1.6 Privacy and Confidentiality
1.6.1 Principles for the Collection of Consumer Information
CBCS is committed to the principles outlined in the Privacy Act 1988 and the Privacy Amendment (Enhancing Privacy Protection) Act 2012. CBCS have in place procedures that ensure compliance with the legislation including the protection of sensitive information including health information. We use the OAIC documents, Protecting Customer’s Personal Information and the Guide to Health Privacy, as guides to our privacy plan and processes.
1.6.2 Privacy plan
The CBCS Privacy Plan and policies, processes and procedures ensures the privacy of our consumers as shown below. The key guidelines for respecting consumer privacy and confidentiality are:
- We have clear lines of accountability for privacy management. The Board has approved the Privacy Plan and has delegated day to day responsibility to the General Manager. The General Manager is directly responsible for privacy and for reporting to the Board on any issues including breaches. The Facility Managers are responsible for ensuring our policies, processes and procedures are implemented and followed and report on any issues to the General Manager. Staff with any privacy issues or queries can approach their Facility Manager
- Management, staff and volunteers are provided with annual training and information and periodic reviews of the information on the rights of consumers to privacy and confidentiality and the processes to support this. Training is provided to staff and volunteers as needed and when new staff/volunteers commence employment (see 7.4.3 Staff education and training/Education and training strategies/Mandatory training). The OAIC Guide to Health Privacy is available to all staff and Board members and is utilised as a reference for senior management in the management of privacy
- We only collect information about consumers that is relevant to the provision of support and we explain to consumers why we collect the information and what we use it for. Information collected can include contact details, family details, medical history, health care provider details, financial information, assessments, clinical notes, medications, Medicare/healthcare fund details, specialist reports, test results and referral information
- We ensure a three-point identification check is conducted when making face to face and telephone contact with new consumers including validating their name, address and date of birth. We seek support from carers and family (who are also identified) if the consumer cannot self-identify. We use other identifying information (e.g. from referral information, such as Medicare number, pension and other documentation) to validate identification
- We take steps to correct information where appropriate and regularly review consumer information with the consumer or their representative to ensure it is accurate and up to date
- Consumers can ask to see the information that we keep about them and are supported to access this information subject to the Grounds for Refusing Access specified in the Privacy Act 1988 (see 1.6.3 Consumers Right to Access Information)
- All information relating to consumers is confidential and is not disclosed to any other person or organisation without the consumer’s consent except in cases of serious threat to the consumer and/or where they are not able to consent
- We only share information when it is necessary to ensure appropriate support is delivered and only with the consumer’s consent beforehand
- The provision of information to people outside the service is authorised by the relevant manager
- We do not discuss consumers or their support with people not directly involved in supporting them
- Reviews are always conducted in private with the consumer and the relevant team member unless the consumer consents to their carer, advocate or another person being present
- During consumer assessments and reviews the relevant team member asks the consumer about any privacy requirements they have. These are noted on their assessment and on the care plan
- Any discussions between staff about consumers are held in a private space
- Any references to individual consumers in general meeting minutes refer to the consumer by initials only or another unique identifier, such as their consumer number
- Consumer files are stored in secured filing cabinets and archived in our secure archives area. Electronic information is securely stored on our server and securely backed up daily (see 8.11 Information Management Systems)
- We confidentially destroy any personal information held about our consumers when it is no longer necessary to provide support (see 8.11.6 Archiving)
- We have a comprehensive data breach response plan to be implemented in the event of a data breach (see 8.11.7 Information Technology and Cyber Security)
- Our Privacy Plan and policies, processes and procedures are reviewed and updated through our regulatory compliance and continuous improvement processes including the review of Policies and Procedures over a three-year period and ongoing audits of all processes. (See 8.8 Regulatory Compliance and 8.9 Continuous Improvement.)
(See 2.3.6 Assessment and Care Planning Process and 2.6 Consumer Documentation and Information Sharing).
 Australian Government Privacy Act 1988 and Privacy Amendment (Enhancing Privacy Protection) Act 2012
 Australian Government Office of the Australian Information Commissioner Protecting Customers Personal Information Accessed 8 August 2019
 Australian Government Office of the Australian Information Commissioner (OAIC) Guide to Health Privacy September 2019 Accessed February 2020
 A copy of the OAIC Guide to Health Privacy is maintained in our Resources folder
1.6.3 Confidentiality of Complaints and Disputes
As far as possible, the fact that a consumer has lodged a complaint and the details of that complaint are kept confidential amongst staff directly concerned with its resolution. Similarly, information on disputes between a consumer and a staff member or a consumer and their representative is kept confidential. The consumer’s permission is obtained prior to any information being given to other parties whom it may be desirable to involve in the resolution of the complaint or dispute.
1.6.4 Consumers Right to Access Information
Consumers of CBCS have a right to read any personal information kept about them. A request from a consumer (or their advocate) to access information is referred to the relevant team member who confirms the request with the Facility Manager and/or General Manager and then arranges for the consumer to view their information within 30 days of the request.
Information is provided in a format accessible by the consumer. The consumer can nominate a representative to access their records held by us.
The team member is available to assist the consumer in understanding the information and to explain terminology or other assistance.
On advice from our legal representative, access to a consumer’s record may be denied subject to the Grounds for Refusing Access specified in the Privacy Act 1988. This is discussed with the consumer/representative should this situation arise.
© GGJ 2018 Licensed To Christian Brethren Community Services 19|04014
Updated and Reviewed 25 May 2020