The purpose of this document is to outline how we comply with our privacy obligations as required under the Privacy Act 1988 and, in particular, the National Privacy Principles set out in that Act.
As an organisation, one of our principal concerns is the health and welfare of our clients. A high level of trust and confidentiality is required to ensure the confidence of the clients we service. We aim to ensure that:
- your privacy will be protected when accessing our services or visiting our premises;
- the personal information collected about you and retained in our records is correct and up-to-date; and
- you can access your personal information for review on request.
Collection, use and disclosure of personal information
We recognise that the personal information we collect is often of a highly sensitive nature. We have adopted the highest privacy compliance standards to ensure such information is protected.
We may collect personal information (including sensitive and health information) regarding patients for the purpose of providing health services and treatment, and other social and community support services to our clients. Personal information collected may generally include:
- your name, address, telephone number and Medicare, DVA number or other social security number, if required;
- current treatments and drugs used by you, if necessary, for the services we provide to you;
- previous and current medical history, if directly relevant to the services we provide to you, including any relevant family medical history;
- the name of any health service provider, medical specialist, government agency or other organisation to whom we may need to refer you, including in reports or other information provided by these organisations or agencies;
- details of your racial or ethnic origin, membership of any trade associations, sexual preferences or practices and criminal record, but only if strictly necessary to enable us to provide the support and advocacy services you need.
We may collect personal information about you:
- directly from you;
- from some other person, organisation or agency on your behalf with your consent; or
- from a health service provider who refers you to us or to whom we refer you from time to time.
Where we collect personal information about you from another person, we will take reasonable steps to ensure you are aware of the reason why the information is being collected, how it will be used, and the names of any organisations or agencies to which we might disclose the information.
Personal information collected by us may be used or disclosed:
- for the primary purposes we advise you of at the time of collection of the information by us;
- as required for delivery of health and/or community and social support and advocacy services to you;
- as required to refer you to a health service provider or specialist, if necessary, or to advocate on your behalf with government agencies and organisations to obtain other support services and benefits for you;
- as required or authorised by law;
- where there is a serious and imminent threat to an your life, health, or safety or a serious threat to public health or public safety; or
- for secondary purposes which are directly related to the primary purpose of collection of the personal information such as for quality assurance, staff training and as may be required by our insurers.
If you do not provide the personal information requested, we may not be able to provide you with the health, social and community support and advocacy services needed to assist you. You may also not receive assistance and services from other agencies and organisations to which you may otherwise be entitled.
We do not use or disclose personal information about you for direct marketing purposes.
Other people’s information which you provide to us
If you provide personal information to us about someone else (such as a family member, close friend, personal carer or medical service provider) you must ensure that you are entitled to disclose that personal information to us.
You should take reasonable steps to ensure that the individual concerned is aware of the various matters detailed in this policy, including our identity, how to contact us, our purposes for collecting the information, our information disclosure practices, the individual’s right to obtain access to the information and to have it corrected, and the consequences for the individual if the information is not provided.
Security and storage of personal information
We will use all reasonable endeavours to ensure that health information about you is protected from misuse, loss, and unauthorised access, modification or disclosure, other than in accordance with this policy or the Privacy Act 1988.
Your personal information may be stored either in hard copy or electronic form in our files and/or IT systems.
We keep health information for a minimum of 7 years from the date of last entry in our records (unless the patient was a child in which case the record must be kept until the patient attains or would have attained 25 years of age). This is because we may be required to maintain such records under some laws.
We take extra precautions to ensure the security of health and sensitive information held in our records due to the sensitive nature of the information collected by us to provide our services.
Gaining access to information we hold about you
We will, on request, provide you with access to the personal information we hold about you unless there is an exception which applies under the Privacy Act 1988, such as where we have a legal duty not to disclose the information or where it may be harmful to you to do so.
Your request to obtain access to your information will be dealt with in a reasonable time. We may recover from you our reasonable costs of providing you with access.
If we refuse to provide you with access to the information, we will provide you with reasons for the refusal and inform you of any exceptions relied on under the Privacy Act 1988.
Keeping your personal information up to date
We take reasonable steps to ensure your personal information is accurate, complete and up to date whenever we collect or use it.
If you think any of the personal information we hold about you is inaccurate, incomplete or out of date, please contact us and, if we agree, we will take reasonable steps to correct the information or, if necessary, discuss alternative options that may be available to you.
Internet site privacy policies
We may collect contact information (such as e-mail addresses) for you and other individuals via our internet site.
Unless you object, by using our internet site you consent to us using your personal information collected:
- to monitor who is accessing the internet site or using services offered on the internet site; and
- to profile the type of people accessing the internet site.
We utilise “cookies” which enable us to monitor traffic patterns and to serve you more efficiently if you revisit the site. A cookie does not identify you personally but it does identify your computer. You can set your browser to notify you when you receive a cookie and this will provide you with an opportunity to either accept or reject it in each instance.
We may preserve the content of any e-mail you send us if we believe we have a legal requirement to do so or are otherwise permitted to do so under the Privacy Act.
By using our internet site you consent to your e-mail message content being monitored by us for trouble-shooting or maintenance purposes or if any form of e-mail abuse is suspected.
Personal information which we collect may be aggregated for analysis but in such circumstances we would ensure that individuals remain anonymous.
How to contact us
If you wish to complain to us about a breach of your privacy, access your own personal information held by us, correct any information held by us concerning your own personal information or find out more about how we deal with personal information, please contact:
The Privacy Officer
PO Box 178
Holland Park QLD 4121
We will respond to your enquiry as soon as possible.