PURPOSE

ACQA is committed to improving its approach to privacy, confidentiality and information sharing. The organisation is bound by all relevant Commonwealth and State Privacy legislation, as well as other laws that impose specific obligations in regard to handling personal information that directly or indirectly identifies a person.

 ACQA will operate in compliance with all relevant privacy and confidentiality legislation and will strive to apply best practices in sharing information in all its activities. The privacy policy and principles in this document are in accordance with these laws.

ACQA is committed to protecting the privacy of personal information. This Privacy Policy embodies this commitment. The policy supports the organisations need to collect information and the right of the individual to privacy. It ensures that ACQA can collect personal information necessary for its services and functions, while recognising the right of individuals to have their information handled in ways that they would reasonably expect and in ways that protect the privacy of their personal information.

 

SCOPE

This policy applies to all individuals associated with ACQA.

 

POLICY

1. General

 1.1. ACQA  treats all information about its Residents, clients, board members, employees, visitors and volunteers as confidential and will not divulge information to people who do not need to know or whom the organisation does not have a legal requirement to tell or will only divulge information where the health and safety of those concerned may be severely compromised.

1.2. All staff of ACQA paid or unpaid will be required to sign a confidentiality agreement.

1.3. ACQA  recognises the right of its residents, clients, board members, employees, visitors and volunteers to have information about them treated as confidential.

1.4.This policy and procedure sets out guidelines for making decisions about who may need to know certain pieces of information.

 

2. Overriding Principles

 2.1.       Collection of Information

2.1.1.   ACQA will not use, adopt or disclose any government related identifiers.

2.1.2.   ACQA will not collect sensitive information about a person unless the person consents to the collection of the information.

2.1.3.   ACQA will make every effort to determine that the individual who is disclosing information is a responsible person who is legally capable of making a disclosure, either for themselves or on behalf of a client.

2.1.4. Sensitive information involves information relating to a person’s:

2.1.4.1. ethnic origin,

2.1.4.2. sexual preference,

2.1.4.3. religious, philosophical or political beliefs,

2.1.4.4. criminal record,

2.1.4.5. health information or genetic information

2.1.5. In collecting information, ACQA will provide:

2.1.5.1. Its contact details;

2.1.5.2. what the information will be used for;

2.1.4.3. to whom else the information will be disclosed;

2.1.4.4. the rights of the person to access the information; and

2.1.4.5. if ACQA  is likely to disclose the information to overseas recipients,  in which countries the recipients of the information are likely to be located.

2.1.4.5. Access to the ACQA complaints – grievance procedure.

2.2.       Disclosure of Information

2.2.1    ACQA or any of its staff members will not disclose information to people who do not need to know it.

2.2.2.    Sometimes, situations may arise where it would be appropriate to break confidentiality or disclose information. Circumstances which may be considered as appropriate are as follows (but not limited to):

2.2.2.1. Where it is considered by the staff in receipt of the information that an

organisation or individual will be placed at risk of physical danger and withholding information could cause harm or injury.

2.2.2.2. Where it is disclosed or considered that a criminal offence has been or will be committed.

 2.2.2.3. Information disclosed relating to acts of terrorism.

 2.2.2.4. Disclosure of information relating to the protection of children.

 2.2.2.5. Disclosure of information relating to the protection of vulnerable adults.

 2.2.2.6. Disclosure of information according to the Australian Privacy Principles.

 2.2.2.7. Where it is considered essential to break confidentiality, the person whose confidentiality is to be broken will in normal circumstances be informed.

 2.2.3. Any threat of self-harm, violence in relation to ACQA  clients, board members, employees, visitors and volunteers, or a serious threat against another person will be recorded and reported to the ACQA  CEO or relevant senior staff member. ACQA has a duty of care under the work health and safety legislation to staff, volunteers and those associated with ACQA.

