Privacy and Confidentiality Policy
Policy Owner
CEO
Scope
Privacy, confidentiality and access to personal information are basic rights for all clients of The Family Place Inc. (TFP). Privacy can be simply described as the right to be left alone and the right to have control over your own personal information.
Personal information includes information or an opinion about you as well as health information about your physical health, mental health and disability. In the last two decades the Australian and NSW Governments have introduced a number of laws to protect the privacy of individuals. The privacy policies of TFP have been developed in line with these pieces of legislation.
Confidentiality refers to the obligation of TFP staff, both paid and unpaid not to disclose personal information about TFP clients unless they have their informed consent or otherwise required by the law.
This policy is designed to be a comprehensive policy and procedural document in the areas of client privacy, confidentiality and access to personal information for TFP.
Statement of Policy
The Management Committee of TFP Inc. affirms the need for TFP employees and families who are clients to establish and maintain working relationships that are built on trust and respect. TFP recognises the importance of respecting the right of our clients to privacy and confidentiality, particularly regarding the protection of and access to their personal information.
TFP will ensure that it meets the Commonwealth and State legislative requirements as well as its own ethical standards in the collection, use, exchange, storage and disposal of client information.
Privacy Principles
TFP’ privacy policy and its attached procedures are based on the following set of principles:
- We only collect personal information about clients for a lawful purpose i.e. as is required by the funding body or to enable delivery of service support to clients.
- We inform our clients why personal information is collected, to whom else it is usually disclosed, and how the information is stored.
- We only collect sensitive information, such as health information, with client consent unless necessary to prevent harm to life or health. Where there is a request from a client to exclude sensitive information from their case file or for information not to be shared with other workers or that a particular worker, not have access to their file or file information, workers will discuss this request with the manager.
- We collect personal information directly from the client unless the client is a minor, under guardianship or has given consent for someone else to provide the information.
- We will ensure that client information we hold is objective, relevant, accurate, up–to–date, complete, phrased sensitively and not excessive.
- We will protect client records from loss, unauthorized access, misuse, modification and disclosure and will ensure its appropriate disposal.
- We will provide client access to their records and tell them how they can get access.
- We will allow clients to correct any wrong, incomplete or misleading personal information we hold, however, clients will not be permitted to remove their file from the office and may only view the file in the presence of a staff member.
- We will not use client information for any other purpose except with client consent unless necessary to prevent harm to life or health, or as required by statutory obligations.
- We will not disclose client information to any other person or organisation without consent unless necessary to prevent harm to life or health, or as required by statutory obligations.
- We only use client identifying codes if necessary and do not use the same codes as other agencies.
- Clients have the option of not identifying themselves if preferred.
- We will take all reasonable steps to de–identify information before it is disclosed for data collection or research purposes to ensure that clients cannot be identified through ‘constructive identification’.
- We will give clients and stakeholders the option of not identifying themselves when completing evaluation forms/participating in service evaluation activities.
- We will ensure client files do not leave the TFP office
- We will inform clients that their files will be kept for seven years after support has ended.
Confidentiality
In most instances, confidentiality exists between the TFP team and the client rather than the client and individual worker. Employees can share relevant information about clients with other member of the TFP team without breaching confidentiality.
In some circumstances, our duty of care and mandatory reporting responsibilities may override confidentiality provisions.
This can happen when:
- There is an obligation not to conceal an intended or actual crime including child abuse or negligence, assault, theft or fraud. In these cases the relevant authorities will be informed
- disclosure is in the client’s interest to avoid harm (e.g. suicide)
- there is a need to warn a third party who may be in danger
- Under Chapter 16A
This is identified in our Consent form.
Informed Consent
TFP only shares and exchanges personal information with the client’s informed consent.
Informed consent means that the client:
- understands the need to exchange personal information about them
- knows what personal information will be exchanged
- knows with whom or what agency the information will be exchanged
- Agrees to the exchange.
