PRIVACY ACT 1988 (Cth) (Privacy Act)
The Privacy Act incorporates the Australian Privacy Principles (APPs) which set out the requirements for the handling of personal and sensitive information. Sensitive information includes health information. The APPs govern the collection, storage, maintenance, use, disclosure and access to personal information of clients by [entity] trading as Food Solutions (Food Solutions).
Information governed by the Privacy Act includes:
- Personal information – information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not and includes sensitive information;
- Sensitive information – includes health information about an individual;
Health information – is sensitive information including information or an opinion collected while providing a health service:
- about an individual’s health or disability;
- about an individual’s wishes;
- about health services provided, or to be provided.
Personal and health information includes personal details related to a client’s attendance (including formal medical record), family information, medical information (past and future), notes made by healthcare personnel, identifiable biological specimens or samples, or genetic information.
The below sets out how Food Solutions manages the personal information of its clients and applies to:
- Food Solutions;
- all persons who have access to personal information collected by Food Solutions; and;
- all clients about whom information is collected.
The maintenance of privacy requires that any information regarding individual clients may not be disclosed either verbally, in writing, in electronic form, by copying, during or outside work hours, except for strictly authorised use within the client care context as legally directed or as requested by the client (subject to exceptions).
There are no degrees of privacy. All client information must be considered private and confidential, even that which is seen or heard, and therefore is not to be disclosed to family, friends or others without the client’s approval or at the consultant’s discretion. Any information given by a staff member to unauthorised personnel will result in disciplinary action and possible dismissal.
All information received in the course of a consultation between a consultant and the client is considered personal health information. All staff at Food Solutions have a responsibility to maintain the privacy of personal health information and related financial information. Staff compliance with Food Solutions’ policy on privacy is mandatory.
ADMINISTRATION OF PRIVACY
Samantha Murray is the privacy officer at Food Solutions. The Privacy Officer implements and monitors adherence to all privacy legislation and acts as liaison for all privacy issues including:
- Requests by clients for access to their personal health information;
- Complaints by clients in respect of a potential breach of privacy;
- Queries of staff concerning privacy law.
The privacy officer can be contacted as follows:
PO Box 255, WILSTON, QLD, 4051
Telephone: 1300 850 246
The policy is intended as a guide to staff and clients of Food Solutions and for the general reference of the broader community.
For the purposes of this policy, no distinction has been made between the handling of personal information and sensitive information (including health information); therefore all information will be referred to as personal information throughout this policy.
OPEN AND TRANSPARENT MANAGEMENT OF PERSONAL INFORMATION
Food Solutions recognises the importance of each client’s privacy and is committed to protecting any personal information held about a client and safeguarding privacy.
Samantha Murray is appointed the privacy officer for Food Solutions. Any inquiries or complaints from individuals about Food Solutions’ compliance with the APP will be dealt with by the privacy officer (details below).
ANONYMITY AND PSEUDONYMITY
Where it is lawful and practical to do so, a client may deal with Food Solutions anonymously or using a pseudonym (for example to enquire about the services Food Solutions provides).
Food Solutions may not be able to provide health services to clients where a pseudonym is used as personal information is required to interact with other providers and apply any concessions and so on.
A client who chooses to access the services of Food Solutions anonymously or by pseudonym will be advised of any potential consequences resulting from their decision. The law or a court/tribunal order may require or authorise Food Solutions to deal with individuals who have identified themselves.
Food Solutions will not preclude a client from the services of Food Solutions because they request anonymity.
COLLECTION OF SOLICITED PERSONAL INFORMATION
Food Solutions will only collect personal information reasonably necessary to provide our clients with a quality health services. Food Solutions collects a variety of personal information.
Personal information may include:
- name, residential and business addresses, telephone numbers, email and other electronic addresses, occupation, family details, emergency contact details;
- health fund details;
- Medicare number;
- pension / concession details;
- medical history;
- test results, diagnosis, treatments, genetic information (if applicable);
- dietary requirements and/or information;
- other details relating to your relationship with Food Solutions and the services provided.
Personal information may be collected for permitted health situations and permitted general situations (as those terms are defined within the Privacy Act). Personal information about a client will only be collected by lawful and fair means and directly from the client, wherever possible.
