Purpose
The purpose of this policy is to define how Reachability Australia handles personal information, in compliance with the Australian Privacy Principles and relevant legislation. The policy aims to:
Scope
This policy applies to all situations in which we collect, hold, use and disclose personal information. This includes (but is not limited to) the personal information we obtain and hold in relation to:
Statistical information that is used for service delivery reporting is de-identified and aggregated to a level that makes the identification of individuals impossible. It is therefore is not personal information as defined and is not covered by this policy.
Policy Statement
In the following policy, ‘we’ refers to the organisation, staff and programs of REACHABILITY AUSTRALIA, ‘you’ refers to any person who engages with REACHABILITY AUSTRALIA, and ‘your information’ is any personal information we collect from or about you to provide you services.
At REACHABILITY AUSTRALIA, we respect your right to privacy, and uphold your right to have your personal information privacy maintained. Protecting privacy when handling personal information is very important to us and is fundamental to the way in which we operate.
When we collect or are given your personal information, it imposes a responsibility upon us to protect that information and maintain the trust that has been given. We do this in accordance with our legal obligations and in line with reasonable expectations.
We make sure that each person providing personal information is informed about and understands the purpose of collecting the information and how it will be used. Where information is provided by a third party, we ensure we have the informed consent of the person concerned.
We commit to collecting, holding and using personal information appropriately, for the use/s for which we hold it, and in accordance with the Privacy Act. Further, we take all reasonable steps to protect personal information from unauthorised disclosure, loss, misuse or alteration.
Unless it is noted expressly in this policy, we do not make distinction between the handling of personal information and sensitive information (including health information). We treat all information with the same levels of respect, and the same security protections.
At REACHABILITY AUSTRALIA, we collect, hold and use a range of personal information through our business.
1.1 What information we collect and hold
We collect personal information only for purposes that are directly related to the services and activities of REACHABILITY AUSTRALIA. For most people, we collect and hold names and contact details (phone, address, email). These details allow us to identify and communicate with you for our business purposes.
In addition, we collect and hold:
We may also keep a record of our communication or interaction with you.
When you use our website, we also collect (via cookies) information about your website use and browser preferences to improve our website function and experience.
Anonymity: In circumstances where we will have no need to contact you in the future, you have the right to anonymity or to use a pseudonym when interacting with us; provided that:
1.2 How we collect information
We use methods for collecting personal information that are lawful and fair.
We obtain personal information in many ways including:
We also collect some information about website users via cookies to allow us to monitor and improve our website; but we do not link this information to your personal record.
Wherever possible, we collect personal information directly from you, or from your authorised representative. This means we will usually ask you to provide the information we need. If somebody else needs to be involved, we will seek your consent to talk to them. We will collect each type of information in an appropriate way, so that your privacy is maintained during the collection process.
We will always explain to you why we are collecting the information and how we plan to use it. Where relevant, we will also ensure you understand the consequences (if any) of providing incomplete or inaccurate information.
Sometimes we collect your information from a third party; but usually only if we have your consent, or we believe you would reasonably expect us to collect your information in this way. We may also do this if it is necessary for a specific purpose, such as the investigation of a privacy complaint.
If we receive personal information unsolicited from a third party, we will determine whether the information could reasonably have been collected if we had asked. If so, we will retain it for use. If not, the information will be de-identified or destroyed (provided it is not unlawful to do so).
When you interact with us, we may ask you to confirm some of your personal details. This is so that we can ensure that our records are complete, accurate and up-to-date; and also so we can ensure that we are adding any new information we collect to the correct personal record.
2.1 How we hold and protect personal information
We protect and secure the personal information we hold by methods that are lawful, secure and fit-for-purpose and we limit access to personal information to authorised individuals with a business need consistent with the reason the information was provided.
We hold your information in secure, individual records. Your information may be stored as:
We have password-protected electronic systems for each of our programs and services, purpose-built and managed, and only available to authorised users; and we have secure physical storage for records that need to be retained in hard copy.
Where we collect information in hard copy, we enter the details from the form into our electronic record. We have processes in place to ensure as far as possible that the right personal information is being added to the right personal record in a timely manner. Once the record is updated:
Once a hard copy record is no longer required, we securely dispose of the original form.
We keep your information only for as long as it is required for business purposes or by law.
2.2 How we use personal information
We only use personal information for the purpose(s) for which it was given to us, or for purposes that are directly related to one of its functions or activities. So, if you access a service from REACHABILITY AUSTRALIA, we use your information in order to provide you with healthcare or supports that meet your needs. We may use some of your information for related business activities, such as arranging a Medicare claim, or for clinical audits (where we measure and improve the quality of care that we provide).
All our staff members sign a confidentiality agreement, and we train, support and manage staff to ensure that the privacy of your personal information is protected at all times, and that information is only accessed, used and shared when it is required.
Direct Marketing: We may use your information to identify services or events that may be of interest to you. In this instance, we may then make contact with you. REACHABILITY AUSTRALIA will only do this with your consent and will give you the choice to opt out of receiving such information in future.
Generally, personal information that is held by REACHABILITY AUSTRALIA is not shared with others. We will disclose it only:
If you are unable to provide consent and provided REACHABILITY AUSTRALIA is not aware that disclosure is against your wishes, we will share information where it is necessary in order to be able to provide care or treatment. In all circumstances, we aim to limit the amount of information disclosed to that which is necessary for the purpose of the disclosure.
3.1 When we disclose personal information
We share personal information only when it is necessary as part of the service we are providing to you. For example, we may disclose information to:
In other circumstances where REACHABILITY AUSTRALIA is expressly required or permitted to do so under the Privacy Act, we may also disclose personal information to other parties where we are legally required to do so, such as under a court order.
