or impractical to do so.
At admission, you may sign or have signed a Consent form indicating third parties that you give consent to retrieve information from and divulge information to.
If we receive Personal Information from an individual that we have not solicited and we could not have obtained the information by lawful means, we will destroy or de-identify the information as soon as practicable and in accordance with the law.
We will at or before the time or as soon as practicable after we collect Personal Information from an individual take all reasonable steps to ensure that the individual is notified or made aware of:
i) our identity and contact details;
ii) the purpose for which we are collecting Personal Information;
iii) the identity of other entities or persons to whom we usually disclose Personal Information to;
a) Permitted disclosure
Personal Information will not be used or disclosed for a purpose other than the primary purpose of collection, unless:
i) the secondary purpose is related to the primary purpose (and if Sensitive Information directly related) and the individual would reasonably expect disclosure of the information for the secondary purpose;
ii) the individual has consented;
iii) the information is Health Information and the collection, use or disclosure is necessary for research, the compilation or analysis of statistics, relevant to public health or public safety, it is impractical to obtain consent, the use or disclosure is conducted within the privacy principles and guidelines and we reasonably believe that the recipient will not disclose the Health Information;
iv) we believe on reasonable grounds that the disclosure is necessary to prevent or lessen a serious and imminent threat to an individual’s life, health or safety or a serious threat to public health or public safety;
v) we have reason to suspect unlawful activity and use or disclose the Personal Information as part of our investigation of the matter or in reporting our concerns to relevant persons or authorities;
vi) we reasonably believe that the use or disclosure is reasonably necessary to allow an enforcement body to enforce laws, protect the public revenue, prevent seriously improper conduct or prepare or conduct legal proceedings; or
vii) the use or disclosure is otherwise required or authorised by law.
b) Cross border disclosure
We will not disclose an individual’s Personal Information to an overseas recipient unless we reasonably believe the disclosure is necessary or authorised by Australian Law and the individual has provided express consent to the disclosure. If we do, we will take all steps that are reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles.
c) Disclosure of Health Information
We may disclose Health Information about you to a person who is responsible for the individual if:
i) You have given consent; or
ii) are is incapable of giving consent or communicating consent; and
iii) the Operations Manager is satisfied that either the disclosure is necessary to provide appropriate care or treatment or is made for compassionate reasons or is necessary for the purposes of undertaking a quality review of our services (and the disclosure is limited to the extent reasonable and necessary for this purpose); and
iv) the disclosure is not contrary to any wish previously expressed by the individual of which the Operations Manager is aware, or of which the Operations Manager could reasonably be expected to be aware and the disclosure is limited to the extent reasonable and necessary for providing care or treatment.
A person responsible is a parent, a child or sibling, a spouse, a relative, a member of the individual’s household, a guardian, an enduring power of attorney, a person who has an intimate personal relationship with the individual, or a person nominated by the individual to be contacted in case of emergency, provided they are at least 18 years of age.
You have a right to request that we provide access to the Personal Information we hold about you. We shall make all reasonable attempts to grant that access unless providing access:
i) is frivolous or vexatious;
ii) poses a serious threat to the life or health of any individual;
iii) unreasonably impacts upon the privacy of other individuals;
iv) jeopardises existing or anticipated legal proceedings;
v) prejudices negotiations between the individual and us;
vi) be unlawful or would be likely to prejudice an investigation of possible unlawful activity;
vii) an enforcement body performing a lawful security function asks us not to provide access to the information; or
viii) giving access would reveal information we hold about a commercially sensitive decision making process.
Requests for access to information can be made orally or in writing and addressed to the Operations Manager of the relevant service. We will respond to each request within a reasonable time.
We will establish an individual’s identity prior to allowing access to the requested information. If unsatisfied with the individual’s identity or access is requested from an unauthorised party, we can decline access to the information.
We can also decline access to information if:
i) there is a serious threat to life or health of any individual;
ii) the privacy of others may be affected;
iii) the request is frivolous or vexatious;
iv) the information relates to existing or anticipated legal proceedings; or
v) the access would be unlawful.
We will provide in writing the reasons for declining access to the requested information.
On request (and after determining an individual’s right to access the information) we will provide access to Personal Information.
If we charge for providing access to Personal Information, those charges will not be excessive.
We aim to ensure that the Personal Information we hold is accurate, complete and up-to-date.
