Information Privacy Policy

Human Resources > Information Privacy Policy

Authorised by CQI Committee

Revised Date: 26 February 2014

Policy

 

Kyeema Support Services Inc. (Kyeema) recognises that it is bound by the Information Privacy Act 2000, the Health Records Act 2001 (Vic) and that information privacy is consistent with Disability Standards.  Our Commonwealth funded services comply with Department of Social Services (DSS) privacy policies in addition to being bound by the above-mentioned Victorian Acts. The manner in which Kyeema applies the Information Privacy Principles of the Information Privacy Act are detailed in Kyeema Common Operational Procedures on the Quality Management System under the title Information Privacy Principles and Procedures.

 

Our primary purpose in collecting information about participants is to allow us to:

      Provide the services that the participant wishes us to provide;

      Ensure that we understand any particular psychological, emotional or health conditions that might reasonably be expected to affect the services we provide the participant or to assist us in determining how best to provide those services; or

      Reasonably safeguard a participant’s well-being, especially their health.

 

Information privacy principles are summarized below, with the ways in which Kyeema deals with each item.

 

1. Collection

Collect only personal information that is necessary for performance of functions.

 

Advise individuals that they can gain access to personal information.

 

Kyeema collects only information relevant to responsible and safe provision of service for people, and for statutory reporting requirements to our respective funding bodies.

 

Reporting to funding bodies uses de-identified data (names are replaced with strings of numbers) except where it is necessary to identify the person.

 

2. Use and disclosure

Use and disclose personal information only for the primary purpose for which it was collected or a secondary purpose the person would reasonably expect.

 

Use for secondary purposes should have the informed consent of the person.

 

Every effort should be made to explain in the most appropriate way for that individual, what the consent is for.

 

Kyeema uses Form CCF-28 for consent for disclosure of information to a third party and CCF-57 Easy Read Consent Form. This can be signed by participants who understand the purpose of this and every effort should be taken to explain the meaning of this to the participant, but should otherwise be signed by a parent/carer or guardian.

 

Where informed consent cannot be given by the participant, a parent, carer or guardian should sign the form CCF-28 consent to disclose information.

 

3. Data quality

Make sure personal information is accurate, complete and up-to-date.

 

4. Data security

Take reasonable steps to protect personal information from misuse, loss, unauthorized access, modification or disclosure.

 

Authorised staff are those who require access for program and service delivery.

 

Kyeema takes steps to protect the privacy of information. Some of the ways this is done include locked filing cabinets, sign out books for participant files, password protected computers and procedures for transporting sensitive participant information when it is out of the office.

 

5. Participant Personal Information

General information will be retained only for a 7 year period; specific information may be retained for longer periods.

 

Health Medication               7 years

Behavioural Support Plans    Life of participant

Participant Activity Records  Life of participant

Incident Reports                 Life of participant

 

6. Archiving

Upon a participant ceasing to receive services from Kyeema Support Services Inc., their personal files will be reviewed and any documents not required to be kept will be securely destroyed (shredding) all other documentation will be filed alphabetically and stored in a locked cupboard or digitally archived and stored in a locked file.

 

7. Openness

The organisation should document clearly expressed policies on management of personal information and provide the policies to anyone who asks. This document and Kyeema’s Easy English documents can be used for this purpose.

 

8. Access and correction

Individuals have a right to seek access to their personal information and make corrections. Access and correction will be handled mostly under the Victorian Freedom of Information Act.

Individuals who wish to access their personal information should approach a Program Manager, who may delegate the task to another staff member. Some information is exempt from disclosure under this Act.

 

Participants have the right to access the support of an advocate if they have any concerns relating to collection, storage, disposal and accessibility of personal information.

 

9. Unique identifiers

A unique identifier is usually a number assigned to an individual in order to identify the person for the purposes of the organisation’s operations. Tax File Numbers and Driver’s Licence Numbers are examples.

Unique identifiers can facilitate data matching. Data matching can diminish privacy. This Information Privacy Principle limits the adoption and sharing of unique numbers.

 

Kyeema does not generally use unique identifiers for its own purposes except when de-identifying participant names when choosing people for audit interviews and service self-assessment selection.  Identifiers are applied automatically in the QDC computer application provided by DHHS and used for Quarterly Data Collection, and this is to de-identify statistical data sent to DHHS each quarter. Seawinds and Windward send de-identified data via the FOFMS system.

