Introduction

Kevin Heinze Grow (KHG) collects and administers a range of personal and health information for the purpose of providing the most appropriate services for each program participant.

KHG is committed to protecting the privacy of all personal information collected and is bound by privacy and other laws, including:

  • Privacy and Data Protection Act 2014
  • Health Records Act 2001
  • Charter of Human Rights and Responsibilities Act 2006
  • Freedom of Information Act 1982

Purpose

This document outlines KHG’s approach to the management of personal and health information ensuring that responsibilities under the relevant laws are met.

Scope

This policy applies to:

  • All staff members; and
  • Contractors, volunteers and visitors to KHG premises, to the extent it is relevant to them.

Definitions

Personal Information – information or an opinion that is recorded in any form and whether true or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion, but does not include information of a kind to which the Heath Record Act applied. This may include information about:

  • racial or ethnic origin
  • political opinions or association
  • religious beliefs of affiliations
  • philosophical beliefs
  • membership of a professional or trade association
  • membership of a trade union
  • sexual preference, orientation or practices
  • criminal record

Health Information is defined in the Health Records Act and relates to information or opinion about

  • the physical, mental or psychological health of an individual
  • a disability of an individual
  • an individual’s expressed wishes about the future provision of health services to him or her
  • a health service provided or to be provided to an individual.
  • other information collected to provide, or in providing a health service.

Policy

KHG collects and administers a range of personal and health information for the purpose of providing the most appropriate service for that person. KHG recognizes the essential right of individuals to have their information administered in ways which they would reasonably expect.

KHG is bound by the Privacy and Data Protection Act 2014 as well as other laws, which impose specific obligations when it comes to handling information. The following privacy principles are considered as minimum standards in relation to handling personal information:

  • Collect only information which the organisation requires for its primary function.
  • Ensure that stakeholders are informed as to why we collect the information and how we administer the information gathered.
  • Use and disclose personal information only for our primary functions or a directly related purpose, or for another purpose with the person’s consent.
  • Store personal information securely, protecting it from unauthorised access.
  • Provide stakeholders with access to their own information, and the right to seek its correction.

KHG keeps a historical photographic record.  These photos are also used for internal communications (eg. Newsletters) as well as external communication (eg website, publications).  KHG will seek consent for the use of visual images using the Photograph Consent Form.

Procedures

Collection – KHG will:

  • only collect information that is necessary for the performance and primary function on KHG will be collected
  • notify stakeholders about why we collect the information and how it is administered
  • notify stakeholders that information we collect is accessible to them

Use and Disclosure– KHG will:

  • only use or disclose information for the primary purpose for which it was collected or a directly related secondary purpose.
  • obtain consent from the affected person if information is to be used for any other purpose
  • in instances where the individual is not able to give consent, identify the appropriate contact who is able to give consent on the individual’s behalf. (This may be a family member, advocate or other guardian).

Data Quality – KHG will:

  • Take reasonable steps to ensure the information we collect is accurate, complete, up-to-date, and relevant to the functions we perform.

Data Security and Retention – KHG will:

  • Safeguard the information we collect and store against misuse, loss, unauthorised access and modification
  • Only destroy records when those records are deemed to be no longer active and are not required to be retained by law.

Openness – KHG will

  • Ensure stakeholders are aware of the KHG’s Privacy Policy.

Access and Correction – KHG will:

  • Ensure individuals have a right to seek access to information held about them and to correct it if it is inaccurate, incomplete, misleading or not up-to-date.
  • Refuse to provide access to service user files without service user consent

Anonymity – KHG will:

  • Give service users and stakeholders the option of not identifying themselves when completing evaluation forms or opinion surveys.

Making information available to third parties – KHG can:

  • Only release personal information about a person with that person’s expressed permission, except where required by law.

Photographs – KHG provides a photo consent form to all clients, volunteers and staff.

Responsibilities

The Committee of Management will:

  • foster a culture of privacy protection
  • regularly review information (such as incident reports, service user feedback, complaints) that may relate to maintenance of privacy

The Chief Executive Officer (CEO) and other senior officers will:

  • be committed to the privacy principles set out in this document
  • oversee the implementation of and compliance with these principles
  • be responsible for monitoring changes in Privacy Legislation and other relevant Acts and for reviewing this policy as required

Employees/volunteers will:

  • support and participate in the implementation of these policies and procedures