 2.2.4. Action by ACQA management when assessing whether to disclose confidential information to external agencies without the consent of the client:

 2.2.4.1. If any ACQA employee believes that confidential information should be passed onto another party or agency, without consent, they should brief the ACQA  CEO on the full facts of the case. If the ACQA CEO agrees that action is required, a full report on the case as well as all actions undertaken may be required by the ACQA CEO. The ACQA employee is responsible for ensuring that all necessary actions are undertaken.

2.2.4.2. In circumstances where ?the ACQA CEO needs to disclose confidential information, advice and approval from the ACQA Board Chair or Deputy Chair should be sought.

2.2.4.3. If the circumstances are such that advice from the Chair of the ACQA Board is sought, the Chair of the ACQA Board may decide to ask the ACQA  Chief Executive to seek professional or legal advice. Any legal or professional advice sought will assess whether the information should be disclosed, and if so, to whom and how. It will also consider and advise on the rights of those concerned.

 2.2.4.4. The decision to disclose information or break confidentiality ultimately lies with the Chief Executive Officer of ACQA.

2.3. Quality of Information

 2.3.1.   ACQA will ensure personal information that is collected, used or disclosed is:

2.3.1.1. accurate

2.3.1.2. current

2.3.1.3. complete

2.3.1.4. relevant

 2.3.2. Upon request ACQA will correct any personal information collected to ensure its quality.

 2.3.3. If that information has been disclosed to a third-party, ACQA will take reasonable steps to notify the other entity of the correction.

 2.3.4. All updates and corrections of information will be completed within 2 business days (where possible).

 2.3.5. In situations where information cannot be corrected, ACQA will inform the concerned person and provide them with options and the opportunity to raise a complaint.

2.4. Security of information

2.4.1. ACQA will take all reasonable steps to ensure that the information it collects is protected from misuse, interference, loss and from unauthorised access, modification or disclosure.

2.4.2. All personal information collected by ACQA will be kept under lock and key for hard copies and password protected for electronic files.

2.5. Access to Information

 2.5.1. All BACQA staff members can access to their personal information upon request to the ACQA CEO.

 2.5.2. All ACQA clients can access their personal information upon request and approval from theBarossa Village  CEO.

 2.5.3. Where possible, ACQA will respond to request for access to information in two business days.

 2.5.4. The ACQA CEO will provide written notice should requests for access to information be rejected.

 2.5.5. Where possible, written notice will be sent to the relevant person within 2 business days of the decision to reject the request.

2.6. Complaints

2.6.1. A complaint about information privacy is an expression of dissatisfaction with ACQA procedures, staff, agents or quality of service associated with the collection or handling of personal or health information.  ACQA will be efficient and fair when investigating and responding to information privacy complaints.

 2.6.2. The process for investigation and response to these complaints is set out in ACQA Complaints Policy and Procedures document.

 

3. Confidentiality in the workplace:

 

3.1 Confidentiality is always applied to any information given by ACQA clients, board member, staff, volunteers and visitors. 

3.2 All enquiries received by ACQA should be treated in strict confidence. It is not necessary to inform all callers of the confidentiality policy as a matter of course. However, should the caller ask about confidentiality, they should be informed of ACQA policy statement on privacy and confidentiality, that written information is available and how to access the written information.

3.3 Discussion of enquiries is encouraged between ACQA employees, to enable them to offer the best possible service. However, in general, personal details about the inquiry should be kept confidential when possible. Identifiable information may be passed to other ACQA employees where it is deemed in the best interest of the person; for example informing an individual about work projects they could be involved in. All such discussion should be purposeful and respectful.

3.4 Discussion of enquiries outside the work environment is discouraged, even when those concerned cannot be identified.

3.5 Except in the most exceptional circumstances no identifiable information about an enquiry is passed to anyone outside of ACQA without the permission of those concerned and it is only passed on a need to know basis. 

3.6 If it is difficult to ascertain whether an individual is giving consent to share information or not, in this situation, the major criterion for decision making will be the extent to which the person's physical and emotional wellbeing are put at risk by not sharing the information.

