This policy and procedure has been structured to communicate to workers correct and appropriate means for the security of confidential information, and the benefit of the company. This policy and procedure extend to all Alfa Disability Services’ workers, and failure to abide by this will result in strict disciplinary action. This Policy and Procedure also relates to the Records and Information Management Policy and Procedure; therefore, for further information, reference the Policy and Procedure where required. Furthermore, it incorporates and utilises the policies and procedures outlined in Alfa Disability Services’ General Privacy Policy and Procedure.
This extends to all workers and meets relevant laws and regulations and standards.
Alfa Disability Services supports the privacy and confidentiality of their workers and participants through the utilisation of the Records and Information Management Policy and Procedure. Alfa Disability Services is required to maintain the protection of workers and participants privacy continuously. Every person has the right to decide whom to share personal information. Workers remain responsible for the privacy and security provided to the participants and fellow workers. Before any information is gathered, Alfa Disability Services must ensure that the information will is used correctly and appropriately.
The procedures of privacy and confidentiality communicate with the lifecycle of data as follows:
➢ Create a collection of all forms of participant details and any other relevant information as well as service agreements to ensure they have given both verbal and written consent.
➢ Store all information securely as per the Records and Information Management Policy and Procedure and limit access.
➢ Use the information to update when applicable, disclose the information to staff members and report if necessary.
➢ Archive the documents securely once the participant has exited the service as per the Records and Information Management policy and procedure and limit access.
➢ Once the archive period is complete, dispose of documents securely as per the Records and Information Management policy and procedure.
The CEO/Director is committed to ensuring that Alfa Disability Services follows the 1988 (Cth) Privacy Act standards, as well as any other relevant government and territory laws and specifications.
It is the responsibility of all Alfa Disability Services’ workers to read and comply with the state and federal legislation concerning privacy and confidentiality, including this policy and procedure.
This includes:
➢ Collection/Creation
➢ Process
➢ Storage
➢ Utilisation
➢ Disclosure
➢ Disposal.
Alfa Disability Services is required to give workers appropriate training regarding their knowledge of systems in place for the confidentiality of company data; this will be done through performance reviews. If it is found that a worker does not encompass correct knowledge, extra training may be given to ensure consistency throughout Alfa Disability Services, with conjunction with the Human Resources Policy and Procedure. The Alfa Disability Services Privacy Statement must be in the Alfa Disability Services Participant Handbook.
Personal Information
Alfa Disability Services is required to provide workers with consent forms for personal information, which will be considered respectfully, and no information will be used without consent.
Personal information includes but is not limited to:
➢ Photographs
➢ Films
➢ Recordings
Participant Information Collection and Consent
Alfa Disability Services will only require confidential information to determine potential participants suitability for a service and to monitor the services provided.
A participant is entitled to supply, access, update and use any personal information if necessary to ensure correct information is in the system, they may refuse to disclose some information and have the right to revoke their consent to disclose personal information.
Personal participant information that Alfa Disability Services collects. Involves but is not limited to:
Before collecting personal information from participants or their advocates, Alfa Disability Services’ workers must clarify why the information is being collected, exactly how it is being stored and used as well as why Alfa Disability Services requires the information. Alfa Disability Services only gathers the necessary personal information of participants for the protected and adequate provision of services. All private and confidential information must be stored safely.
Alfa Disability Services implements and employs the use of Privacy Statements for participants, their family members, and advocates. The Privacy Statement is a document Alfa Disability Services provides which has information on how Alfa Disability Services abides by all privacy laws whist protecting participants privacy. Workers who are in direct communication with participants or their related personnel must do the following:
➢ Ensure they have signed their own privacy statement annually and it is kept up to date.
➢ Provide written information to participants if requested (such as this Policy and Procedure).
➢ Provide verbal information to participants if requested.
➢ Understand and comply with participants (or their related personnel) communicational requirements, such as overcome any language barriers.
Alfa Disability Services’ workers will support participants if they need to gain access to an interpreter if required. Participants, their family members and advocates are accountable for ensuring the correct use of others personal information, the return of the consent form, respecting peoples wishes not to be captured on camera, and ensuring the communication of accurate information.
