Privacy Policy
Purpose & Scope
The purpose of this policy and procedure is to ensure My Supports has consistent processes and practices in place that respect and protect the personal privacy and dignity of all My Supports clients and staff (including board members, contractors, hosts and volunteers).
This Policy supports NDIS Practice Standards: 1. Rights and Responsibilities (Privacy and Dignity) and includes best practice for the collection, management and disposal of private and confidential information.
Policy
My Supports collects, manages and stores personal information to enable the provision of a safe working environment, high quality services and to meet legislative and regulatory requirements. We:
- Are committed to upholding the privacy of all people and will take reasonable steps to protect personal information received from clients and their support network, staff, and other stakeholders
- Recognise that personal information collected is often of a highly sensitive nature, therefore have adopted the highest privacy compliance standards to ensure private and confidential information is protected.
Principles
- Personal information is collected with consent and is used where the information is needed to provide services and meet compliance requirements.
- Information is protected from misuse, loss and unauthorised
- Information not needed by My Supports is destroyed as soon as practicable in a way that complies with all legal and compliance requirements
- Reasonable steps are taken to ensure information is complete, current and
- Personal information is only ever released if required by law, agreed to through the informed consent of the individual or if a person requests to see their own personal file.
- Personal information will not be disclosed to other parties or used for direct marketing without permission
Procedures
How We Collect Information
Where possible, My Supports collect personal and sensitive Information directly from you, however, if necessary, we will collect information through various other means with your consent. We will not collect information unless it is necessary for the functions or activities of My Supports.
There are situations where My Supports may need to obtain personal information about you from a third- party source. If we collect information about you in this way, we will take reasonable steps to discuss this with you and ensure that you are aware of the purpose for which we are collecting your personal information and the organisations to which we may disclose your information, these third parties and arrangements will also be added to the consent section within your Service Agreement.
The Information We Collect
My Supports only collects personal information where the information is reasonably necessary for, or directly related to, one or more of the activities or services we provide. Examples include:
– NDIS participant number
– name – date of birth – gender identity – address – current contact details of family guardian etc – medical records if required |
– personal care needs
– service records and file progress notes – individual personal plans – assessments or reports – guardianship orders – any correspondence related to the support that is provided by My Supports. |
Use and Disclosure of Personal Information
We only use personal information for the purposes for which it is given to us, or for the purposes which are related to one of our functions or activities. Personal information will not be disclosed for marketing purposes.
For the purposes referred to in this Policy we may also disclose your personal information to other external organisations including:
- government departments/agencies who provide funding for My Supports
- contractors who manage some of the services we In such circumstances, steps are taken to ensure that the contactors comply with the Australian Privacy Principles (APPs) when they handle personal information and are only authorised to use Personal Information in order to deliver the services or perform the functions required by My Supports.
- doctors and health care professionals, who assist us to deliver our
- other regulatory bodies, such as Workcover/WorkSafe.
- our professional advisors, including our accountants, auditors and
We will not disclose an individual’s Personal Information to a third party unless one of the following applies:
- There is valid consent
- It is otherwise required or authorised by law
- It will prevent or lessen a serious threat to somebody’s life, health or safety or to the public health or
- It is reasonably necessary for us to take appropriate action in relation to suspected unlawful activity, or misconduct of a serious nature that relates to our functions or activities.
- It is reasonably necessary to assist in locating a missing
- It is reasonably necessary to establish, exercise or defend a claim at
- It is reasonably necessary for a confidential dispute resolution
- It is necessary to provide health
- It is necessary for the management, funding or monitoring of a health service relevant to public health or public safety.
- It is reasonably necessary for the enforcement of a law conducted by an enforcement body; in this case My Supports will make a written note of the disclosure.
- A permitted general situation exists, as defined in s16A of the Privacy Amendment Refer s16B of the Privacy Amendment (Enhancing Personal Privacy) Act 2012.
Security of Personal and Sensitive Information
My Supports takes reasonable steps to protect the personal information and sensitive information we hold against misuse, interference, loss, unauthorised access, modification and disclosure. These steps include:
- Password protection for accessing our electronic IT systems and securing paper files in locked cabinets and applying physical access restrictions
- Only authorised personnel are permitted to access our systems
- When paper files are no longer required, they are destroyed in a secure manner (shredded or destroyed through the archive process, or will be deidentified
- We utilise a Client Record Management System which complies with the relevant sections of the Australian Federal Privacy Act 1988 for the collection, storage and distribution of private and health related information.
- All data is stored within Australia at all times, all data and files are always kept separate from all other Client Record Management System subscribers.
How To Seek Access To/Correct Personal Information
You have a right under the Privacy Act to access personal information held about you. You also have a right under the Privacy Act to request corrections to any personal information that My Supports holds about you if you think the information is inaccurate, out-of-date, incomplete, irrelevant, or misleading.
To correct or update personal information we hold about you, please contact us using the contact form on our website or by phone – 08 9274 7575.
Support to Access Client Records
All My Supports clients and/or their guardians are entitled to access further information on the My Supports Privacy Policy at any time. Alternative formats for information, such as Braille, Large Print, or Easy English, translated materials will be made available upon request.
Additional support and information around client’s privacy rights are available, such as local advocacy services – https://disabilityadvocacyfinder.dss.gov.au/disability/ndap/
Concerns or complaints in relation to client privacy can be reported through the My Support Complaints process or directly to the NDIS Quality and Safeguards Commission on: 1800 035 544 (free call from landlines)
Intellectual Property
My Supports Staff will:
- Not share with any third party any My Supports documents, such as agreements, forms, processes, policies, product, service information, training materials or other, unless consent has been
- Not make any personal use (for own benefit, a third-party benefit or any other reason) any My Supports documents, such as agreements, forms, processes, policies, product, service information, training materials or other, unless authorised.
- All My Supports documents, such as agreements, forms, processes, policies, product, service information, training materials or other, remains the property of My Supports and must be returned to My Supports after use, or termination.
- Not share any log-in or password information with any other staff member or third
- Not demonstrate, show or provide any other information on their client record management system or any other My Supports business or IT system
Implementation and Evaluation
The implementation of this policy is immediate and will be supported by learning and development processes via staff induction, staff training and team meetings.
Additional Info
Definitions
- Confidential information: Information that is given in confidence to another person that is meant to be kept private or secret.
Compliance
- Privacy Act
- Freedom of Information Act
- National Disability Insurance Scheme Act 2013
- NDIS Practice Standards 2020
- NDIS (Provider Registration and Practice Standards) Rules 2018
- NDIS (Quality Indicators) Guidelines 2018
- NDIS Code of Conduct
- NDIS (Incident Management and Reportable Incidents) Rules 2018
- NDIS (Complaints Management and Resolution) Rules 2018