- PURPOSE AND SCOPE
To ensure that management of clients’ personal information meets all relevant legislative and regulatory requirements.
This policy and procedure applies to current and potential clients, their carers and family members.
2. DEFINITIONS
Personal information – Recorded information (including images) or opinion, whether true or not, from which the identity (including those up to thirty years deceased) could be reasonably ascertained.
Sensitive information – Information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political party, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preference or practices, or criminal record. This is also considered to be personal information.
Health information – Any information or an opinion about the physical, mental or psychological health or ability (at any time) of an individual.
Information Privacy – refers to the control of the collection, use, disclosure and disposal of information and the individual’s right to control how their personal information is handled.
3. POLICY
Beyond Plan Managers is committed to the transparent management of personal and health information about its clients and staff.
This commitment includes protecting the privacy of personal information, in accordance with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cwlth) amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cwlth).
4. PROCEDURE
Personal information
Personal information may include:
- name,
- date of birth,
- gender,
- current and previous addresses,
- residency status,
- telephone numbers and e-mail addresses,
- bank account details,
- tax file number,
- driver’s licence number,
- Centrelink information,
- photographs,
- race or ethnicity, and
- medical history or information provided by a health service.
In collecting personal information, Beyond Plan Managers will inform the client:
- that information is being collected.
- of the purposes for collecting information.
- of who will have access to the information.
- of the right to seek access to, and/or correct, the information.
- of the right to make complaint or appeal decisions about https://youtu.be/OXy0VJVHYuw the handling of their information; and
- that information may be shared without consent under certain circumstances (See Information Sharing Guidelines Appendix).
Clients are to be provided with the Client Consent Form at the time of commencing service with Beyond Plan Managers. This form is to be:
- signed and placed in the client’s file.
- held securely with access limited to staff members in the performance of their role.
Consent
Consent must be voluntary, informed, specific and current.
Voluntary consent: A person must be free to exercise genuine choice about whether to give or withhold consent. This means they haven’t been pressured or coerced into making a decision, and they have all the information they need in a format they understand. Voluntary consent requires that the person is not affected by medications, other drugs or alcohol when making the decision.
Informed consent: A person’s capacity to make decisions will vary depending on the type of decision or its complexity, or how the person is feeling on the day. The way information is provided to a person will also affect his or her capacity to make decisions. Choices must be offered in a way that the person understands, for example by using images or signing.
Support, where required, must be provided for the person to communicate their consent.
Specific consent: Consent must be sought for a specific purpose and this purpose must be understood by the client.
Current consent: Consent cannot be assumed to remain the same indefinitely, or as the person’s circumstances change. People and guardians are entitled to change their minds and revoke consent any time.
Collection, use and storage of personal information.
Beyond Plan Managers collects information:
- directly from clients orally or in writing.
- from third parties, such as medical practitioners, government agencies, client representatives, carer/s, and other health service providers.
- from client referrals; and
- from publicly available sources of information.
Beyond Plan Managers will collect sensitive information:
- only with client consent, unless an exemption applies: e.g., the collection is required by law, court/tribunal order or is necessary to prevent or lessen a serious and imminent threat to life or health;
- fairly, lawfully, and non-intrusively.
- directly from client, if doing so is reasonable and practicable.
- only where deemed necessary to support
- service delivery to clients.
- staff activities and functions; and
- giving the client the option of interacting anonymity, if lawful and practicable.
Client information is used to:
- assess and provide services.
- administer and manage those services.
- evaluate and improve those services.
- contribute to research.
- contact family, carers, or other third parties if required; and
- meet our obligations under the NDIS.
Beyond Plan Managers takes all reasonable steps to protect personal information against loss, interference, misuse, unauthorised access, modification, or disclosure. Beyond Plan Managers will destroy, or permanently de-identify personal information that is
- no longer needed.
- unsolicited and could not have been obtained directly; or
- not required to be retained by, or under, an Australian law or a court/tribunal order.
Beyond Plan Managers has appropriate security measures in place to protect stored electronic and hard-copy materials. Beyond Plan Managers has an archiving process for client files which ensures files are securely and confidentially stored and destroyed in due course.
Should a breach in privacy occur, potentially exposing client information (e.g., computer system hacked, laptop stolen etc.) the Managing Director will immediately act to rectify the breach in accordance with organisational policy and processes.
Updating Client Information
To ensure that client information is accurate, complete, current, relevant and not misleading, Beyond Plan Managers checks personal details and updates client files accordingly:
- whenever reviewing a client’s service; and / or
- upon being informed of changes or inaccuracies by clients or other stakeholders
There will be no charge for any correction of personal information.
Where Beyond Plan Managers has previously disclosed client personal information to other parties, should the client request us to notify these parties of any change to their details, we must take reasonable steps to do so.
Disclosing information
See the Information Sharing Guidelines Appendix
Accessing personal information
Clients can request and be granted access to their personal information, subject to exceptions allowed by law.
Requests to access personal information must state:
- the information to be accessed.
- the preferred means of accessing the information,
and should be forwarded either verbally, or in writing to:
duy@beyondplanmanagers.com.au or thien@beyondplanmanagers.com.au
The Managing Director will assess the request to access information, taking into consideration current issues that may exist with the client, and whether these issues relate to any lawful exceptions to granting access to personal information.
Should the Managing Director decide that access to personal information will be denied, they must, within 30 days of receipt of the request, inform the client in writing of:
- the reasons for denying access and
- the mechanisms available to complain or appeal.
Should access be granted, the Managing Director will contact the client within 30 days of receipt of the request to arrange access to their personal information.
Should Beyond Plan Managers be unable to provide the information in the means requested, the Managing Director will discuss with the client alternative means of accessing their personal information.
Reasonable charges and fees, incurred by Beyond Plan Managers in providing the data as requested, may be passed on to the client.
Complaints
Questions or concerns about Beyond Plan Managers privacy practices should be brought, in the first instance, to the Managing Director’s attention.
Clients may directly email the Managing Director at duy@beyondplanmanagers.com.au
In investigating the complaint Beyond Plan Managers may, where necessary, contact the client making the complaint to obtain more information.
The client will be advised either in writing, or in a face-to-face meeting, of the outcomes and actions arising from the investigation.
If concerns cannot be resolved and the staff member wishes to formally complain about how their personal information is managed, or if they believe Beyond Plan Managers has breached an APP and/or IPP, they may take their concerns to the Office of the Australian Information Commissioner:
- complete a privacy complaint form online at https://forms.business.gov.au/smartforms/landing.htm?formCode=APC_PC
- send their concerns in writing to:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney
NSW 2001
- use the form or guidelines available at https://www.oaic.gov.au/individuals/how-do-i-make-a-privacy-complaint
- or pursue the matter by the following means:
Fax: +61 2 9284 9666
Email: enquiries@oaic.gov.au
Enquiries and Assistance: 1300 363 992
Complaints to the NDIS Commission can be lodged via:
Any complaint about services delivered under the NDIS may be brought to the NDIS Quality and Safeguards Commission.
- web: https://www.ndiscommission.gov.au/
- email: feedback@ndis.gov.au
- phone: 1800 035 544 (free call from landlines) or TTY 133 677.
Interpreters can be arranged.
End of policy document. Uncontrolled when printed.
Home 