3.7 This principle does not hold where information is required by law e.g.: tax office and other statutory agencies whose request for information is also upheld by legislation.

3.8 Staff members are in a position of trust and thus have a responsibility to manage confidential information appropriately. Inappropriate disclosure of information pertaining to a ACQA client, staff, Board member, volunteer or visitor without their express consent may put an organisation or people at risk.

3.9 Employees with ready access to information about ACQA, its clients, services    and the people who use them must not divulge such information outside of the     constraints of their work.

3.10 These principles hold whether information is obtained or shared directly, indirectly or by inference. Breach of the principles by staff may be deemed gross misconduct and appropriate sanctions will be applied.

 

4. Member Confidentiality/Information Sharing Procedures

 

4.1. ACQA holds information about its members. Information should be shared only on the basis of who needs to know in order to ensure privacy and confidentiality to the organisation and the individual.

4.2. For new members, ACQA will ask them to sign a consent form that explains     what ACQA may do with the information they have given us.

4.3. A record will be kept of all meetings and decisions, either as minutes or notes. Where possible, who  that information has been shared with should be noted.

 

5. Staff Confidentiality/Information Sharing Procedures

 

5.1. ACQA holds information about the people it employs. Employees have a right of access to any files that are kept in reference to their employment. Any specific requirements are outlined in the appropriate sections below.

5.2. Personnel Files: These are organisational files holding evidence of employment held by ACQA. They log the staff member's career with the organisation and include items such as the original application, references, changes in terms and conditions, notes of any formal warnings, any letters of commendation the organisation gets sent, sickness certificates and notification, as well as any references ACQA has written on the person's behalf. Personnel files can be accessed by the relevant ACQA staff and the ACQA CEO. ACQA auditors can also ask for access to specific information from them for audit    purposes.

 Staff can have access to their own file, including references and third party information after having given notice to the ACQA CEO.

 Sensitive information held for any legal purposes may only be accessed by authorised staff.

5.3. Payroll Files: These are a set of files for time sheets, pay, superannuation and tax records. Apart from the relevant employee, these files may be accessed by the ACQA CEO, Finance Officer and auditors.

5.4. Performance Management Files: These are held by the ACQA CEO and can only be accessed by the relevant staff member and the Barossa Village CEO. They contain supervision notes, notes pertaining to informal discussions between the member of staff and theBarossa Village CEO and notes of any discussions pertaining to monitoring of performance e.g. appraisal documentation. They may   also contain records of annual leave/other absences.

 

6. Specific Instances of Information Confidential To Staff.

There are a number of situations where it is a specific responsibility of ACQA to ensure that they do not release the nature of information concerning a member of staff.

 6.1.  Sickness: ACQA  staff members that are sick may choose to share information about the nature of their sickness to theACQA CEO. The ACDQA CEO may also require a staff member to submit a medical/sickness certificate. This information may also be passed on to the ACQA Finance Officer. Reasons for people's absence due to sickness should not be discussed beyond theACQA CEO and Finance Officer unless authorised by the staff member. Information relating to sickness/health may also be passed to work health Officers / advisors as well as to ACQA's insurers. Other than this, the individual will decide who else should know what about their state of health and pass the information on accordingly.

 6.2. Recruitment: Who applies for posts, whether they are short listed, whether they are appointable is all confidential information, until the person has accepted the job offer. It can be very uncomfortable for internal candidates when their colleagues have this information. People involved in the recruitment process should be particularly mindful of the confidentiality of internal candidates.

6.2. Disciplinary and Grievance: Any information within ACQA, whatever its status, may be used for the purposes of investigating and resolving a disciplinary or grievance matter and must be relayed by staff with knowledge of the matter under investigation. Please refer to ACQA’s complaints procedure for further information. There is potential for other people to become aware of some pieces of information as any investigation proceeds. It is important for both the investigator and the complainant/appellant to remember that neither is empowered to discuss the situation with others outside of the following:

Any advisor;

Any union or other formal representative;

Individuals who may be substantive witnesses about relevant information to their involvement;

Other managers who may also be assisting with the investigation.