Consent may be verbal or written. If verbal, consent is noted on the relevant client file. Written consent is recorded on our Consent Form.
In situations where the worker believes that the client may not have the capacity to give informed consent because of their age, mental state or disability, we will attempt to get substitute consent from the client’s guardian or appointed representative.
In situations where the client is unwilling to give consent, the need for privacy will be balanced against TFP’ duty of care responsibilities.
Informed Consent, Children and Young People
In situations where there is a need to exchange information about a child or a young person, generally consent will be sought from the child’s parent or legal guardian. Where appropriate, the child or young person’s views will be taken into consideration when making the consent decision.
Procedures for handling client information
Collection
TFP will only collect client information that is needed by the funding body for data collection purposes or to provide the service. An electronic file is created for each client on CDS using standard assessment and client information tools. Additional material is added as file notes or scanned in. In accordance with the Case Management Policy and the Client Rights and Responsibility Policy, all TFP clients must complete a Consent Form and receive a copy of the Client Rights and Responsibilities / Making a Complaint Brochure. It is the responsibility of TFP employees to ensure the information is explained to the client in jargon free language and consent is well informed.
Storage
TFP stores client information on CDS, an electronic client file record, this information is securely stored, employees have individual passwords, and employees should only view client information relevant to undertaking their usual duties. Archived paper based files are to be stored securely in a locked cabinet and sent to Grace Document Storage.
Access
Client files are only accessed by TFP management, the relevant family support workers and the client whose file it is.
Modification
TFP employees will take every measure to ensure that client information is up–to–date, accurate and complete. Clients have a right to amend any incorrect information on their personal file.
Disposal
TFP will retain client files of adult clients for seven years in case of a later claim or subpoena. In the case of children, particularly with regards to accident/incident reports and notifications, the relevant files will be kept for seven years after the child turns 18.
Closed or dormant client files will be kept in a secure, locked space. Disposal will be either through shredding or by using a commercial contractor guaranteeing secure destruction of records.
Client access to personal information
Clients have the right to access their personal records and correct any information that is incorrect, incomplete or misleading. Clients wanting to see their personal records should ask the Operations Manager or CEO who will arrange this.
Procedure
The CEO is responsible for the following:
- Implementation of privacy provisions within TFP
- Ensuring staff distribute the client rights and responsibilities brochure which outlines privacy and confidentiality as well as how to make a complaint or pay the service a compliment
- Ensuring that all TFP services are delivered under conditions of privacy and confidentiality
- Client records are maintained and stored in secure conditions for the mandated period
- Ensuring that, subject to considerations about legal and privacy issues and the safety of other people, clients have the opportunity to view records or access copies of records relating to themselves, and where copies of records sought unavoidably relate to another client, services require the written approval of that client for the release of that information
- If access to records is to be denied, to give reasons to the client consistent with the Privacy Act and taking into account obligations under the Freedom of Information Act 1988
- Appropriate disposal of client records that are no longer required to be retained
- Ensuring that all staff receive training around privacy and confidentiality provisions
- Clients are reminded of regularly of their privacy rights
- All TFP electronic transmissions such as emails carry a security statement such as the following:
The content of this message and any attachments may be privileged, in confidence or sensitive. Any unauthorised use is expressly prohibited. If you have received this email in error please notify the sender and delete the email. Any views expressed are those of the individual sender, except where the sender specifically states them to be the views of Eurobodalla Family Support Services.
TFP acknowledge the support of NSW FACS.
Legislation
Federal Privacy Act 1988
Privacy Amendment (Private Sector) Act 2000
Privacy and Personal Protection Information Act 1998
Health Records and Information Privacy Act 2002
Forms
Consent Form
Memorandum of Understanding Template
Service Level Agreement Template
Letter requesting information under Chapter 16A
Complaints Form
Client Rights and Responsibilities / Making a Complaint Brochure