To provide an effective and high-quality service and to maintain appropriate accountability, we must collect, store and sometimes share relevant personal information about our clients. It is important that we are consistent and careful in the way we manage what is written and said about a client and how we decide who can see or hear this information.
Our clients have legislated rights to privacy. It is essential that we protect and uphold these rights, and also that we act correctly in those circumstances where the right to privacy may be overridden by other considerations.
To uphold the rights of clients to privacy, each staff member needs an appropriate level of understanding about how we meet our legal obligations.
All staff members are obliged to sign the confidentiality clause in their employment contracts at commencement with INDEPENDENCE WORLD. A code of conduct is included in the signed Employment Agreement for staff members regarding confidentiality.
In the context of this policy the following definitions apply:
Confidentiality: A principle which states that personal information about others should not be revealed to persons not authorised to receive such information. It is a Staff’s obligation to respect a client’s privacy and to keep secure the information that is shared so that service users feel confident to discuss their private situation. Confidentiality applies to verbal information, written information and information stored on computers.
Privacy: Privacy is the right of an individual or group to exclude information about themselves and thereby reveal personal information about themselves selectively. The boundaries and content of what is considered private differs between cultures and individuals, but shares basic common themes. Privacy is facilitated for service users by the provision of suitable interview spaces and private areas to discuss personal information. These arrangements will be made with consideration for work place health and safety requirements and staff safety at all times. INDEPENDENCE WORLD will only collect information that is necessary for its specific service activities, will only collect personal information in a lawful and un-intrusive way and only collect information about an individual from that individual wherever possible.
Personal information: In the Commonwealth Privacy Act (1988) thatmeans information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Informed consent: Infers that the Client has been provided with all the necessary information relating to how we manage their personal information. Informed Consent is required before we can collect personal information. For consent to be valid it must be given by a person with the capacity to give it. In certain situations, this can be provided by an authorised representative of the Client. I.e.: Informal support; Advocate
Limits to confidentiality – There may be limits to confidentiality based on business procedure and legal requirements in some circumstances. The best interests of the client must always be taken into consideration when deciding whether to share information.
(a) a document (admission forms, job applications for an advertised role)
(b) a database (however kept)
(c) a photograph or other pictorial representation of a person
Information Collected by Our Websites
When you visit one of our websites, we do not try to identify you or collect Personal Information. However, you might choose to provide your Personal Information when you complete an online form or make an enquiry via the ‘contact us’ page. Our websites take every precaution to protect Personal Information collected and measures are in place to protect the loss, misuse and alteration of this information (see the Security section of this policy).
To help us keep our websites working optimally, our sites may collect statistics about visits, such as how many people visit our sites, the user’s IP address, which pages people visit, the domains our visitors come from and which browsers they use. This information will not used to identify you.
Our websites may collect ‘cookies’ when you access them. Cookies identify your IP address and browser type, but not your Personal Information. Whilst cookies enable better website functionality, you can choose to reject them if you wish.
Security is a high priority for us. We have strong policies and procedures in place, and we take all reasonable steps to keep Personal Information you provide us secure and protected from misuse, interference and loss, as well as unauthorised access, modification or disclosure. Our security measures include but are not limited to:
- Educating our staff and clients about their
obligations to your Personal Information.
- Requiring our staff to use passwords when
accessing our systems.
- Employing firewalls, intrusion detection systems
and virus scanning tools to protect against unauthorised persons and viruses
entering our systems.
- Using dedicated secure networks or encryptions
when we transmit electronic data.
- Providing secure storage for physical records.
- At initial contact with the service the Client must be made aware of the context in which the service is provided, the purpose for collecting personal information and limits to confidentiality.
- Staff must gain written consent by Clients for the collection, sharing and storage of personal information by completing a Client Consent Form which is stored in their client file in locked filing cabinets.
- Written consent covers the requirements contained within the Information Privacy Act 2009 and includes circumstances that may require the sharing of client information such as those with co-staffs, other agencies or government departments.
- In situations where client information may need to be shared, staff should endeavour to let Clients know that this has happened and involve clients in the decisions and the process.
- Staff are to make decisions on sharing information according to the above procedures and/or in the best interests of the client in order to achieve identified outcomes.
Limits to Confidentiality
- The Staff will explain that the limited confidentiality conditions include:
- That information will be shared at internal staff meetings
- That non-identifying information will be shared across agencies involved in their individual care plan
- That the service has procedures regarding safety risks and that confidentiality will not be observed in the following circumstances:
- If a Staff member is made aware that a serious crime has been committed or is about to be committed and the Staff member knows the details to be accurate, they are obliged to report such information to the Manager who will report to the police.
- Any issue which presents a serious or imminent threat that could endanger the life, health or safety of the Client, their dependents, other service users or staff.
- If a Client informs you of an intention to harm themselves, another individual or presents a danger to the community in general, under common law guidelines you are obliged to respond by contacting the appropriate agency and authorities.
- While it is not mandatory for staff to do so, if staff have concerns about child abuse or neglect, it is an organisational policy to report these concerns to the Manager. In this instance the staff would not be departing from any ethical code of conduct in breaking confidentiality. The Manager will determine the most appropriate course of action in these cases.
- The staff will follow the relevant policy.
- If the Police produce a Search Warrant requesting client information. If a valid search warrant is not produced the organisation is not obliged to provide personal information. This decision may be based on the best interest and safety of the client or community.
- If the staff or the staff records are subpoenaed to court, the party seeking the records must be able to justify the need to have access to client’s information.
Confidentiality and our Website
Cloud -Based Storage
- In order to provide an efficient and effective Care Service, we require the use of cloud-based storage. All information you provide us is stored under password and other protection to ensure only approved Employees can access it.
- Staff will consider the physical arrangements of the Client’s premises to ensure maximum privacy for clients at all times.
- Efforts to meet this policy are made by the appropriate arrangement of the office space, by keeping desk tops clear of personal information and by staff ensuring respect for the privacy of client’s when in discussion on the phone and face to face with other team members or external parties.
- Staff are responsible for ensuring that their own diary notes do not breach privacy principles. All diaries and files must be locked away when the staff is absent from their desk and when the premises is unattended.
- To protect client’s privacy, information recorded will be complete, relevant and factual. Opinions are not recorded as facts; any subjective opinions recorded will be acknowledged as such.
- All intake assessments will take place in a private space. Where possible clients will be involved in the recording process.