Privacy, Dignity & Confidentiality Policy

Scope

This policy applies across the work undertaken by Brain Injury SA (BISA), the staff involved in delivering that work, the information gathered and shared in service provision and the exchange of any information outside of the organisation.

Policy Statement

Dignity of people receiving services from Brain Injury SA is maintained through the respect contained in all communication, information collection and storage undertaken by BISA and in placement of the individual in the driving seat of all decision making regarding their service provision. In support of maintaining and protecting the dignity of all its participants, BISA has identified the following values to which all staff and volunteers commit in their service provision:

Empathy – we work humbly alongside our participants with appreciation of their viewpoint and their ownership of their lives
Respect – we listen to understand, give value to the choices of participants and create dignity in the provision and receipt of assistance
Empowerment – we engage our participants in addressing the needs they define, encouraging, supporting and growing their confidence to drive the changes they seek
Transparency/Accountability – we are committed to creating trust in our service provision through honesty, transparency and inclusion in decision making and integrity in our practices
Drive – we strive to work efficiently with clarity on objectives, and positive impact for our participants
Collaboration – we recognise that working together and with others achieves more than working alone

Brain Injury SA collects and administers a range of personal information for the purposes of service provision. Brain Injury SA has legal and ethical responsibilities in relation to obtaining, recording, storing, releasing and disposing of private information of the people who access the service. Brain Injury SA is committed to protecting the privacy of personal information it collects, holds and administers in line with legislative requirements and out of respect for the individual involved.

Implementation

Applicable regulation

Directive: BISA is required under the Privacy Act of 1988 to manage personal information regarding individuals according to the Australian Privacy Principles. It is recognised that much of the information held by BISA regarding individuals would be regarded as sensitive under the Australian Privacy Principles and therefore requiring a higher standard of control in its management.

Privacy principles

Directive: The privacy principles address issues of information:

Collection

use and disclosure
quality and security
openness
access and correction
identifiers
anonymity
cross border(beyond Australia) data flow
sensitive information.

Guidance in applying the Australian Privacy Principles to information management is given to staff through this policy and the Privacy and Confidentiality Procedure. Organisational compliance with the legislative requirements is undertaken through staff training and internal auditing processes.

Information Collected

Directive: BISA may request a range of information from service participants to ensure we offer the best possible service. The types of personal information collected and it depends on the requirements of each program. Personal information is any information that can be used to identify a person, and will generally include:

name and date of birth
contact details, including name, address, telephone number and email address
financial information, if the person is paying for a product or service
employment information
health information, including, physical or mental health, disabilities or health services received

We do not collect or disclose any sensitive information, such as information about political opinions or membership, religious or philosophical beliefs, trade association or union membership, sexual orientation or practices or criminal record, unless:

the individual has consented (e.g.: DCSI clearance), or details are required to provide effective service to customers, or
it is necessary to prevent a serious and imminent threat to the life or health of a person, or
it is required or permitted by law (e.g.: mandatory notification of a child at risk, court subpoena)

Information Collection

Directive: Personal information is collected directly from the participant, where reasonable and practicable to do so. In addition to collecting personal information directly, we may also obtain personal information from family members, guardians and carers, or other third parties such as medical specialists, hospitals and rehabilitation services only with the written or express consent of the participant. This information will only be collected in order to ensure we provide the safest and most effective service to the participant.

We will take all reasonable steps to ensure that personal information which we collect, use or disclose is accurate, complete, relevant and up to date.

Information Storage and security

Directive: Information is stored in hard copy files which are kept in locked filing cabinets. Increasingly, information is stored electronically in a secure network drive which is password protected. No one outside of Brain Injury SA has access to this information. Any staff who have access to Brain Injury SA’s files have relevant and prescribed security clearances and sign confidentiality agreements with the organisation. All staff are trained on privacy and confidentiality and are aware of their obligations.

Information Usage

Directive: Information is sought for the following reasons:

To provide a quality service
To understand the individual needs of each participant
To promote safety of the individual and staff
As required by funding agreements
To keep legal records of the services provided to participants

Information Disclosure

Directive: BISA is required to release non – identifying information about clients (without identifying them by full name or address), to governments and other funding bodies to enable statistics about disability services and their clients to be compiled and in line with any government contractual obligations.

Other contracts such as individual service agreements under NDIS will require that personal information is shared in order for the participant’s funding to be utilised.

The collection and use of personal information will be explained to participants when they commence a service with Brain Injury SA.

