Bellevue Care Centre
Bellevue Care Centre
ENQUIRE NOW

Privacy Policy – Information Management

Open and honest

Managing your information

Bellevue Care Centre is committed to ensuring this policy informs and governs the manner in which it collects, uses and manages personal information.

PURPOSE

To ensure the collection, use and management of personal information is done in accordance with the Australian Privacy Principles as contained in the Privacy Act 1988 and the Aged Care Act 1997.

SCOPE

This policy pertains to all directors, owners, employees, subcontractors and volunteers affiliated with Bellevue Care Centre.

 Procedure

 

1                 Introduction / background

This policy is to inform and govern the manner in which the Provider (we, us or our) collect, use and manage personal information in accordance with the Australian Privacy Principles as contained in the Privacy Act 1999 (Cth) (Privacy Act) and the Aged Care Act 1997 (Cth) (Aged Care Act).

All Workers must comply with this policy and procedure.

This policy may be varied from time to time. A current version of the policy is available at www.bellcare.biz

 

2                 Legislative / compliance obligations

2.1             Our legislative obligations are principally set out under:

(a)              the Aged Care Act 1997 (Cth), including the Aged Care Principles;

(b)              the Privacy Act 1988 (Cth), including the Australian Privacy Principles;

(c)              the Aged Care Quality Standards made under the Quality of Care Principles 2014 (Cth).

2.2             This policy is particularly relevant to the following requirements of the Aged Care Quality Standards:

(a)              Standard 1 Consumer dignity and choice: Requirement (3)(f);

(b)              Standard 2 Ongoing assessment and planning with consumers: Requirements (3)(c) and (d);

(c)              Standard 3 Personal care and clinical care: Requirement (3)(e);

(d)              Standard 4 Services and supports for daily living: Requirements (3)(d) and (e);

(e)              Standard 8 Organisational governance: Requirement (3)(c)

 

3                 What is Personal Information and Sensitive Information?

Personal Information means information or an opinion about an identified individual (or an individual who is reasonably identifiable), whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.

Personal Information can include Sensitive Information.

Sensitive Information means information or an opinion about health and related information, including about a person’s physical, mental health, general and specific conditions and illnesses, safety and personal management issues, and a person’s race, ethnic origin, political opinions, membership of political associations and trade associations, religious or philosophical beliefs, sexual orientation or practices, criminal record, genetic information about an individual that is not otherwise health information, biometric information that is used for the purpose of automated biometric verification or biometric identification and biometric templates.

Due to the nature of the services we provide, the Personal Information which may be collected, used, and managed by us, may include Sensitive Information.

 

4                 What kinds of Personal Information is collected and held by us?

Examples of the kinds of Personal Information that may be collected by us include:

(a)               a person’s name;

(b)              a person’s residential address, postal address, email address, telephone number, and other contact details;

(c)              a person’s employer and/or place of business;

(d)              a consumer’s health and medical information, including information about the person’s physical and mental health and emergency contact(s); and

(e)              surveillance and security footage and material

 

5                 How do we collect and hold Personal Information?

We collect Personal Information from:

(a)              individuals directly (including consumers);

(b)              health care professionals and service providers in the course of them providing health services;

(c)              our suppliers and contractors;

(d)              entities related to us; and

(e)              the use of CCTV cameras and other security technologies

We need to collect Personal Information to enable us to provide consumers with goods, care or services. Consumers are entitled to not provide Personal Information to us, however if certain information is withheld, this may result in us being unable to provide care or services to the consumer.

If you provide us with Sensitive Information about other individuals, such as Health Information, please ensure that the individual or the individual’s representative is aware of the disclosure and they consent to the disclosure to us as well as to the handling of their personal information in accordance with this policy.

 

6                 How do we deal with Personal Information?

In general, we will collect, hold, use, and disclose Personal Information about a person that is reasonably necessary for one or more of the following functions, activities or purposes:

(a)              to provide care and/or support to consumers;

(b)              to determine a consumer’s eligibility to entitlements and services;

(c)              to respond to requests and inquiries;

(d)              to contact individuals, via email, regular mail, telephone or otherwise;

(e)              to provide you with information that we believe may be of interest to you;

(f)               for direct marketing and business development (if you would not like to receive marketing material you can notify us to remove your name from the mailing list);

(g)              to develop and improve programs, products, services and content;

(h)              to protect our rights and property;

(i)               for security and occupational health and safety purposes;

(j)               to investigate or report suspected unlawful activity;

(k)              to protect someone’s life, health, safety or welfare;

(l)               to comply with a law or regulation, a court order or another legal process;

(m)            for current/prospective employees/volunteers:

             (i)               to enable us to properly assess the quality of applications for employment/volunteer positions applied for; and

             (ii)              to conduct referee checks

We will not use or disclose your Sensitive Information for direct marketing purposes, unless you have provided your consent.