If you establish that the Personal Information held about you is inaccurate, incomplete, out-of-date, irrelevant or misleading we will take reasonable steps to correct the information.
If we refuse to correct the Personal Information as requested by you, we will give you written notice that sets out:
i) the reasons for the refusal, except to the extent that it would be unreasonable to refuse;
ii) the mechanisms available to complain about the refusal;
If we disagree with you about whether information is accurate, complete and up-to-date, you may asks us to associate with the information a statement claiming that the information is inaccurate, incomplete, out-of-date, irrelevant or misleading and we will take reasonable steps to do so.
We will not use or disclose Personal Information about you for the purposes of direct marketing, unless the information is collected directly from you and:
i) you would reasonably expect us to use or disclose your Personal Information for the purpose of direct marketing; and
ii) we have provided you a means to ‘opt-out’ and you have not opted out.
We will not use or disclose Sensitive Information about you for the purposes of direct marketing, unless the you have consented to the information being used for direct marketing.
If we use information for the purposes of direct marketing you may:
i) ask us not to provide direct marketing communications to them;
ii) ask us not to disclose or use the information;
iii) ask us to provide the source of the information.
We are committed to keeping the Personal Information provided to us secure. We will take all reasonable steps to ensure the Personal Information we hold is protected from misuse, interference, loss, from unauthorised access, modification or disclosure.
i) We keep the client records in secure storage areas.
ii) If the records are being carried while providing care only the staff member carrying the records will have access to them.
iii) Records of previous clients and earlier unused volumes of current clients are archived.
iv) Only professionals attending to your care have access to your information. All records shall only be used for the purpose it was intended.
v) You or your representatives shall be provided access to records as requested (see above) and after consultation with the Area Manager. At these times, a qualified staff member will remain with you or your representative to facilitate the answering of any questions raised.
vi) Your details will not be provided to a third party over the phone, unless the staff member is sure of the person’s identity making the inquiry.
vii) No staff shall make any statement about the condition or treatment of a client to any person not involved in the care except to the immediate family or representative of the client or resident and then only after consultation with the Operations Manager.
viii) All staff must be discreet with their comments at all times, protecting and respecting the privacy, dignity and confidentiality of all clients.
ix) Staff handovers must be conducted in a private and confidential manner.
Our security measures include, but are not limited to:
(i) training our staff on their obligations with respect to clients’ Personal Information;
(ii) the use of passwords when accessing our data storage system; and
(iii) the use of firewalls and virus scanning tools to protect against unauthorised interference and access.
This applies to staff (including contracted staff) who are required to have up-to-date virus protection software and firewalls installed on any device used to access documents containing Personal Information.
Contractors working on our behalf are required to:
(i) comply with the Australian Privacy Principles;
(ii) have up-to-date virus protection software and firewalls installed on any device used to access documents containing Personal Information;
(iii) notify us of any actual or potential breaches of security;
(iv) indemnify us in relation to any loss suffered by a breach.
We will, as soon as practicable, and in accordance with the law, destroy or de-identify any Personal Information that is no longer required for our functions.
No member of staff shall make any statement to the press, radio or television station or to any reporter for the media. If a staff member is approached to make a statement or comment they must refer the person to our General Manager.
If a staff member reasonably suspects or knows that the privacy of a client has been breached an Incident Report must be completed as per Diversicare’s Incidents and Accidents Policy and Procedure
Diversicare’s Privacy Officer manages and administers all matters relating to protecting the privacy of Personal Information. The Privacy Officer can be contacted if any person wishes to obtain more information about any aspect of this policy or about the way in which we operate to protect the privacy of individuals’ Personal Information. The Privacy Officer can be contacted on 1300 348 377.
You may make a complaint verbally or in writing directly to ECCQ/Diversicare, the following may be contacted:
Chairperson - Alton Budd
Phone: 07 3844 9166
Alternatively, complaints may be made to the Aged Care Safety and Quality Commission
The Commission is the primary contact for providers and consumers in relation to quality and safety in the aged care sector, including complaints.
The Commission can be contacted by:
Phone on 1800 951 822, or
Via the website at www.agedcarequality.gov.au.
Privacy Act 1988 (Cth) and the Australian Privacy Principles;
Aged Care Act 1997 (Cth);
Records Principles 1997 (Cth);
Quality of Care Principles 1997 (Cth);