Privacy Policy

HUON REGIONAL CARE – PRIVACY POLICY

1. Aim

Huon Regional Care understands the importance of protecting the privacy of an individual’s personal information (including health information). We aim to protect the privacy of your personal information, your rights in relation to your personal information managed by us and the way we collect, use and disclose your personal information.

2. Policy

This policy outlines how we manage and secure your personal information and describes the kinds of personal information we hold, for what purpose, how it is collected, used and disclosed.

In handling your personal information, we will comply with the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APPs), the Aged Care Act 1997 (Cth) and the Aged Care Principles.

We will only collect Personal Information by lawful and fair means and will only collect Personal Information that is necessary for one or more of our organisation’s functions or activities. If it is reasonable and practicable to do so, we will collect Personal Information about an individual only from that individual.

In meeting our obligations with respect to the privacy of our clients we acknowledge that people with vision or hearing impairments and those of culturally and linguistically diverse people may require special consideration.

3. What kinds of personal information do we collect and hold?

Personal information is any information that identifies an individual or any information from which an individual’s identity could reasonably be ascertained. During the provision of our services, including if you access our website, we may collect your personal information.
We generally collect the following types of information:
1. personal information provided by you, including your name, address, telephone number and email address;
2. health and financial information in the event that you enter our care as a resident;
3. information that we obtain about you in the course of your interaction with our website including your internet protocol (IP) address, the date and time of your visit to our website, the pages you have accessed, the links on which you have clicked and the type of browser that you were using;
4. aggregated statistical data which is information relating to your use of our website and our services, such as traffic flow and demographics;

We may need to collect sensitive information (other than health information) but unless that information is authorised to be collected by law we will only collect sensitive information that is reasonably necessary for our functions.

4. How do we collect personal information?

Personal information (including health information), may be collected:
a) from a client or resident;
b) from any person or organisation that assesses health status or care requirements, for example the Aged Care Assessment Team;
c) from the health practitioner of a client or resident;
d) from other health providers or facilities;
e) from family members or significant persons of a client or resident;
f) when we provide services to you or your family member;
g) when you fill out a form or give us paper correspondence or email;
h) when you give us information over the telephone;
i) when you interact with us through our website and social media channels including Facebook and LinkedIn, although we will only interact with you on confidential matters via a secure forum;
j) from the Guardianship Board, Medicare and Centrelink; and
k) from a legal advisor of a client or resident.

We will collect personal information from the client or resident unless:
a) we have the consent of the client or resident to collect the information from someone else; or
b) we are required or authorised by law to collect the information from someone else; or
c) it is unreasonable or impractical to do so.

5. Why do we collect your personal information?

We will only collect Personal Information about an individual by fair and lawful means and only if the information is necessary for one or more of our functions as an aged care provider and collection of the Personal Information is necessary to:
— to identify you;
— to provide aged care services to you;
— to enable allied health care providers and medical practitioners to provide care and services to you;
— to enable us to obtain the correct level of government funding in relation to your care;
— to enable contact with a nominated person regarding your health status;
— to lawfully liaise with a nominated representative and to contact family if requested or needed;
— to identify and inform you of any other services that may be of interest to you;
— to fulfil any of our legal requirements; or
— for other purposes permitted or referred to under any terms and conditions you enter into or otherwise agree to with respect to our services.

Some individuals may not want to provide information to us. The information we request is relevant to providing them with the care and services they need. If the individual chooses not to provide us with some or all of the information we request, we may not be able to provide them with the care and services they require.
You have the option to remain anonymous, or to use a pseudonym when dealing with us where it is lawful and practical to do so.

In certain circumstances we may be required to collect government related identifiers such as your tax file number, Medicare number, Centrelink reference number, drivers licence number, passport number and individual healthcare identifiers. We will not use or disclose this information unless the use or disclosure is permitted under the Privacy Act.

6. Use and Disclosure

We may disclose your personal information to allied health professionals who assist us in providing care and services, medical practitioners, external health agencies such as the ambulance service, hospitals, the Australian Department of Social Services, the Aged Care Standards and Accreditation Agency, Medicare and relevant State health authorities as necessary to carry out the purposes for which the information was collected. We may not use or disclose personal information for a purpose other than the primary purpose of collection, unless:

a. the secondary purpose is related to the primary purpose and you would reasonably expect disclosure of the information for the secondary purpose;
b. you have consented;
c. the information is health information and the collection, use or disclosure is necessary for research, the compilation or analysis of statistics, relevant to public health or public safety, it is impractical to obtain consent, the use or disclosure is conducted within the privacy principles and guidelines and we reasonably believe that the recipient will not disclose the health information;
d. we believe on reasonable grounds that the disclosure is necessary to prevent or lessen a serious and imminent threat to an individual’s life, health or safety or a serious threat to public health or public safety;
e. we have reason to suspect unlawful activity and use or disclose the personal information as part of our investigation of the matter or in reporting our concerns to relevant persons or authorities;
f. we reasonably believe that the use or disclosure is reasonably necessary to allow an enforcement body to enforce laws, protect the public revenue, prevent seriously improper conduct or prepare or conduct legal proceedings; or
g. the use or disclosure is otherwise required or authorised by law.

We will not disclose your personal information to an overseas recipient.

We may disclose Health Information about an individual to a person who is responsible for the individual if:
a. the individual is incapable of giving consent or communicating consent;
b. the service manager is satisfied that either the disclosure is necessary to provide appropriate care or treatment or is made for compassionate reasons or is necessary for the purposes of undertaking a quality review of our services (and the disclosure is limited to the extent reasonable and necessary for this purpose); and
c. the disclosure is not contrary to any wish previously expressed by the individual of which the service manager is aware, or of which the service manager could reasonably be expected to be aware and the disclosure is limited to the extent reasonable and necessary for providing care or treatment.

