Get in Touch
Book respite tour day Get in Touch
Book respite tour day Get in Touch

Privacy and Confidentiality Policy

Policy

Community Care Tasmania will use all reasonable efforts to protect the privacy of individuals’ personal information and to comply with the obligations imposed by the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APP), the Aged Care Act and the Aged Care Principles and the Tasmania Personal Information Protection Act 2004.

Collection of personal information is in accordance with the relevant act and legislation.

In meeting our obligations with respect to the privacy of individuals, we will acknowledge that people with vision or hearing impairments and those of culturally and linguistically diverse background may require special consideration.

Purpose

The purpose of this policy and procedure is to:

1. ensure personal information is managed in an open, respectful and transparent way;

2. protect the privacy of personal information including health information of clients, participants and staff;

3. provide for the fair collection and handling of personal information;

4. ensure that personal information is collected, used and disclosed for relevant purposes only;

5. regulate the access to and correction of personal information; and ensure the confidentiality of personal information through appropriate storage and security.

Collection of Personal Information

Community Care TASMANIA will only collect personal information about an individual when the information is necessary for one or more of our functions as an aged care provider and/or employer where the collection of the personal information is necessary to:

1. comply with the provisions of state or commonwealth law;

2. provide data to government agencies as required by state or commonwealth law;

3. determine eligibility to funding and entitlements under state or commonwealth law;

4. provide appropriate services and care to our participants, clients and staff;

5. enable contact with a nominated person regarding an individual’s health status; and

6. lawfully liaise with a nominated representative and to contact family/representatives if requested or needed;

7. the collection of information is a requirement for staff’s employment activities.

Sensitive Information

We will only collect sensitive information (including health information) where the information is reasonably necessary for or directly related to one or more of our functions and:

1. the individual has consented to the collection of this information; or

2. the collection of the information is required to be authorised by or under an Australian law or a court/tribunal order; or

3. a permitted general situation exists to the collection of the information; or

4. a permitted health situation exists in relation to the collection of the information; or

5. the collection of information is a requirement for staff employment and/or business activities; or

6. as a non-profit organisation and:

1. the information relates to our activities; and

2. the information relates only to the members of the organisation, or to individuals who have regular contact with us and our activities.

Methods of Collection

We may collect the information by telephone, fax, in person, in writing, online or electronically by email. If an individual chooses not to provide us with the personal information required we may not be able to provide them with the required care and services or employment support.

Personal information and sensitive information (including health information), may be collected:

1. from a client, participant or employee;

2. from any individual or organisation that assesses health status or care requirements, for example the Aged Care Assessment Team;

3. from the health practitioner of a client or participant

4. from other health providers or facilities;

5. from family members, significant person/s or nominated representative of a client or participant; and

6. from a legal advisor of a client or participant.

At the time of onboarding a client or participant and/or their representative should identify and advise Community Care TASMANIA of any parties from whom they do not wish personal information accessed by or to whom they do not wish personal information provided too. This information will be stored on the client or resident file and compliant in accordance with the relevant act and legislation.

Unsolicited Information

If we receive personal information from an individual that we have not solicited and we could not have obtained the information by lawful means, we will destroy or de-identify the information as soon as practicable and in accordance with the law.

Staff Records

We must keep a record for individuals that are employed by Community Care TASMANIA (staff) this includes:

1. the engagement, training, disciplining or resignation of the employee;

2. the termination of the employment of the employee;

3. the terms and conditions of employment of the employee;

4. the employee’s personal and emergency contact details;

5. the employee’s performance or conduct;

6. the employee’s hours of employment;

7. the employee’s salary or wages;

8. the employee’s membership of a professional or trade association;

9. the employee’s trade union membership;

10. the employee’s recreation, long service, sick, personal, maternity, paternity or other leave;

11. the employee’s taxation, banking or superannuation affairs; and

The information we request from staff is relevant to their employment with Community care TASMANIA and is collected and maintained in accordance with the Privacy Act.

Notification

When personal information is collected from an individual, we will take all reasonable steps to ensure that they are notified or made aware of:

1. our identity and contact details;

2. the purpose for which we are collecting personal information;

3. the identity of other entities or persons to whom we usually disclose personal information to;

4. that our privacy policy contains information about how the individual may complain about a breach of the APPs and how we will deal with a complaint;

5. if we are likely to disclose personal information to overseas recipients and if so, the countries in which such recipients are likely to be located and if practicable, to specify those countries.

