Privacy Policy

Privacy and Confidentiality Policy

We are committed to maintaining the privacy and confidentiality of personal information (including health information) in accordance with the Privacy Act 1988 (COM), Information Privacy Act 2009 (QLD), the Australian Privacy Principles (APP), and the Privacy Amendment (Notifiable Data Breaches) Act 2017.

Privacy for consumers may relate to physical environment, possessions, physical needs, personal relationships, and personal information.

  • At the outset, our staff obtain consent to collect and hold consumer information. Staff provide to the consumer, or representative, information on the records we hold. Information provided includes the consumer’s ability to access their own personal information if they wish.
  • Staff do not access consumer files unless required to do so as part of their usual duties working with consumers.
  • Any consumer files held manually or electronically have restricted access to appropriate staff. Client records are not held in areas or on drives shared with staff or others who are not involved in providing service to the consumer.
  • All staff, when first employed, sign an information confidentiality statement about client information they may be exposed to during their tenure.
  • All staff commit to privacy and confidentiality for each consumer when they:
    a. provide care to a consumer
    b. provide privacy for the consumer within their home, room, or private areas
    c. discuss a consumer’s care and service requirements
    d. store a consumer’s personal information, whether this relates to medical needs or general information.

Background

In order to treat a consumer with dignity and respect, we respect their privacy. We ensure the behaviour and interactions of the workforce and others do not compromise consumer privacy. We respect each consumer’s right to privacy in how we collect, use, and communicate the consumer’s personal information.

Health information is one of the most sensitive types of personal information. It is essential that we respect a consumer’s right to privacy in how we collect, use, and communicate health information.

We manage all personal information according to law and best practice.

Applicability

  • all categories of employees
  • governing body
  • all volunteers
  • students on placement
  • contractors and consultants, whether or not they are employees
  • all other service providers

Consumer outcome

I am treated with dignity and respect and can maintain my identity. I can make informed choices about my care and services and live the life I choose.

Organisation statement

The organisation:

  • has a culture of inclusion and respect for consumers; and
  • supports consumers to exercise choice and independence; and
  • respects consumers’ privacy.

Documents relevant to this policy

  • Standard 1 – Requirement (3) (f) Each consumer’s privacy is respected and personal information kept confidential

Process Guidance

Outcome

The process below demonstrates that we respect the consumer’s privacy and keep their personal information confidential.

