Policy Statement
We respect the privacy of our clients, their families and carers and we will comply with the requirements of the Australian Privacy Principles as outlined in the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Commonwealth) the Privacy Amendment (Private Sector) Act 2000 (Commonwealth), Health Records Privacy and Access Act 1997 (ACT), and the Health Records and Information Privacy (HRIP) Act 2002 (NSW).
Responsibilities
All employees are responsible for implementing this policy. The Practice Manager will ensure that all employees have read and understand how to apply this policy in practice.
Collection of personal information
We will collect personal information in a lawful and fair way and will only collect personal information that is necessary to provide a service. We will always seek consent when collecting, using and retaining information or disclosing personal information (including assessments) to other parties, including details of the purpose of collection, use and disclosure.
We make every effort to ensure personal information that is collected is up-to-date.
Information will be collected:
- at a time convenient for the person
- in a way that respects a person’s culture, values and beliefs.
Consent
As part of the initial Service Agreement process, clients are asked to sign a Consent Form in relation to keeping records and sharing/releasing information. This consent is valid for the period of time you receive services from us. However, you may request (in writing) to change or cancel the consent at any time.
We will review your understanding of the consent from time to time and you have the right to receive external advice on this if you wish. If you give your consent orally, or by other means such as through a language or signed interpretation or use of an AAC device, an employee will note this in your records.
Our treatment of client information
When information is being collected directly from you, we will advise you
- why the information is sought
- that our records will be factual, objective and respectful
- that all information obtained will be kept confidential, and any breach of this policy by an employee will result in disciplinary action
- that you can access all information that we hold about you. For example, you may inspect your records/files, or request a photocopy or printout.
- of the consequences of giving or refusing consent. If we believe that refusal will cause harm to the client, we will explain any implications of the refusal.
- That records are archived and will eventually be destroyed.
Photos and videos
We will ensure that your consent is obtained before any photos or video footage are taken (you will be asked to sign a Permission to Use Photographs/Video Footage), or any video conference takes place. For video conferences, the employee organising the conference will inform you of who is participating and will introduce you to everyone involved. You may terminate the session at any time. The employee will make notes in your records about the video conference.
Sharing/exchanging client information
Your information is not shared with anyone without your written consent, unless we are required to by law. We will always seek your written consent before sharing your information with anyone outside Horizon Therapy Services or before requesting information about you from a third party.
Your file/records will not be released to you or your family/guardian unless written authority to release information is obtained.
By law, we are required to notify the NDIS Quality and Safeguards Commission of any reportable incident or allegation of which we become aware.
Exchanging information about children and young people
For clients residing in NSW – where there are concerns about a child’s or young person’s safety, welfare or wellbeing, we are authorised to share information without the consent of the child, young person or family member (Chapter 16A of the Children and Young Persons (Care and Protection) Act 1998).
For clients residing in the ACT – under ACT law, Horizon Therapy Services is classified as a child safety information sharing entity. Under this legislation, if a child safety information sharing entity is asked under section 863B (1) to provide reportable conduct information, and is satisfied on reasonable grounds that the information is relevant for the entity making the request (the requesting entity) to do or deal with something mentioned in section 863B (2), the requested entity must provide the information
Information storage and security
Electronic records are protected by restricting computer access through individual login and password and using access restrictions for client information systems so that employees see only the information relevant to their role.
Employees will ensure that your paper records are kept secure by:
- Locking filing cabinets and unattended storage areas
- Positioning computer screens, photocopiers and faxes so that they cannot be seen or
- accessed by unauthorised people or visitors
- Not leaving files on desks or anywhere they may be visible to unauthorised persons.
When an employee needs to take your file out of our premises, the employee will store it in a bag, and in the boot of their car. The file will not be left unattended, nor left in the boot of a parked car.
Adult clients’ paper records (including health information) are stored for 7 years from the date of the last service provided. Paper records relating to children under 18 years old at the date of their last service are kept until they turn 25 years old.
Records of clients who have died are kept for at least 7 years after the date of death.
After the above time periods, records are destroyed securely by the professional storage facility.
Information checking and correction
We make every effort to ensure that we record your information correctly, and we may check your information from time to time and update it as necessary.
If you disagree with any part of your records, we will work with you to resolve the matter. If it is about factual information (e.g. address) and the correction is agreed, your record will be updated. If you do not agree with an employee’s entry in your records, we will discuss this with you, and your comments or an agreed amendment (if an agreement is reached) will be noted in your file along with the original record.
External support available
When there are communication difficulties or there is concern about a person’s capacity to give consent, it may be appropriate to seek the help of an advocate, interpreter or guardian to help with the collection and sharing of client information.
Breaches of privacy and complaints
Any substantiated breaches of this policy by employees will be treated seriously and may result in disciplinary action. If you have any concerns about your privacy when receiving our services, please complete a complaints and feedback form so we can investigate and respond to your concerns.