This policy is established to facilitate the organisation’s commitment to privacy of clients, employees and their related records.
- Privacy Act 1988 (Cth);
- Privacy Regulations 2013 (Cth); and
- Freedom of Information Act 1992 (WA);
- Health Records and Information Privacy Act 2002
- National Privacy Principles
- OAIC Privacy Management framework
Further Privacy training is covered in Bega’s Induction Training Program that all employees complete as part of induction.
Bega adopts the Privacy Management Framework used by the office of the Australian Information Commissioner to meet our compliance obligations to maintain privacy.
Ownership of Personal Information
Bega will ensure that all contractual arrangements and MoUs with third parties adequately address privacy issues.
Collection of Information
Collection of personal information by Bega will be reasonable, lawful and non-intrusive. A person from whom personal information is requested must be told:
- the company’s name (if external to the company);
- the purpose of collection;
- that they can get access to their personal information in order to check its accuracy; and
- what will be done with the information.
Use and Disclosure
Bega will only use or disclose information for the purpose for which it was collected unless the person has consented, or the secondary purpose is related to the primary purpose and a person would reasonably expect such use or disclosure, or the use is for direct marketing in specified circumstances and with the permission of the person, or in circumstances related to public interest such as law enforcement and public or individual health and safety and/or funding requirements, as is lawfully allowable.
Bega will take all reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure.
Access to Personal Information
Any person who has provided personal information to Bega for whatever reason may gain access to that information by contacting the Clinical or Social Support Manager.
Communication with clients via telephone must be conducted with appropriate regard to the privacy and confidentiality of the client and their health information.
If personal and health information needs to be discussed or collected over the phone, the call is transferred to a private room or area so that other clients and persons cannot hear the conversation.
If a person calls to ask if a family member or friend is or has been at Bega, they must be advised that Bega abides by a strict privacy and confidentiality policy and therefore no such information is disclosed. If the query is pursued, the caller must be advised that a message will be taken and the Clinic Manager will return their call as soon as convenient.
Communication with clients via electronic means (e.g. fax, email) is conducted with appropriate regard to the privacy laws relating to health information and confidentiality of the client’s health information.
Employees should be aware that electronic communications could, depending on the technology, be forwarded, intercepted, printed and stored by others, so should in all respects ensure privacy and confidentiality is respected and considered before sending, forwarding or copying any parties into such correspondence.
Privacy Complaints Procedure
Any complaints or requests for information regarding privacy must be handled in accordance with the Privacy policies and procedures that accompany this policy.
- Contact our nominated Privacy Officer – The incumbent of the position HRO will handle any Privacy related complaints and explain the procedure involved for matters pertaining Privacy complaints.
- Confidentiality – Any Privacy complaint will be dealt with in the strictest of confidence.
- Outside Assistance – Whilst the organisation will make every effort to resolve any complaint within, any person who feels their privacy has been breached has the right to take the complaint to the Privacy Commission.
- Bega Code of Conduct
- Our Patient Privacy Statement
- Complaints Management Policy
BREACH OF POLICY
If an employee does not meet the expectations set out in this policy, they may be subjected to disciplinary action in accordance with our Performance Counselling and Disciplinary Action policies up to and including possible termination of their employment.