 

10. Anonymity

Give individuals the option of not identifying themselves when entering transactions with organisations if that would be lawful and feasible.

 

Anonymity is feasible when Kyeema seeks feedback during service self-assessment processes.

For most other purposes anonymity is not feasible as service cannot be provided to an anonymous person.

 

11. Transborder data flows

If your personal information travels, your privacy protection should travel with it.

 

Transfer of personal information outside Victoria is restricted.

Personal information may be transferred only if the recipient protects privacy under standards similar to Victoria’s Information Privacy Principles.

 

Kyeema provides service outside of the Victorian borders when participants travel, or where the most suitable place for their activities is over the border in South Australia. Staff are bound by Kyeema’s privacy policy. 

 

12. Sensitive information

The law restricts collection of sensitive information like an individual’s racial or ethnic origin, political views, religious beliefs, sexual preferences, membership of groups or criminal record.

 

Kyeema collects this sort of information if it is relevant to support needs. For example a person’s racial origin may be relevant when providing supports that meet an individual’s cultural identity and religious beliefs may arise during discussions on Life Areas as this may be an important element in the life of that individual.

 

Health information

Health information is especially sensitive and is safeguarded by the Health Records Act as well as the Privacy Act. 

 

Kyeema needs to collect information about the physical and mental well-being of our participants.

However, this information is to be used only for the purposes of safeguarding the participant’s health or ensuring that the design of our program suits the special needs of the participant.

 

No health information is to be revealed to any third party, including medical practitioners, without the express approval of the participant or their agent. In case of an emergency, the matter is to be referred, if at all possible, to a senior manager through the after hours on-call system.  If contact can’t be established, Kyeema staff are empowered to provide appropriate information in an emergency to a qualified health professional including ambulance paramedics, hospital nurses or doctors. A report detailing the circumstances is to be written by the staff member as soon as practical so that a senior manager can speak to the participant or their agent as soon as possible.

 

Prospective Employee/Staff/Job Applicants

 

Information Collected

Kyeema Support Services collects personal information from job applicants and prospective employees/staff when considering whether to make offers of employment or for employment purposes. A failure by an applicant to provide any lawfully requested information may result in the processing of the application being delayed or may result in the application being unsuccessful. Any information which is provided by a job applicant which is later found to be false, may result in the persons’ application being unsuccessful or if the person is employed, result in the termination of that person’s employment.

 

Unsuccessful Applications

All unsuccessful applicants information is shredded and not kept.  If a person would like their resume kept on file, it will be kept for three months and then shredded.

 

Security of Personal Information

Kyeema Support Services will take reasonable steps to secure a job applicant’s personal information.

 

Complaints

If a job applicant has a complaint about Kyeema Support Services privacy practices it should contact the CEO.

 

Employees/Staff

Inspection of Personnel files by Employees/Staff

 

Staff have the right to access information on their personnel file except where information

      Concerns the affairs of another person

      Contains information supplied in confidence by another person

      Is the subject of legal process.

 

Staff are required to give their manager three business days’ notice of their wish to inspect their files. Managers may concede to the request any time within those three days or advise the staff member of the reason for the delay. The records will be made available to be viewed at the workplace or, by arrangement, at an alternative location.

 

An employee/staff will not be provided with access to another employee’s/staff records.

 

Maintenance of Records

Kyeema Support Services is required to keep employee/staff records for seven years from the date on which an entry is made or from termination of an employee’s/staff employment, depending on which happens first.

 

In the case of other records such as tax records, Kyeema Support Services must maintain those records for a continuous period of seven years from the date the entry is made.

 

Employee/Staff Obligations

Employees/staff of Kyeema Support Services must not disclose confidential or personal information which is collected about its suppliers, customers, agents or contractors. If an employee/staff is not sure whether information is confidential or personal then they must check with their immediate manager or CEO.

 

Confidential and Personal Information is information that is not in the public domain. It includes, but is not limited to, the following types of information:

 

      Any personal information about an individual;

      Any information about a supplier, customer, agent or contractor of Kyeema Support Services;

      Any personal information about an employee/staff or colleague (including a prospective or former employee/staff); and

      Any information about Kyeema Support Services business affairs or business systems.

 

Relevant Documents

Consent to Share Information CCF-01

Consent to Share Information - Easy Read CCF-57

Breach of Confidentiality or Privacy Procedure