Use and Disclosure of Information

Permitted disclosure

Community Care TASMANIA will not use or disclose personal information for a purpose other than the primary purpose of collection, unless:

1. the secondary purpose is related to the primary purpose (and if sensitive information is directly related) and the individual would reasonably expect disclosure of the information for the secondary purpose;

2. the individual has consented;

3. the information is health information and the collection, use or disclosure is necessary for research, the compilation or analysis of statistics, relevant to public health or public safety, it is impractical to obtain consent, the use or disclosure is conducted within the privacy principles and guidelines and we reasonably believe that the recipient will not disclose the Health Information;

4. we believe on reasonable grounds that the disclosure is necessary to prevent or lessen a serious and imminent threat to an individual’s life, health or safety or a serious threat to public health or public safety;

5. we have reason to suspect unlawful activity and use or disclose the personal information as part of our investigation of the matter or in reporting our concerns to relevant persons or authorities;

6. we reasonably believe that the use or disclosure is reasonably necessary to allow an enforcement body to enforce laws, protect the public revenue, prevent seriously improper conduct or prepare or conduct legal proceedings; or

7. the use or disclosure is otherwise required or authorised by law.

If we receive personal information from an individual that we have not solicited, we will, if it is lawful and reasonable to do so, destroy or de-identify the information as soon as practicable.

Cross border disclosure

We will not disclose an individual’s personal information to an overseas recipient. If we do, we will take all steps that are reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles, unless:

1. the overseas recipient is subject to laws similar to the Australian Privacy Principles and the individual has mechanisms to take action against the overseas recipient;

2. we reasonably believe the disclosure is necessary or authorised by Australian Law; or

3. the individual has provided express consent to the disclosure.

Disclosure of Health Information

We may disclose health information about an individual to a person who is responsible for the individual if:

1. the individual is incapable of giving consent or communicating consent;

2. the manager is satisfied that either the disclosure is necessary to provide appropriate care or treatment or is made for compassionate reasons or is necessary for the purposes of undertaking a quality review of our services (and the disclosure is limited to the extent reasonable and necessary for this purpose); and

3. the disclosure is not contrary to any wish previously expressed by the individual of which the manager is aware, or of which the manager could reasonably be expected to be aware and the disclosure is limited to the extent reasonable and necessary for providing care or treatment.

4. A person responsible is a parent, a child or sibling, a spouse, a relative, a member of the individual’s household, a guardian, an enduring power of attorney, a person who has an established personal relationship with the individual, or a person nominated by the individual to be contacted in case of emergency, provided they are at least 18 years of age.


Access

Requesting access

Requests for access to information can be made verbally or in writing and addressed to the Chief Operating Officer. An individual’s identity should be established prior to allowing access to the requested information. Community Care TASMANIA will respond to each request within a reasonable time. For employees, a request should be made to the Chief Operating Officer in writing.

All individuals reserve the right to request that Community Care TASMANIA provides you with access to the personal information held about you (and we shall make all reasonable attempts to grant that access) unless providing access:

1. is frivolous or vexatious;

2. poses a serious threat to the life or health of any individual;

3. unreasonably impacts upon the privacy of other individuals;

4. jeopardises existing or anticipated legal proceedings;

5. prejudices negotiations between the individual and us;

6. be unlawful or would be likely to prejudice an investigation of possible unlawful activity;

7. an enforcement body performing a lawful security function asks us not to provide access to the information; or

8. enabling access would reveal information we hold about a commercially sensitive decision making process.

Granting access

On request (and after determining an individual’s right to access the information) Community Care TASMANIA should provide access to personal information.

Declining access

If Community Care TASMANIA is unsatisfied with the individual’s identity or access requested from an unauthorised party, we can decline providing access to the information. Community Care TASMANIA may also decline access where the request does not meet legislation/act requirement and will provide the reasons for declining access to the requested information in writing.

Updating and Correcting Personal Information

Community Care TASMANIA aims to ensure that the personal information we collect is accurate, complete and up-to-date to support our activities. If an individual believes that the information we hold is incomplete, out of date, misleading or needs correcting, we will take reasonable steps to correct the information. The individual may be required to provide proof of identification and subject to a formal request, the personal information is to be corrected.

If Community Care TASMANIA declines to correct the personal information, we will provide the individual written notice that sets out:

1. the reasons for the refusal,

2. the mechanisms available to complain about the refusal; and

3. any other matter prescribed by the regulations.

Direct Marketing

Personal Information

Community Care TASMANIA will not use or disclose personal information about an individual for the purposes of direct marketing, unless the information is collected directly from the individual and:

1. you would reasonably expect Community Care TASMANIA to use or disclose your personal information for the purpose of direct marketing; and

2. we have provided the individual with a mechanism to ‘opt-out’ and they have not opted out.

