Preamble

This policy is established to facilitate the organisation’s commitment to privacy of clients, employees and their related records.

Policy Statement

The Privacy Policy implemented by Bega Garnbirringu Health Services (Bega) extends to and covers all operations and function of the organisation. All management, employees, contractors, sub-contractors, vendors, service providers, customers, agents or any other third parties that have access to and/or utilise personal information collected and/or held by Bega must abide by this Privacy Policy.

The objective of the Privacy Policy is to ensure that a sound privacy foundation and framework is established and maintained by Bega, and the company complies with the relevant Privacy laws and regulations being:

  • Privacy Act 1988 (Cth);
  • Privacy Regulations 2013 (Cth); and
  • Freedom of Information Act 1992 (WA);
  • Health Records and Information Privacy Act 2002
  • National Privacy Principles
  • OAIC Privacy Management framework

Further Privacy training is covered in Bega’s Induction Training Program that all employees complete as part of induction.

Policy Guidelines

Bega adopts the Privacy Management Framework used by the office of the Australian Information Commissioner to meet our compliance obligations to maintain privacy.

Ownership of Personal Information

All personal information collected, held or shared by Bega must be done so in accordance with this Privacy Policy. Bega retains the right to take reasonable steps to ensure that its Privacy Policy is properly adhered to.

In every department or function of Bega where personal information is collected, the person to whom the information is given or the application is addressed is responsible for ensuring compliance with this Privacy Policy.

It is the responsibility of all employees and other relevant parties to ensure that they understand and adhere to the Privacy Policy implemented by Bega and that they maintain up-to-date knowledge of changes or any new privacy policies and procedures.

Contractual Arrangements

Bega will ensure that all contractual arrangements and MoUs with third parties adequately address privacy issues.

Availability of Privacy Policy

Bega will ensure that a copy of the Privacy Policy is available to all job applicants and customers if requested. The Privacy Policy is available on the company intranet.

Collection of Information

Collection of personal information by Bega will be reasonable, lawful and non-intrusive.  A person from whom personal information is requested must be told:

  • the company’s name (if external to the company);
  • the purpose of collection;
  • that they can get access to their personal information in order to check its accuracy; and
  • what will be done with the information.

Use and Disclosure

Bega will only use or disclose information for the purpose for which it was collected unless the person has consented, or the secondary purpose is related to the primary purpose and a person would reasonably expect such use or disclosure, or the use is for direct marketing in specified circumstances and with the permission of the person, or in circumstances related to public interest such as law enforcement and public or individual health and safety and/or funding requirements, as is lawfully allowable.

Data Security

Bega will take all reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure.

Access to Personal Information

Any person who has provided personal information to Bega for whatever reason may gain access to that information by contacting the Clinical or Social Support Manager.

Telephone contact

Communication with clients via telephone must be conducted with appropriate regard to the privacy and confidentiality of the client and their health information.

If personal and health information needs to be discussed or collected over the phone, the call is transferred to a private room or area so that other clients and persons cannot hear the conversation.

If a person calls to ask if a family member or friend is or has been at Bega, they must be advised that Bega abides by a strict privacy and confidentiality policy and therefore no such information is disclosed. If the query is pursued, the caller must be advised that a message will be taken and the Clinic Manager will return their call as soon as convenient.

Electronic/Computer contact

Communication with clients via electronic means (e.g. fax, email) is conducted with appropriate regard to the privacy laws relating to health information and confidentiality of the client’s health information.

Employees should be aware that electronic communications could, depending on the technology, be forwarded, intercepted, printed and stored by others, so should in all respects ensure privacy and confidentiality is respected and considered before sending, forwarding or copying any parties into such correspondence.

In no way is it appropriate for any employee to discuss a patient, other employee, Board Member or other person in business with the organisation in anyway or form on social media. This is a direct breach of the privacy policy of this organisation and laws governing privacy issues.

Privacy Complaints Procedure

Any complaints or requests for information regarding privacy must be handled in accordance with the Privacy policies and procedures that accompany this policy.

  • Contact our nominated Privacy Officer – The incumbent of the position HRO will handle any Privacy related complaints and explain the procedure involved for matters pertaining Privacy complaints.
  • Confidentiality – Any Privacy complaint will be dealt with in the strictest of confidence.
  • Outside Assistance – Whilst the organisation will make every effort to resolve any complaint within, any person who feels their privacy has been breached has the right to take the complaint to the Privacy Commission.

RELATED DOCUMENTS

  • Bega Code of Conduct
  • Our Patient Privacy Statement
  • Complaints Management Policy

BREACH OF POLICY

If an employee does not meet the expectations set out in this policy, they may be subjected to disciplinary action in accordance with our Performance Counselling and Disciplinary Action policies up to and including possible termination of their employment.