Food Solutions obtains details when you fill out documents such as administrative forms and/or give information over the telephone. Information may be collected in either electronic or paper format.
Food Solutions may also obtain details from third parties such as an authorised representative, health service providers, other health professionals, family member(s) or other sources necessary to provide the health services to the client – particularly where it is unreasonable or impractical to collect from the client direct. If information is collected about a client from another party, Food Solutions, will whenever possible, advise the client of this.
Food Solutions will ensure that each client providing personal information is informed about and understands the purpose of collecting the information. They will also be advised as to whom or under what circumstances their personal information may be disclosed to another party and how they can access the information held about them by Food Solutions. This will be carried out via notices and/or brochures and/or verbally.
DEALING WITH UNSOLICITED PERSONAL INFORMATION
Unsolicited personal information received by Food Solutions will as soon as practicable, be destroyed or de-identified if it is lawful and reasonable to do so giving consideration to the options available and the resources and costs of undertaking such actions.
NOTIFICATION OF COLLECTION OF PERSONAL INFORMATION
- Food Solutions’ contact details;
- from and where personal information about the client was collected;
- the purpose for the collection and the consequences if personal information is not provided. Food Solutions will ensure that clients who are asked to provide personal information understand the consequences, if any, of providing incomplete or inaccurate information;
- access and correction to personal information (see below); and
- likely cross border disclosure of personal information (see below).
USE OR DISCLOSURE OF PERSONAL INFORMATION
Food Solutions will ensure that personal information will only be used for the purpose it was collected, or that would reasonably be expected by the client providing the information (unless an exception applies).
If the identified information is to be used for a secondary or unrelated purpose, such as data analysis or research, we will obtain informed consent from the client. Individuals will be given the opportunity to refuse such use or disclosure; If a client is physically or legally incapable of providing consent, a responsible person (as described under the Privacy Act) may do so.
Food Solutions will only disclose personal information without consent where such disclosure is required by law, or for law enforcement, or in the interests of the client’s or the public’s health and safety. Food Solutions will keep records of any such use and disclosure.
Information may be disclosed to a responsible person (as described under the Act).
Under the Infectious Diseases Act – Health (Infectious Diseases) Regulations in Sections 146, 390 and 391 of the Health Act 1958, medical practitioners are to report infectious diseases as specified. Notifications of cases are made to the nearest Public Health Unit. Details can be found at: http://www.health.qld.gov.au/cdcg/contacts.asp. It is the responsibility of the treating consultant or nominated person to notify the nearest Public Health Unit of any communicable diseases.
Clients may not wish to have their personal health information used for education purposes. Food Solutions respects its client’s right to privacy and where possible will use de-identified data for case studies. Food Solutions will always inform clients of impending students participating in activities and ask clients to consent to this.
Where it is desired to publish material related to clinical work or for quality improvement activities, the anonymity of clients is to be preserved
Information will be released if a subpoena, court order, search warrant or coroner request is received.
No information is to be released unless the client has authorised another person to be given access, if they have the legal right or a signed authority.
Police and lawyers must obtain a signed client consent (or subpoena, court order or search warrant) for release of information. The request is directed to the consultant. Where only a signed client request is obtained the consultant is not legally obliged to release information.
The Privacy Act states that consent may be ‘expressed’ or ‘implied’.
Express Consent – explicitly, either verbally or in writing.
Implied Consent – reasonably inferred in the circumstances from a client’s conduct.
Food Solutions does not use personal information it holds for the purpose of direct marketing.
CROSS BORDER DISCLOSURE OF PERSONAL INFORMATION
Food Solutions does not in the usual course of its business disclose personal information to overseas recipients. Any transfer of personal information overseas would be with the express consent of a client.
It possible that due to the large number of service providers involved in the business of providing dietician/ speech pathology services that personal information may be transferred outside Australian boundaries in the course of managing that information. If such an eventually occurs, Food Solutions will take reasonable steps to ensure that any service provider who is handling information will be contractually bound to comply with the Privacy Act and the country to which the information is to be transferred has a system of privacy protection at least equal to the system under the Privacy Act.
ADOPTION, USE OR DISCLOSURE OF GOVERNMENT RELATED IDENTIFIERS
Food Solutions will not adopt, use or disclose a government related identifier unless permitted by the Privacy Act.