 Any written documentation pertaining to the investigation or grievance might also be seen by an administrative officer. If a disciplinary penalty is awarded this will be placed in the member of staffs personnel file. Copies of correspondence pertaining to any formal grievance will also be placed on the member of staff's personnel file.

 

7. Media

 

7.1. From time to time ACQA may be asked for information about clients or staff and the functioning of the organisation itself for media purposes. All requests for information for the media relating to ACQA clients or staff must be forwarded to the relevant ACQA  senior manager and then approved by the ACQA CEO. Where possible, a written agreement should be made covering what information is required, for what purposes and how it is to be presented.

 

8.      Confidential Information via Mail / Written Material

 

8.1. All incoming mail is subject to issues of confidentiality. Incoming posted mail is opened by the aCQA  Administrative staff and forwarded to the addressee.

8.2. If the envelope is marked ‘Private and Confidential’, mail should be opened by the addressee only or in his/her absence by the ACQA CEO. Where incoming mail is marked ‘Personal’ it should only be opened by the addressee.

8.3. For outgoing mail, where it may be important that only the person to whom the communication is addressed should see it, then the envelope should be marked 'Strictly Private and Confidential - to be opened by addressee only'.

8.4. Any internal notes, memos and letters which carry confidential information pertaining to specific individuals or organisation(s) should be placed in an envelope or folder and marked confidential.

8.5. If unclear about the status of information being sent then it should be marked 'confidential 'anyway.

 

9. Who Owns The Content Of Written Matter?

 

9.1. Written matter is always part owned by the organization / person sending it and part owned by the organization / person(s) receiving it. Therefore considerations of confidentiality are due to both parties. If in doubt about the status of a communication you should check it with the sending and receiving parties.

 

10. Phone Calls and Other Conversations

 

10.1. All staff need to be vigilant around the making and taking of phone calls particularly in shared offices and in public places when using a mobile phone. Where you think other people may overhear a confidential conversation, you should relocate the call to a more private space.

 

 11. Clear Desk / Clear Wall Issues

 

 11.1. Confidential information should not be left visible and unattended on desks or in filing trays where there is easy access. It should never be posted on walls. Where information is unattended temporarily it should be removed by being put in an envelope or drawer, given to someone for temporary safekeeping or the office should be locked.

 

ACQA staff members are also required to consider what is on their desk or computer screen when people are standing nearby. If necessary, turn over written text or display a screen saver on the computer screen.

 

12. ACQA Board

 

 12.1. TheACQA  Board has the right to access any information held by the organisation. However, this right would be expected to be used on a need to know basis, and would generally, though not always, be taken up through the ACQA CEO.

 

13.  ASSOCIATED DOCUMENTS

 

13.1. Internal Documents

             Policies

1.15                    Information and Record Management

1.22                    Brokerage

1.25                    Computer Use

2.17                    Performance Management & Discipline Policy

2.21                    Code of Conduct

4.09                    Respecting the Privacy and Dignity of Clients

 

Procedures

 

G02                     Performance Management & Discipline

FC01                   Employment

FC08/09/10      Admissions Process

FC-C11               Assessment, Care Planning and Review

FC28                   Complaints Process

FC34                   Privacy

CS:54                  Community Care Privacy and Confidentiality

 

Forms

 

F01-40                Staff Handbook

F34-02                Privacy Statement

F34-04                Client / Representative Privacy Policy Information and Consent                             Form

F34-05                Request for Information

F34-08                Archived File Retrieval Register

 

 Relevant Legislation

 

 Privacy Amendment (Enhancing Privacy Protection) Bill 2012

 Freedom of Information Act 1991

 Privacy Act 1988

 Australian Privacy Principles

 Aged care Act