If you do not wish us to disclose information to a particular party, you can notify us of this; and we will advise you of any impact it may have to our ability to provide you with services.
Notifiable Data Breaches: We take every effort to protect the personal information we hold, and to ensure it is only used and shared appropriately. In the event that your personal information is accessed or disclosed inappropriately, and we believe that this breach of your privacy may result in harm, we will manage this in accordance with the requirements of the Privacy Act, and will notify and update you accordingly.
3.2 How we disclose personal information
Personal information may be shared in various ways, including:
We take steps to ensure that each time any personal information is being shared, it is being shared with the right person at the right time and for the agreed purpose, and that it is being transmitted securely.
We take particular precautions with the disclosure of identified information and ensure that any information that could identify you is only ever disclosed in person or transmitted in a secure manner.
Overseas Transfers: Under normal circumstances, we will not transfer any personal information overseas. We only transfer your personal information overseas if the transfer is:
You have the right to request access to the personal information we hold about you, and to request updates and corrections. You can also change your preferences and consents as needed.
4.1 How to access your information
At any time, you can request to access the personal information we hold about you. This includes the details we have in our records that we have collected or created, as well as information about you that has been provided to us by other people, such as opinions provided by specialists.
You can request access by asking the person or team you work with, or by making a request to our Privacy Officer, at the details below. If you require assistance putting a request in writing, please talk to a member of staff or contact us on (07) 3505 6469. We will aim to provide you with the requested information in an appropriate form within 30 days.
If providing access to the requested information requires a significant amount of time (such as to locate personal information or to collate or present it in an appropriate form), REACHABILITY AUSTRALIA may charge a fee for providing access. We will advise you if this is the case, before we start to act on your request.
Note that in rare circumstances, where it is permitted under the Privacy Act, it may not be possible to provide you with access to all, or parts of, the information from our records. If we are unable to provide access, we will advise why this is so.
4.2 How to update your information
If the information that we hold about you is out of date, inaccurate, incomplete, irrelevant or misleading, you can inform us of this and it will be corrected. If you have changed your mind about information provided, or about consents you have given or refused, you can also inform us of that and we will update your record.
In most instances, you are able to notify us verbally of changes required. Occasionally, however, we may ask you to provide evidence or confirm certain information in writing, so we can ensure that our records are accurate. In this case, we will notify you and work with you to get the information right.
Updating Health Information: We treat the updating of health information differently to other types of personal detail and will usually add an update rather than deleting or amending the original record. This is because, when in the future we review our records, or need to provide a health service, we may need to access the (inaccurate) information we had at the time – for example, to see why a particular course of treatment was prescribed.
If the information you wish to update relates to your health, we will generally add the current or amended information to the record, and clearly associate it with the inaccurate information to ensure that all subsequent users of the information are aware of the amendment. We do not typically delete health information.
4.3 Rights over children’s information
We take particular care with determining who is able to exercise privacy rights regarding the personal information of children and young people (under 18 years old). We work to ensure that these rights are exercised by the young person wherever possible, and by the most appropriate person in each instance. We assess individually each case to determine whether a minor is able to exercise their privacy rights regarding personal information.
If you are under 18 years old, and you request access to or correction of your personal information, we would take into consideration:
If you are under 18 and another person requests access to your information, we will only disclose your information to them if we are permitted to do so under the Privacy Act, and:
If you are a person wishing to access or change information held about a child, you may need to provide evidence of your identity and your relationship to the young person (and/or decision-making capacity) before we can provide you any information or action your request.
We take complaints and concerns regarding privacy seriously. If you believe that there has been a breach of this policy, you should lodge a complaint at the details below.
Complaints that are received will be forwarded to REACHABILITY AUSTRALIA’s Privacy Officer and resolved in accordance with our Feedback Policy and associated management and response protocols. Complaints will normally be investigated and we aim to resolve them and communicate to the complainant within 35 days. We also have an internal review process if you are unhappy with the resolution.
It is a good idea to discuss any privacy concerns with us first, to see whether we can work together to resolve the issue; but if you do not feel your complaint has been adequately resolved or addressed, you can raise a complaint with either:
You can also contact the OAIC for information or support with privacy matters, either online at www.oaic.gov.au or by telephone on 1300 363 992.
Contact Details
Related Documents
References
Definitions
Consent means agreeing or giving permission for something to happen. It includes express consent and implied consent.
Health information, under the Privacy Act, is:
that is also personal information;
Personal information, under the Privacy Act, means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
Record is a document, database (hardcopy or electronic) or a photograph or other pictorial representation of a person.
Sensitive information, per the Privacy Act, is:
REACHABILITY AUSTRALIA requires contractors that may have any access to personal information to sign non-disclosure agreements and comply with the Privacy Act, and does not permit them to subcontract their services.
Unless a person specifically gives consent for identifiable personal information to be shared with medical researchers, we de-identify any such information before disclosing it.
© 2023 Reachability Australia. |
ACKNOWLEDGEMENT
Reachability Australia acknowledges Aboriginal and Torres Strait Islander peoples as the First Peoples of Australia and we pay our respects to their elders past, present and future who we share this great region with.
DIVERSITY COMMITMENT
Reachability Australia is committed to embracing diversity and eliminating all forms of discrimination in the provision of health services. We welcome all people irrespective of ethnicity, lifestyle choice, faith, sexual orientation and gender identity.
OUR FUNDING
Gratitude to NDIS and Self-Funded Participants for Trusting Us in Quality Care Provision. NDIS supports diverse areas such as education, employment, social engagement, independence, living arrangements, and holistic well-being.
Please complete the form below to apply for this position
Please click the button below to submit an NDIS Support Enquiry. Most customers receive a response to their enquiry or referral in the next business day.