 

7                 Disclosure to other parties

We may disclose Personal Information to:

(a)              our related entities;

(b)              contractors we use to support our business (including IT support and other IT services, delivery services and financial institutions);

(c)              our suppliers;

(d)              our lawyers, accountants and other business advisers;

(e)              health care professionals and health service providers;

(f)               government health agencies such as the Aged Care Quality and Safety Commission, the Department of Health and Services Australia/Medicare;

(g)              private health care insurers and providers;

(h)              law enforcement officers, regulators, courts and government agencies – if required by law or regulation, court order or other legal process, or in order to protect our rights, property, or if necessary to prevent a threat to any person’s life, health or safety

 

8                 Data integrity and security

We take reasonable steps to protect Personal Information we hold from misuse, interference and loss, as well as unauthorised access, modification or disclosure.

Our data is securely stored in Australia and is not stored or transferred outside of Australia.

When we no longer need Personal Information for any purpose for which the information may be used or disclosed under the Australian Privacy Principles, we take reasonable steps to destroy the information or ensure that it is de-identified, except if the information is part of a Commonwealth record or we are required by law or a court or tribunal order to retain the Personal Information.

 

9                 Access and correction

We take reasonable steps to ensure that the Personal Information that we collect, use and disclose is accurate, up-to-date and complete.

Individuals have a right to request access to their Personal Information and to request its correction. To do so, please contact us on the details below.

We do not impose a charge for making a request for access, however we may charge for reasonable administrative costs incurred in providing access.

If the individual believes the Personal Information held about them is inaccurate, incomplete or not up to date, the individual may request amendment.

Before correcting or providing access to Personal Information in response to a request, we will require your identity to be confirmed.

 

10              Notifiable data breaches

We will notify individuals and the OAIC about any data breach that is likely to result in serious harm to them.  There are exceptions where notification is not required, for example where we have already taken appropriate remedial action that removes the risk of serious harm to any individuals.

 

11              Complaints

If you wish to make a complaint about our management of your Personal Information, we ask that you do so by contacting us on the following details:

Address: Bellevue Care Centre – Complaints, 53 Linkwood Drive, Ferny Hills Qld 4055
Phone: (07) 3550 5999
Email:
info@bellcare.biz

You may complain to the OAIC on the following details:

Address: Australian Information Commissioner, GPO Box 5218 Sydney NSW 2001
Telephone:  1300 363 992
Fax: +61 2 9284 9666
Web:
https://www.oaic.gov.au/privacy/privacy-complaints 

  

Process

Process description

 

 

Descriptor/action required

Accountability

Reference documents / systems / third party providers

General rules for our Workers in managing Personal Information

 

 

Workers managing Personal Information of a consumer:

At all times Workers must be diligent and when dealing with consumers’ information to ensure that the information is kept safe and secure. The following are some general rules for all Workers to comply with when managing information of consumers:

1                  Workers must ensure that all physical records of consumers are kept in a secure storage area, which cannot be            accessed by anyone unauthorised.
2                 The service must keep all electronic records secure by ensuring that access to electronic records is only granted through a secure password protected electronic system. Workers must ensure that they keep their password or access details confidential and update their password frequently.
3                 Records of consumers who have exited the service will be archived in a secure storage area.
4                 All Workers must ensure that consumers’ records are only used for the purpose of providing care and services to consumers and not for any other purpose.
5                 Details of a consumer are not to be provided over the phone, unless the Worker is sure that the person receiving the information is entitled to it.  If in doubt, consult the Residential Services Manager.
6                 All Workers must be discreet with their communications about consumers and the care and services provided to consumers at all times, protecting and respecting the privacy, dignity and confidentiality of all consumers.
7                 Handovers will be conducted in a private and confidential manner.

All Workers

 

Residential Services Manager

Privacy policy

Security measures:

Our security measures include, but are not limited to:

1                 training our Workers on their obligations to manage Personal Information;

2                 requiring the use of strong passwords when accessing our data storage system;

3                 firewalls and virus scanning tools;

4                 taking reasonable steps to ensure relevant contractors and volunteers comply with the APPs;

5                 as soon as practicable securely achieve any consumers Personal Information once they leave the service; and

6                 as soon as practicable and in accordance with the law, destroy or de-identify any Personal Information that is no longer required

All Workers

Privacy policy

Process for all Workers to follow when an individual has requested access or correction to their Personal Information

 

 

Establishing identity for access or correction:

1                 Where someone has made a request for access or correction of Personal Information, this request must be escalated to the Privacy Officer within 24 hours.