A ‘person responsible’ is a parent, a child or sibling, a spouse, a relative, a member of the individual’s household, a guardian, an enduring power of attorney, a person who has an intimate personal relationship with the individual, or a person nominated by the individual to be contacted in case of emergency, provided they are at least 18 years of age.

We will at or before the time or as soon as practicable after we collect Personal Information from an individual take all reasonable steps to ensure that the individual is notified or made aware of:
a) our identity and contact details;
b) the purpose for which we are collecting Personal Information;
c) the identity of other entities or persons to whom we usually disclose Personal Information to;
d) that our privacy policy contains information about how the individual may complain about a breach of the APPs and how we will deal with a complaint; and
e) whether we are likely to disclose Personal Information to overseas recipients and if so, the countries in which such recipients are likely to be located and if practicable, to specify those countries.

7. Access to your personal information.

If at any time you would like to access or change the personal information that we hold about you, or you would like more information on our approach to privacy, please contact our office.
To obtain access to your personal information, you will have to provide us proof of identity. This is necessary to ensure that personal information is provided only to the correct individuals and that the privacy of others is protected. We will take all reasonable steps to provide access to your personal information within 30 days from your request. In less complex cases, we will try to provide information within 14 days.
If providing you with access requires a detailed retrieval of your personal information, a fee may be charged for the cost of retrieval and supply of information.

8. Personal Information Quality and Correction

We aim to ensure that the Personal Information we hold is accurate, complete and up-to-date. Please contact us if any of the Personal Information you have provided to us has changed. Please also contact us if you believe that the information we have about you is not accurate, complete or up-to-date.

If an individual establishes the Personal Information held about them is inaccurate, incomplete, out-of-date, irrelevant or misleading we must take reasonable steps to correct the information. If we refuse to correct the Personal Information as requested by the individual, we will give the individual written notice that sets out:
a) the reasons for the refusal, except to the extent that it would be unreasonable to refuse;
b) the mechanisms available to complain about the refusal; and
c) any other matter prescribed by the regulations.

If we disagree with an individual about whether information is accurate, complete and up-to-date, and the individual asks us to associate with the information a statement claiming that the information is inaccurate, incomplete, out-of-date, irrelevant or misleading we will take reasonable steps to do so.

If we correct personal information that we have previously disclosed to another entity, and you ask us to tell the other entity about the correction, we will take reasonable steps to tell the other entity about the correction unless it is impractical or unlawful to do so.

If we receive Personal Information from an individual that we have not solicited and we could not have obtained the information by lawful means, we will destroy or de-identify the information as soon as practicable and in accordance with the law.

9. Personal Information Security

We take all reasonable steps to ensure that the personal information we hold is protected against misuse, loss, unauthorised access, modification or disclosure. We hold personal information in both hard copy and electronic forms in secure databases on secure premises, accessible only by our authorised staff.

Non-current information is archived in secure premises in accordance with our Information Management Policy.

However, we cannot guarantee the security of any personal information transmitted to us via the Internet.

10. Media and Website

No member of staff shall make any statement to the press, radio or television station or to any reporter for the media. If a staff member is approached to make a statement or comment they must refer the person to our Chief Executive Officer.

When you come to our website www.huonregionalcare.org.au we may collect certain information such as browser type, operating system, website visited immediately before coming to our site, etc. This information is used in an aggregated manner to analyse how people use our site, such that we can improve our service.

Our site may from time to time have links to other websites not owned or controlled by us. These links are meant for your convenience only. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. Please be aware that Huon Regional Care is not responsible for the privacy practices of other such websites. We encourage our users to be aware, when they leave our website, to read the privacy statements of each and every website that collects personal identifiable information.

11. Reporting Eligible Data Breaches

An eligible data breach is either:
a) Unauthorised access or disclosure of your information or information that relates to you that a reasonable person would conclude is likely to result in serious harm to you; or
b) Where your information or information that relates to you is lost in circumstances where unauthorised access or disclosure of information is likely to occur and it can be reasonably concluded that such an outcome would result in serious harm to you.

If we suspect that there has been an eligible data breach we will carry out a reasonable and expeditious assessment.
If we have reasonable grounds to believe that there has been an eligible data breach we will notify you and the OAIC and will provide:
a) a description of what occurred;
b) the kinds of information concerned; and
c) recommended steps that you should take in response to the data breach.

12. Privacy Complaints

Please direct all privacy complaints to the Privacy Officer – Chief Executive Officer, Barry Lange at [email protected]
3278 Huon Highway, Franklin TAS 7113 Phone – 03 6264 7100
At all times, privacy complaints will:
— be treated seriously;
— be dealt with under the Huon Regional Care Complaints Management Process;
— be dealt with as promptly as possible;
— be dealt with in a confidential manner; and
— not affect your existing obligations or affect the commercial arrangements between you and us.

Our Privacy Officer or his delegate will conduct the investigation into your complaint. You will be informed of the outcome of your complaint following completion of the investigation.

13. External Complaint Mechanism

If you are not happy with the outcome of the Privacy Officer’s investigation or we have not replied to you within a reasonable, then you can raise your concern with the Office of the Australian Information Commissioner (OAIC)
Complaints can be made to OAIC in the following ways:
Office of the Australian Information Commissioner
Telephone: 1300 363 992
Email: [email protected]
Mail: GPO Box 5218 Sydney NSW 2001
Online: https://www.oaic.gov.au/privacy/privacy-complaints/

Huon Regional Care Privacy Policy October 2019