Privacy and Confidentiality Policy
Why
The privacy and dignity outcomes of the NDIS Practice Standards apply to the people we support and their families. The National Privacy Principles apply to all people that the organisation holds personal information about. This includes people we support, families, advocates, staff and volunteers.
What
Disability support providers have clear responsibilities under the Privacy Act 1988, including the Australian Privacy Principles and Data Breach Notification Scheme to meet our legal and ethical requirements regarding participants, their families/carers and staff rights to privacy and confidentiality.
NNA Direct Support complies with the Australian Privacy Principles; the NDIS Practice Standards and all relevant State or Federal legislation.
Who
This policy has been developed to meet the requirements of the NDIS Practice Standards. This policy applies to:
All People Infrastructure Board Members, Executives, NNA DSS General Managers and all other NNA DSS Staff. Participants and their support networks should also be aware of this procedure
How
Staff
NNA Direct support service will only collect information from our staff that is relevant to their work role and function within the organisation and to ensure emergency contacts are identified.
Participants
Personal and/or sensitive information about participants will only be collected when it is directly relevant and needed to provide support services to that person, or where it is required by law to collect the information. The information we keep is correct and up to date and we will review this information with the participant regularly.
Notification
Staff and participants are advised on entry to NNA Direct Support service of their rights to privacy and confidentiality, consent procedures and the organisation’s responsibility to release information without consent when legally obliged to do so.
Access
Participants, their guardians and staff have access to information kept about them and the right to update and /or change their records.
The type of personal and/or sensitive information that we collect and hold
The types of personal and/or sensitive information that we collect may include names, address, other contact details, information about cultural preferences, religious beliefs or affiliations, sexual orientation or practices, health information and information that will help us to provide our supports and services in the way the participant chooses, or to comply with our legal requirements.
How we collect and hold personal information
We generally collect personal and/or sensitive information directly through the use of our standard forms, interviews, via email or through telephone conversations. With consent, we may collect personal and/or sensitive information from other services or agencies that also provide the participant with supports and services.
The purposes for which we collect, hold, use and disclose personal information.
- We collect personal and/or sensitive information for the following reasons:
• providing participant preferred services and supports
• to assist with participant questions or requests
• to help deliver services or meet legal requirements
• to review a participant’s needs and services so we can develop new services or improve existing services - · to ensure currency of staff probity records, and to validate qualifications and experience relevant to each position.
Consent to release information
We ask for consent to release or share information with others from staff, the participant or their Nominee (Parent or Primary Carer) or Legal Guardian.
If we are not certain about the release of participant information or there is doubt that a participant would consent to the release of information, we will seek permission from the Nominee (Parent or Primary Carer/Guardian) before releasing the information.
Participant unable to give consent
Where the participant is unable or cannot give informed consent, we will get written consent from the Nominee/ Legal Guardian. In some circumstances verbal consent is acceptable and this will be witnessed by an independent person and recorded in the participant’s file.
Disclosing personal information without written consent
NNA Direct Support Service does not give identifying information to other agencies, organisations or anyone else without staff or participant’s prior consent unless one of the following applies:
- it is required by law
- is necessary to protect the rights or property of our organisation or any other individual
- it will prevent or lessen a serious and immediate threat to somebody’s life or health
- it relates to a criminal matter.
Security of Information
Information held by NNA Direct Support Service is protected against loss, unauthorised access, use, modification, disclosure or any other misuse.
Steps include:
- secure handling procedures
- Where available the use of two factor authentication
- placing access restrictions on private files and information so that only the need to know positions have access to these files unless permission is given by these officers to staff who require that information to do their work
- Making certain that paper-based documents are stored in locked cabinets when not in use
- all electronic files are password protected with additional restricted access for electronic files with sensitive personal information
- all computers and servers (and mobile phones using business APPS) are protected with firewalls, anti-virus and anti-spyware software that is kept updated
- quality control and monitoring activities are applied to ensure the information management procedures and processes always meet the requirements of the NDIS Practice Standards and identified Legislation
- Legislative requirements are met for retention and deletion of records
- When no longer required, personal information is destroyed in a secure way such as shredding or permanent deletion.
- Reports to the Office of the Australian Information Commissioner and the people affected when an electronic data breach has occurred, and individual personal information has been released or accessed unlawfully.