QUALITY OF PERSONAL INFORMATION
Food Solutions will take reasonable steps to ensure that personal information kept, used or disclosed is accurate, complete, relevant and as up to date as practicable and not misleading.
Medical records are confidential legal documents. Consultants and staff have a responsibility to maintain the privacy of every medical record, which is each client’s right. As a key component for the continuing management of our clients, accurate and complete records are kept.
Consultants and authorised students of Food Solutions are responsible for documenting their own notations for care given to their clients. For each consultation the consultant notes the following details in the medical record:
- Consultant name;
- Reason for consultation;
- Other problems managed;
- Planned dates for review;
- Dietary information and proposed dietary plan;
- Preventative care;
- Referrals to other health care practitioners; and
- Consent issues.
As a general rule, a client has a right to access their personal information held Food Solutions (see below for further information).
SECURITY OF PERSONAL INFORMATION
All personal information held by Food Solutions will be:
- If in paper form, received and stored in a secure, lockable location;
- If in electronic form, protected from theft, loss or corruption;
- Accessible by staff only on a “need to know” basis;
- Protected from viewing or access by unauthorised persons; and
- Not taken from Food Solutions’ offices unless authorised and/or for a specified purpose.
- Food Solutions will destroy or permanently de-identify personal information that is no longer needed or required (see above).
If applicable, Food Solutions will ensure that all personal information transmitted electronically will be appropriately encrypted before transmission.
ACCESS TO PERSONAL INFORMATION
Under normal circumstances Food Solutions will provide a client with access to their personal information within a reasonable time (30 days) of receiving a request for access.
All requests are to be provided to Food Solutions in writing. All requests for access are to be addressed to the Privacy Offer – details above.
Client identification is also requested to ensure that a false application is not lodged. There will be no fee associated with lodging a request for access.
Clients will be provided with an opportunity to discuss their personal information with an appropriate member of staff when access is sought, however a fee for the consultant’s time may be charged.
Provision of access to a client’s personal information will be undertaken in a way that is appropriate to the person’s particular circumstances, e.g. use of interpreters, etc.
If a client believes that information held by Food Solutions is inaccurate or incomplete, Food Solutions will take steps to amend or correct the information.
Food Solutions may refuse access if it reasonably believes that:
- giving access would pose a serious threat to the life, health or safety of any individual or to the public health or public safety;
- Giving access would have an unreasonable impact on the privacy of other individuals;
- The request for access is frivolous and/or vexatious;
- The information requested relates to an existing or anticipated legal proceeding;
- Giving access would prejudice negotiations between Food Solutions and the individual;
- Giving access would be unlawful;
- Denying access is required or authorised by law or a court/tribunal;
- Giving access would likely prejudice the taking of appropriate action in relation to a suspected unlawful activity or serious misconduct;
- Giving access would be likely to prejudice an enforcement related activity conducted by or on behalf of an enforcement body.
Access may be given by email, phone, in person, hard copy or electronic record.
If information is withheld, Food Solutions will provide an explanation to the client as to the reasons why this was the case.
CORRECTION OF PERSONAL INFORMATION
Food Solutions will take all reasonable steps to ensure that all personal information it holds is accurate, up-to-date, complete and relevant and not misleading.
A client may ask to have their personal health information amended if he/she considers that is not up to date, accurate and complete. Food Solutions will correct this information. Corrections are attached to the original health record.
Where there is a disagreement about whether the information is indeed correct, Food Solutions attaches a statement to the original record outlining the clients’ claims.
It is the policy of Food Solutions that identified errors are not permanently removed. It will be noted in the record that the information has been deemed incorrect, incomplete or not up-to-date, and changes added to correct the information and initialled and dated by the author with an explanatory note beside or below the original item. Thus the reason for the incorrect entry is clearly documented with the new entry underneath or in the next available position. The new entry is signed or initialled and dated.
If an error occurs in writing, within the medical record:
- The error is to be crossed through the course of entry in a single line, initialled and dated, by the author.
- Provide an explanatory note beside or below the original item.
- New information is recorded, signed or initialled and dated.
- All requests for correction are to be directed to the privacy offer whose contact details are set out below.
Food Solutions has an established practice for dealing with complaints relating to privacy. All privacy complaints are to be referred to the Privacy Officer (details above). Food Solutions will investigate all complaints and respond as soon as possible.