Following the information provided in this policy and procedure, Alfa Disability Services’ workers must use a Consent Form to verify and clarify the information stated in this policy and procedure. This consent form indicates whether participants have allowed Alfa Disability Services to hold, retain and use vital information of the participant. This information may include the following; however, is not limited to:
➢ Full Name
➢ Nationality
➢ Date of Birth
➢ Preferences
➢ Personal Goals
➢ Medical Information
➢ Referrals
➢ Case/Progress Notes.
Personal Workers Data
Audits
An NDIS approved quality auditor has the right to request an interview from any participant file that requires assessment. Alfa Disability Services must ensure they are abiding by the standards outlined in the 2018 National Disability Insurance Scheme (Approved Quality Auditors Scheme) Guidelines. This automatically includes participants in the NDIS Practice Standards audits. However, a participant may refuse to participate in audits with a written notice directed to the CEO/Director.
Privacy and Confidentiality
Worker or participant personal information can only be disclosed in order to comply with legislative responsibilities such as mandatory reporting when required by law, to outside associations with the worker or participant’s consent or of the child participants, parents or guardians, with the written consent of the authorised individual, and if emergency medical treatment is required.
If an individual is in a situation where they are unsure about disclosing another’s personal information, they should communicate and discuss with the CEO/Director.
International: Alfa Disability Services is required to ensure that any foreign participants do not violate any Australian Privacy Principles (APPs); this is under the Privacy Act 1988. However, this requirement will not apply if the foreign participant is dependent to legislation or binding system, in which has the power to protect the private and confidential information in an approach significantly equivalent to that delivered by the APPs.
Storage and Access
View Alfa Disability Services’ Records and Information Management Policy and Procedure for additional details on exactly how Alfa Disability Services systems are able to ensure privacy for storing, and protection of private data.
Both the CEO/Director and workers will only access the personal information if it is necessary to fulfil any responsibilities or services for the Alfa Disability Services. All stakeholders can request access to any information regarding themselves. Any participant access or modification demands must be presented to the individual of Alfa Disability Services who is responsible for monitoring the Participant’s personal information. All workers have the same access to or requests for modification as participants.
For any access or correction of information, the CEO/Director should be notified immediately, within two business days. The individual responsible for the acceptance status of information will either accept or reject with reasoning as to why.
A request for access or correction may be rejected as it would have an unwarranted impact on the privacy and confidentiality of other individuals. The request is thoughtless and annoying. It may cause a dangerous threat to any individuals life or wellbeing. All participant requests for access or correction refused by the CEO/ Director must be authorised and documented in the participant’s file. Any workers who have been refused access or correction requests must be approved by the CEO/ Director and recorded in the individual’s file.
Any breaches must be immediately reported to the NDIS Commission by the CEO/Director of Alfa Disability Services. Breaches of information may also affect reporting obligations beyond the Privacy Act 1988, such as:
➢ Government Departments of the Federal, State or Territory
➢ Insurance providers
➢ The Australian Securities and Investment Commission (ASIC)
➢ Australian Reporting and Analysis Centre (AUSTRAC)
➢ Australian Tax Office (ATO)
➢ Australian Prudential Regulation Authority (APRA)
➢ Australian Cyber Security Centre (ACSC)
➢ Australian Digital Health Agency (ADHA)
➢ The financial service sector of Alfa Disability Services
➢ Professional and regulatory organisations
➢ The police or other law prosecution organisations
To ensure that Alfa Disability Services cooperates completely with the Standards:
➢ Assess Alfa Disability Services against Question 13 of the Organisation Compliance Checklist (protective information safety) of the Department of Health and Human Services. On http:/fac.dhhs.vic.gov.au/organisation-compliance-checklist you can find the checklist.
➢ The CEO/ Director will collaborate with the Victorian Government on the implementation of risk-based reporting mechanisms and ensure that Alfa Disability Services takes reasonable steps to protect all Alfa Disability Services participant records.
➢ The CEO/ Director will create an immediate measurement of information security
➢ Subscribe to the’ Stay Smart Online ‘ website at https:/www.staysmartonline.gov.au.
➢ Review Alfa Disability Services’ compliance with the Essential Eight and rectify any identified gaps
➢ This website helps on knowledgeable online behaviour patterns as well as how to respond to internet threats
You can find more details at https:/www.asd.gov.au/cyber