Information Access for Participants

Directive: Participants have the right to view the information kept on their personal record and may request this by contacting the Chief Executive Officer. The individual’s identity will need to be verified before an access request can proceed. Access is generally allowed except in limited circumstances where we are required or permitted by law to refuse access (including where a treating medical practitioner agrees that access would prejudice the individual’s physical or mental health or put another person at harm). Requested and available information will be provided within four weeks of the request.

A reasonable fee may be charged for providing access to cover photocopying and administrative expenses. Access may be provided by hard copy or by providing individuals with the opportunity to view their electronic file.

Notifiable data breaches

Directive: BISA as an organisation holds obligations under the Notifiable Data Breaches (NDB) scheme in Australia. The scheme mandates that BISA notify all individuals whose personal information is involved in a data breach, if the breach is likely to result in serious harm to them. This is defined as an “eligible” data breach. A data breach has occurred when there is unauthorised access, disclosure, or loss of personal information.

Under the NDB scheme, notification must include recommendations about the steps individuals should take in response to the breach and requires the Australian Information Commissioner (Commissioner) be notified of eligible data breaches.

BISA responds to an eligible data breach through the Mandatory Data Breach Notification procedure (PR IT2.2) and its supporting policy (IT2 Mandatory Data Breach Management), outlining action to be taken.

Privacy complaints

Directive: Complaints regarding the handling of personal information are dealt with under Brain Injury SA’s Complaints Policy and Procedure which outlines the process for addressing complaints within the organisation. It also includes the opportunity for referrals to external complaints bodies as an additional avenue if the complaint cannot be resolved internally.

Unresolved matters regarding privacy issues will be referred to the Privacy Commissioner (Commonwealth Government Office of the Privacy Commissioner) via telephone on 1300 363 992 or via the website www.privacy.gov.au.

Information Sharing Guidelines for Promoting safety and wellbeing (ISG)

Directive: Information Sharing Guidelines outline the process for sharing information without consent in limited circumstances where doing so will:

divert a person from offending or harming themselves
protect a person or groups of people from potential harm, abuse or neglect
protect service providers in situations of danger
help service providers more effectively address risks to safety and wellbeing
alert other service providers to an individual’s need for assistance

The state government has authorised the ISG, directing that the guidelines be implemented throughout the public sector and by relevant non-government organisations. By sharing information and collaborating in the planning and delivery of services, efforts to keep vulnerable people safe from harm can happen earlier and more effectively.

Reference

Legislation:

Privacy Act 1988
Information Privacy Act 2009
Volunteers Protection Act (2001)

Guidelines:

Information Sharing Guidelines for promoting safety and wellbeing – Department of the Premier and Cabinet 2013

Policy:

POL IT2 Mandatory Data Breach Management

Procedures:

PR CS2.1 Maintaining Privacy, Dignity and Confidentiality Procedure
PR IT2.2 Mandatory Data Breach Notification Procedure

Forms:

FOR CS2.1.1 Consent
FOR CS2.1.2 Authorisation to Obtain or Exchange Information

Resource Sheets:

Nil Currently

Learn more about Brain Injury SA (BISA) and what we are all about

Website Maintenance:

Explore the full range of Services we have to offer

Website Maintenance:

Be Well Plan – Starts 16 Feb: Northern Hub

Probiotic Workshop: 8, 15, 22 February

Reconnect Transition Program (RTP): Starts 3 February – 14 April

Yoga & Mindfulness Meditation, Every Monday, Starts 24 Oct:

Working with Acquired Brain Injury (ABI)

youth Reconnect Transition Program (yRTP): Starts 21 Oct

Be Well Plan – Starts 26 Oct: Southern Hub

Support us by volunteering, donating or getting involved!

Website Maintenance:

Current Vacancies

Website Maintenance:

Work with the Team at Brain Injury SA – BU

BISA News August Edition

BIAW Lunch & Learn Series

Website Maintenance:

2024 Brain Injury SA Award

Watch the REPLAY!

Brain Injury Awareness Week Event 2023

2023 Brain Injury SA Award

Check out the latest news and upcoming dates – connect with us on social media

Get in touch with our friendly staff

Scope

Policy Statement

Implementation

Applicable regulation

Privacy principles

Collection

Information Collected

Information Collection

Information Storage and security

Information Usage

Information Disclosure

Information Access for Participants

Notifiable data breaches

Privacy complaints

Information Sharing Guidelines for Promoting safety and wellbeing (ISG)

Reference

Share this Page on Social Media

Find the information you want:

Need help or support?