Privacy policy

Privacy and Confidentiality Policy

1. Principles for the Collection of Consumer Information
Wyanga Aboriginal Aged Care is committed to the principles outlined in the Aged Care Act 1997 and the Privacy Act 1988 [1]and has in place procedures that ensure compliance with the legislation including the protection of sensitive information including health information[2]. The Consumer Handbook outlines our approach to maintaining privacy and confidentiality of consumer information. We use the OAC document, 10 Steps to Protecting Other People’s Privacy, as a guide to our privacy processes[3].

Management, staff and volunteers are provided with annual training and information on the rights of consumers to privacy and confidentiality and the processes to support this, and as needed when new staff/volunteers commence with the organisation (see Section 7: Human Resource Management).

The key guidelines for respecting consumer privacy and confidentiality in Wyanga Aboriginal Aged Care are:

  • Consumers are provided with information on our privacy policy in the Consumer Handbook
  • We only collect information about consumers that is relevant to the provision of aged care support
  • We explain to consumers why we collect the information and what we use it for
  • How we collect consumers’ personal information
  • We collect personal information directly from the consumer unless it is unreasonable or impracticable to do so. When collecting personal information, we may collect it in ways including:
    – during conversations between the consumer and our staff;
    – an application or assessment/service delivery form;
    – letters or emails from the consumer.

If the consumer is unable to give consent we will seek consent from an authorised representative of the consumer. We may also collect personal information from third parties including:

  • other organisations and government entities.
  • Use and disclosure of personal information

We only use and disclose consumer’s personal information for the purposes it was collected and related purposes where we would reasonably be expected to.

Information relating to consumers may be disclosed to or collected from:

  • our staff, subcontractors or service providers for the purpose of conducting our services, fulfilling consumer requests or providing services to consumers;
  • hospitals and medical, health or wellbeing professionals;
  • third parties authorised by the consumer
  • the Aged Care Complaints Commissioner or any other external dispute resolution body;
  • legal and any other professional advisers or consultants.

Consumers’ personal information may also be disclosed or collected where:

  • the consumer has expressly or impliedly consented to the use or disclosure;
  • we reasonably believe that the use or disclosure is reasonably necessary for an enforcement activity conducted by or on behalf of an enforcement body; or
  • we are required or authorised by law to disclose the personal information, for example, to a court in response to a subpoena, or to the Australian Taxation Office, or Centrelink

Security and storing information

  • Consumer files and other information are securely stored
  • Passwords are used to restrict computer access
  • The provision of information to people outside the service is authorised by the Manager/Coordinator
  • We do not discuss consumers or their support with people not directly involved in supporting them
  • Reviews are always conducted in private with the consumer and the Consumer Care Coordinator unless the consumer consents to their carer, advocate or another person being present
  • During consumer assessments reviews the Consumer Care Coordinator asks the consumer about any particular privacy requirements they have such as their preference for a male or female support worker. These are noted on their assessment form and on the support plan
  • Any discussions between staff about consumers are held in a closed office
  • Any references to individual consumers in meeting minutes refer to the consumer by initials only or another unique identifier, such as their consumer number
  • We ensure an identification check is conducted when making face to face and telephone contact with new consumers including validating their name, address and date of birth. We seek support from carers and family (who are also identified) if the consumer cannot self-identify. We use other identifying information (e.g. from referral information, such as Medicare number, pension and other documentation) to validate identification

Access to and correction of personal information

  • We take steps to correct information where appropriate and regularly review consumer information to ensure it is accurate and up to date
  • Consumers can ask to see the information that we keep about them and are supported to access this information (see 1.6.3 Consumers Right to Access Information)
  • We may refuse access to health information if:
  1. a) providing access would pose a serious threat to the life or health of any person (eg where there is a risk that the information may cause the consumer significant distress, so as to result in them harming themselves or another);
  2. b) providing access would have an unreasonable impact on the privacy of other people (where a consumer’s record contains information about someone else, we will prevent an unreasonable impact on that other person’s privacy by removing identifying details before releasing the information)

Consumers are supported by us should they have a complaint or dispute regarding our privacy policy or the management of their personal information


2. Confidentiality of Complaints and Disputes

As far as possible, the fact that a consumer has lodged a complaint and the details of that complaint are kept confidential amongst staff directly concerned with its resolution. Similarly, information on disputes between a consumer and a staff member or a consumer and a carer is kept confidential. The consumer’s permission is obtained prior to any information being given to other parties whom it may be desirable to involve in the resolution of the complaint or dispute.


3. Consumers Right to Access Information

Consumers of Wyanga Aboriginal Aged Care have a right to read any personal information kept about them. A request from a consumer (or their advocate) to access information is referred to the Manager/Coordinator who confirms the request with the Chief Executive Officer and then arranges for the consumer to view their information within 30 days of the request.

Information is provided in a format accessible by the consumer. The consumer can nominate a representative to access their records held by us

The Manager/Coordinator is available to assist the consumer in understanding the information and to explain terminology or other assistance.

On advice from our legal representative, access to a consumer’s record may be denied. This is discussed with the consumer/advocate should this situation arise.

[1]     Commonwealth Aged Care Act 1997, Privacy Act 1988

[2] NSW Health Records and Information Privacy Act 2002

[3]     Based on: Australian Government Office of the Australian Information Commissioner Privacy Fact Sheet 49: Health Information and your Privacy January 2017