  1. Seek consumer permission
    • Permission is sought from consumers before entering their home, room, or private areas.
    • We provide privacy to each consumer for personal care activities e.g., bathing, toileting, dressing and personal/intimate relationships.
    • We make sure consumers have privacy when speaking with visitors and during phone conversations if the consumer or representative chooses.
    • Staff do not open or read consumer mail unless the consumer requests this or needs assistance.
    • All information relating to consumers is treated confidentially.
    • The consumers’ personal property is their own and staff and other consumers cannot use it unless invited to do so.
    • When confidential information about the consumer is shared, including their records, it is done in a way that maintains the consumer’s privacy and confidentiality.
    • Handovers are conducted between shifts in areas where information cannot be overheard by those who should not have access to it. This also applies to information given to health care professionals or representatives involved in the consumer’s care or services.
    • Any health care professionals who require access to the consumer’s electronic records or personal information must provide request in writing and be approved by the consumer or their representative.
    • Staff are educated about privacy and dignity, S.7.3.c. and 3.d.
  2. Collection and use of client information
    • The consumer’s documentation asks for consent to collect and share information with relevant professionals for the purposes of their care.
    • We collect personal information from the consumer only, unless they consent to collection from someone other than them, or it is unreasonable or impractical to do so.
    • We only seek the information about the consumer that is necessary to provide care and services.
    • The types and forms of personal information that we collect will depend on the consumers relationship with us, the nature of the service we are providing, and the legal obligations we may have.
    • Staff will not release consumer information to any third party without consumer consent. Any consumer information is released and/or accessible only to those with a legitimate interest or need as part of their care or service role.
    • Sometimes other personal information must be collected about the consumer’s families and social relationships, personal interests, skills, behaviour patterns and financial affairs, to provide services. We will clearly explain the purpose of this collection to the consumer or representative.
    • Staff do not proceed with client assessment, care coordination or planning processes without consumer consent. If the consumer cannot provide consent due to disability, medical condition, or other reason, they seek consent from their representative.
    • Documentation on all consumer file notes is written objectively, observing:
    o respect for the consumer’s feelings and dignity
    o the consumer’s right to request and have access to their own records
    o freedom of information and court requirements that may subpoena consumer files.
  3. Advise consumer of rights to access records
    • We inform consumers of their right to access their information and will remind them from time to time through service reviews.
    • Once created, consumer files cannot be deleted. A consumer may request an amendment to their record if they believe the information is incorrect and to ensure it is accurate, up to date, complete, relevant, and not misleading. If we refuse to correct the information, we will provide written notice to the consumer with reasons and how to submit a complaint about the refusal.
  4. Seek consent to use consumer images and audio/visual recordings
    • We obtain consent from consumers in relation to use of images or audio / visual recordings on admission.
  5. Advise consumers of right to complain of privacy breach
    • Consumers have the right to complain to us about a privacy breach. If you wish to make a complaint about our collection, use or disclosure of personal information, please contact our Privacy Officer in the first instance. The complaint is required to be made in writing, and we will deal directly with you to investigate your complaint and respond to you within a reasonable time (usually 48 working hours depending on the nature of the complaint).
    • If you are not satisfied with the outcome of your complaint, then you may make a complaint to the Office of the Australian Information Commissioner (OAIC). For information about how to make such a complaint, please refer to the OAIC (Ph. 1300 363 992 or www.oaic.gov.au).
  6. Disclosure of personal information to overseas recipients
    • When disclosing consumer information to people overseas who are not bound by Australian Privacy Principles, we will inform the consumer or representative that privacy / confidentiality cannot be assured, and they must provide specific consent for that disclosure.
  7. Information collected by our website
    • When you visit our website, we do not try to identify you or collect personal information. However, you might choose to provide your personal information when you complete an online form, make an enquiry, or leave feedback via the ‘contact’ or ‘leave feedback’ pages. Our websites take every precaution to protect personal information collected and measures are in place to protect the loss, misuse, and alteration of this information.
    • Our website may collect statistics about visits, such as how many people visit our sites, the user’s IP address, which pages people visit, the domains our visitors come from and which browsers they use. This information will not be used to identify you.
    • Cookies: Our website may collect ‘cookies’ when you access them. Cookies identify your IP address and browser type, but not your personal information. While cookies enable better website functionality, you can choose to reject them if you wish.
    • Third party links: Our website may contain links to other websites that are not ours. These sites are not subject to our Confidentiality and Privacy Policy, and we are not responsible for the content of these websites or the privacy practices of these sites.
    • Law enforcement: It is important to know that at times we may be obliged by law to allow law enforcement agencies and other government agencies with relevant authority, to inspect our IP logs.
  8. Marketing
    • We strive to continually improve and offer the best and most relevant services and support to consumers. When you become a resident of ours, or enquire about our services, we may use your personal information for direct marketing purposes, in accordance with the Act. This means from time to time we may contact you with marketing materials or invite you to events, either by mail, email, SMS, or telephone. Of course, you can request not to receive marketing communications at any time, and we will stop contacting you in this way.
  9. Privacy data breaches
    • If your personal information is lost, stolen or subject to unauthorised access or disclosure, Beaumont Care will follow its Incident Management Procedure and adhere to its obligations under the Privacy Act in relation to any required notifications to the Office of the Australian Information Commissioner and to those people whose personal information has been lost, stolen or subject to unauthorised access or disclosure.
  10. Security and retention of personal information
    • We store personal information safely and securely and we endeavour to protect any personal information that we hold from misuse and/or loss, and to protect it from unauthorised access, modification and/or disclosure.
    • Personal information is stored in a combination of electronic and paper formats. Hardcopy personal information is stored securely at our facilities. Security procedures in combination with physical and technological systems provide a robust security environment which restricts access to authorised personnel only.
    • All electronically stored personal information is secured through a range of mechanisms such as passwords. We ensure that it is only authorised people working for Beaumont Care that has security access to personal information.
    • We only keep personal information for as long as it is required either for our business purposes or by law. When information we hold is identified as no longer needed for any purpose, we ensure it is effectively and securely destroyed.
  11. Exclusions
    • If a significant threat to consumer or staff safety affects the consumer’s right to privacy and confidentiality, staff safety will prevail.
    • We will not provide access to consumer records if:
    o there is a serious threat to the life, health, or safety of any individual or public health and safety
    o it would unreasonably infringe the privacy of other individuals
    o the information relates to legal proceedings or is in some way illegal or unlawful.
  12. Contact us
    • To request access to or correction of your personal information, or to make a privacy complaint, please contact:
    The Privacy Officer, Beaumont Care
    10 Springdale Street, Rothwell, Qld 4022
    Email: privacy@beaumontcare.com.au

Suggested Evidence

  • Tools and resources used
  • Results of consumer feedback

Relevant Legislation

  • Aged Care Act 1997
  • Privacy Act 1988 – Part III, Division 2 Australian Privacy Principles
  • Notifiable Data Breaches Scheme

References

  • Australian Law Reform Commission – Resources for health service providers

September 2021