Regis Aged Care Pty Ltd (ACN 125 223 645) (we, us, our) understands the importance of protecting the privacy of an individual’s personal information (including health information). This policy sets out how we aim to protect the privacy of your personal information, your rights in relation to your personal information managed by us and the way we collect, use and disclose your personal information.
This policy applies to all staff (including contracted agency staff) and volunteers.
The purpose of this policy and procedure is to:
a. ensure personal information is managed in an open and transparent way;
b. protect the privacy of personal information including health information of clients, residents and staff;
c. provide for the fair collection and handling of personal information;
d. ensure that personal information we collect is used and disclosed for legally permitted purposes only;
e. regulate the access to and correction of personal information; and
f. ensure the confidentiality of personal information through appropriate storage and security.
Personal information is any information that identifies an individual or any information from which an individual’s identity could reasonably be ascertained. During the provision of our services, including if you access our website, we may collect your personal information.
We generally collect four kinds of information:
1. personal information provided by you, including your name, address, telephone number and email address;
2. health and financial information in the event that you enter our care as a resident;
3. information that we obtain about you in the course of your interaction with our website including your internet protocol (IP) address, the date and time of your visit to our website, the pages you have accessed, the links on which you have clicked and the type of browser that you were using; and
4. aggregated statistical data which is information relating to your use of our website and our services, such as traffic flow and demographics.
Personal information (including health information), may be collected:
a. from a client or resident;
b. from any person or organisation that assesses health status or care requirements, for example the Aged Care Assessment Team;
c. from the health practitioner of a client or resident;
d. from other health providers or facilities;
e. from family members or significant persons of a client or resident; and
f. from a legal advisor of a client or resident.
We will collect personal information from the client or resident unless:
a. we have the consent of the client or resident to collect the information from someone else; or
b. we are required or authorised by law to collect the information from someone else; or
c. it is unreasonable or impractical to do so.
We collect your personal information for the purposes of providing you with our care and services. Where applicable, we may use your personal information:
to provide aged care services to you;
to enable allied health care providers and medical practitioners to provide care and services to you;
to enable us to obtain the correct level of government funding in relation to your care;
to enable contact with a nominated person regarding your health status;
to lawfully liaise with a nominated representative and to contact family if requested or needed;
to identify and inform you of any other services that may be of interest to you;
to fulfil any of our legal requirements; or
for other purposes permitted or referred to under any terms and conditions you enter into or otherwise agree to with respect to our services.
If you do not wish to have your personal information used in any manner or purpose specified above, please contact our Privacy Officer.
We will at or before the time or as soon as practicable after we collect personal information from you take all reasonable steps to ensure that you are notified or made aware of:
a. our identity and contact details;
b. the purpose for which we are collecting personal information;
c. the identity of other entities or persons to whom we usually disclose personal information;
e. whether we are likely to disclose personal information to overseas recipients and if so, the countries in which such recipients are likely to be located and if practicable, to specify those countries.
We may disclose your personal information to allied health professionals who assist us in providing care and services, medical practitioners, external health agencies such as the ambulance service, hospitals, the Australian Department of Social Services, the Aged Care Standards and Accreditation Agency, Medicare and relevant State health authorities as necessary to carry out the purposes for which the information was collected. We may not use or disclose personal information for a purpose other than the primary purpose of collection, unless:
a. the secondary purpose is related to the primary purpose and you would reasonably expect disclosure of the information for the secondary purpose;
b. you have consented;
c. the information is health information and the collection, use or disclosure is necessary for research, the compilation or analysis of statistics, relevant to public health or public safety, it is impractical to obtain consent, the use or disclosure is conducted within the privacy principles and guidelines and we reasonably believe that the recipient will not disclose the health information;
d. we believe on reasonable grounds that the disclosure is necessary to prevent or lessen a serious and imminent threat to an individual’s life, health or safety or a serious threat to public health or public safety;
e. we have reason to suspect unlawful activity and use or disclose the personal information as part of our investigation of the matter or in reporting our concerns to relevant persons or authorities;
f. we reasonably believe that the use or disclosure is reasonably necessary to allow an enforcement body to enforce laws, protect the public revenue, prevent seriously improper conduct or prepare or conduct legal proceedings; or
g. the use or disclosure is otherwise required or authorised by law.
We will not disclose your personal information to an overseas recipient.
We may disclose Health Information about an individual to a person who is responsible for the individual if:
a. the individual is incapable of giving consent or communicating consent;
b. the service manager is satisfied that either the disclosure is necessary to provide appropriate care or treatment or is made for compassionate reasons or is necessary for the purposes of undertaking a quality review of our services (and the disclosure is limited to the extent reasonable and necessary for this purpose); and
c. the disclosure is not contrary to any wish previously expressed by the individual of which the service manager is aware, or of which the service manager could reasonably be expected to be aware and the disclosure is limited to the extent reasonable and necessary for providing care or treatment.
A ‘person responsible’ is a parent, a child or sibling, a spouse, a relative, a member of the individual’s household, a guardian, an enduring power of attorney, a person who has an intimate personal relationship with the individual, or a person nominated by the individual to be contacted in case of emergency, provided they are at least 18 years of age.
We take all reasonable steps to ensure that the personal information we hold is protected against misuse, loss, unauthorised access, modification or disclosure. We hold personal information in both hard copy and electronic forms in secure databases on secure premises, accessible only by our authorised staff.
Non-current information is archived in secure premises in accordance with our Information Retention Policy.
However, we cannot guarantee the security of any personal information transmitted to us via the Internet.
Under the Privacy Act, you have a right to access your personal information that is collected and held by us. If at any time you would like to access or change the personal information that we hold about you, or you would like more information on our approach to privacy, please contact our Privacy Officer.
To obtain access to your personal information, you will have to provide us proof of identity. This is necessary to ensure that personal information is provided only to the correct individuals and that the privacy of others is protected. We will take all reasonable steps to provide access to your personal information within 30 days from your request. In less complex cases, we will try to provide information within 14 days.
If providing you with access requires a detailed retrieval of your personal information, a fee may be charged for the cost of retrieval and supply of information.
For further information or enquiries regarding your personal information, please contact our Privacy Officer at firstname.lastname@example.org.
Please direct all privacy complaints to our Privacy Officer at email@example.com.
At all times, privacy complaints will:
be treated seriously;
be dealt with under the Regis Privacy Complaints Management Process;
be dealt with as promptly as possible;
be dealt with in a confidential manner; and
not affect your existing obligations or affect the commercial arrangements between you and us.
Our Privacy Officer or his delegate will conduct the investigation into your complaint. You will be informed of the outcome of your complaint following completion of the investigation.