Sensitive Information

Community Care TASMANIA will not use or disclose sensitive information about an individual for the purposes of direct marketing, unless the individual has consented to the information being used for direct marketing.

An individual’s rights in relation to direct marketing activities

If we use information for the purposes of direct marketing the individual may:

1. ask us not to provide direct marketing communications to us

2. ask us not to disclose or use the information

3. ask us to provide the source of the information.

Personal Information Security

We are committed to keeping secure the personal information you provide to us. We will take all reasonable steps to ensure the personal information we hold is protected from misuse, interference, loss, from unauthorised access, modification or disclosure.

Information of a Client or Participant

1. We must keep the records of a client or participant in a secure storage area.

2. The records required to provide care to clients/participants will only be accessed by the staff member and approved authorised parties.

3. Records of previous clients and participants and earlier unused volumes of current clients or participants are archived and stored in a locked service away from general use.

4. Only health professionals attending to the care of a client or participant are permitted access to information of the client or participant. All records shall only be used for the purpose it was intended.

5. A client or participant, or their representatives shall be provided access to records as requested and after consultation with the Manager or Chief Operating Officer. At these times, a qualified staff member is to remain with a client or participant or representative to facilitate the answering of any questions raised.

6. Details of a client or participant are not to be provided over the phone, unless the staff member is sure of the person making the inquiry. If in doubt, consult a manager.

7. No staff shall make any statement about the condition or treatment of a client or participant to any person not involved in the care except to the immediate family or representative of the client or participant and then only after consultation with the relevant Manager or Executive.

8. All staff must be discrete with their comments at all times, protecting and respecting the privacy, dignity and confidentiality of all clients and participants.

9. Handovers shall be conducted in a private and confidential manner.

Security measures

Our security measures include, but are not limited to:

1. training our staff on their obligations with respect to your personal information;

2. client and participant files locked in a secure storage area;

3. use of passwords when accessing our data storage system; and

4. the use of firewalls and virus scanning tools to protect against unauthorised interference and access.

Information of Staff

1. Community Care TASMANIA must keep the records of staff in a secure storage area.

2. Records of staff shall be archived on exiting the business.

3. Only the People and Culture department or the staff member’s direct Manager shall have access to staff information.

4. A staff member shall be provided access to records as requested and after consultation with People and Culture. A People and Culture member will remain with the staff member to provide access and facilitate the answering of any questions raised in relation to the personnel file.

Contractors working on our behalf are required to:

1. comply with the Australian Privacy Principles;

2. have up-to-date virus protection software and firewalls installed on any device used to access documents containing Personal Information;

3. notify us of any actual or potential breaches of security;

4. indemnify us in relation to any loss suffered by a breach.

We will, as soon as practicable and in accordance with the law, destroy or de-identify any personal information that is no longer required for our functions.

Grievance Procedure

How to make a complaint

If you wish to make a complaint about the way we have managed your personal information you may make that complaint verbally or in writing by setting out the details of your complaint to one of the following:

· Chief Operating Officer – jodie.waller@cct.org.au or PO Box 977 Launceston Tas 7250

· Quality, Risk and Compliance Manager – tracey.harvey@cct.org.au or PO Box 977 Launceston Tas 7250

How we will deal with your complaint

· The complaint will be investigated by Community Care TASMANIA in accordance with our internal procedures and processes.

· The complainant may be invited to participate in a conference by the staff member conducting the investigation. At the discretion of the relevant Executive other interested parties may also be invited to participate in the conference to discuss the nature of the complaint and attempt to resolve it. This may include the presence or participation of a support person or advocate for the complainant.

· The complainant will receive a formal response to their complaint within a reasonable timeframe after completion of any investigation by Community Care TASMANIA. This response will be in writing and will include the outcome of the investigation, any proposed action and details of the right to lodge a complaint with any relevant external organisations.

Legislation and Relevant Forms

· Privacy Act 1988 (Cth) (Privacy Act)

· Right to Information Act 2009

· Commonwealth Privacy Act 1988 9Cth)

· The Australian Privacy Principles (APP)

· The Aged Care Act 2024

· Tasmania Personal Information Protection Act 2004.

· ICCPR (right to privacy)

  • Convention on the Rights of Persons with Disabilities (CRPD)
  • NDIS Practice Standards

· Quality Standards

· Privacy Collection Statement

· 410(a) – Authorisation for Release of Personal Information