2                 The identity and legal authority of a person seeking access to the Personal Information must be confirmed by the Privacy Officer before granting any access.

3                 Identification confirmation should be required, unless the identity of the person has already been confirmed under other process, e.g. the request is made by facility consumer at the service.

4                 Access should not be granted if there is inadequate evidence of the person’s identity, or the person is not authorised to gain access to such information.

All Workers

 

Privacy Officer (Care Manager)

Privacy policy

Considering, granting or declining access:

After receiving a request to grant access to Personal Information held, the Privacy Officer must undertake reasonable endeavours to grant such access and this should be provided within a reasonable time, unless:

1                 the request is frivolous or vexatious;

2                 providing access:

            (a)              poses a serious threat to the life or health of any individual;

            (b)              unreasonably impacts upon the privacy of individuals;

            (c)              jeopardises existing or anticipated legal proceedings;

            (d)              prejudices any ongoing negotiations; or

3                 would be unlawful or would be likely to prejudice an investigation of possible unlawful activity;

4                 an enforcement body performing a lawful security function asks us not to provide access to the information;

5                 giving access would reveal information we hold about a commercially sensitive decision making process; or

6                 we reasonably determine that we are otherwise not required to grant such access under and in accordance with the APPs

If the Privacy Officer is of the view access to Personal Information should not be granted based on one of the above, they must escalate this request to the Residential Services Manager. The Residential Services Manager must review the request and must seek the consent of the Directors prior to granting access.

Privacy Officer (Care Manager)

 

Residential Services Manager

 

Directors

 

 

 

Privacy policy

 

 

Notice and reasons for refusal:

If it is determined that access will not be granted, then the person that made the request should be notified within 30 days of receiving the request and provided with reasons for the refusal, which must be first signed off by the Privacy Officer.

Privacy Officer (Care Manager)

 

Residential Services Manager

Privacy policy

 

Complaints procedures:

1                 If a complaint is received, the complaint will be investigated by Privacy Officer and the complainant may be invited to participate in a meeting as part of the investigation.

2                 At the discretion of the Privacy Officer, other interested parties may also be invited to participate in the conference to discuss the nature of the complaint and attempt to resolve it, which may include the presence/participation of a support person or advocate.

3                 The complainant will be provided with a response to their complaint within a reasonable timeframe (one month) after completion of any investigation.

4                 This response will be in writing and will include the outcome of the investigation, any proposed action and details of the right to lodge a complaint with any relevant external organisations.

Privacy Officer (Care Manager)

 

Residential Services Manager

Privacy policy

Associated documents

(a)         Privacy Process

(b)             Privacy Collection Statement

(c)             Data breach policy and response plan

(d)             Guide to new data breach obligations

(e)             A guide to COVID-19 and privacy

Glossary

Health Information means information or an opinion about:

(a)             the health or a disability (at any time) of an individual;

(b)             an individual’s expressed wishes about the future provision of health services to him or her; or

(c)               a health service provided, or to be provided, to an individual that is also personal information; or

(d)             other personal information collected to provide, or in providing, a health service;

(e)             other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances; or

(f)               genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual

 

OAIC means the Office of the Australian Information Commissioner

 

Personal Information means information or an opinion about an identified individual (or an individual who is reasonable identifiable), whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.

 

Privacy Officer means the Privacy Officer listed in our privacy policy.

 

Sensitive Information means information or an opinion about health and related information, including about a person’s physical, mental health, general and specific conditions and illnesses, safety and personal management issues, and a person’s race, ethnic origin, political opinions, membership of political associations and trade associations, religious or philosophical beliefs, sexual orientation or practices, criminal record, genetic information about an individual that is not otherwise health information, biometric information that is used for the purpose of automated biometric verification or biometric identification and biometric templates.

 

Worker means all employees, contractors or subcontractors, employees of a labour hire company assigned to work our business, outworkers, apprentices or trainees, work experience students and volunteers.

 

 Reference Material

 

Aged Care Act 1997 (Cth) Retrieved from https://www.legislation.gov.au/Details/C2020C00164

 

Privacy Act 1988 (Cth) Retrieved from https://www.legislation.gov.au/Details/C2020C00025

 

Quality of Care Principles 2014 (Cth) Retrieved from https://www.legislation.gov.au/Details/F2014L00830

 

  

 

Version Control

 

Version

Date

Comments

V1.0

26/11/2020

Approved by The Board of Directors in December 2020