True Relationships and Reproductive Health (True) is strongly committed to protecting the privacy of all individuals with whom it interacts or through who use its products and/or services. True collects personal information in order to conduct its business and to meet its legislative obligations. Organisationally it is bound by legislation in the management of matters relating to the privacy of personal information.
True is committed to treating the personal information we collect in accordance with the Australian Privacy Principles (APP) in the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) (Reform Act). The APP provide a privacy protection framework that supports the rights and obligations of collecting, holding, using, accessing and correcting personal information.
The APP consists of 13 principle-based laws which apply equally to paper-based and digital environments. The APP complements the long-standing True organisational obligation to manage personal information in a regulated, open and transparent manner. This policy does not apply to personal information collected by True that is exempted under the Privacy Act.
To enable transparency of True’s operations according to the Australian Privacy Principles.
To communicate True’s collection, use and management of personal information (including health information).
To communicate the circumstances under which True would be required to disclose personal information to third parties.
To ensure clients and staff of True are comfortable with entrusting their personal information to the organisation.
To ensure staff compliance with the legislative requirements related to personal information collection, use, security and disclosure.
Staff, visitors, contractors, members, clients / beneficiaries, donors, online visitors.
4. Abbreviations and Definitions
Australian Privacy Principles (APPs):
The Australian Privacy Principles as per Schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) (Reform Act) as from March 12th 2014.
A "cookie" is a packet of information stored on your computer that allows the FPQ server to identify and interact more effectively with your computer.
Information or an opinion about:
The health or a disability of an individual
An individual’s expressed wishes about the future provision of health service to him or her
A health service provided
Other personal information collected to provide, or in providing a health services
Other personal information about an individual collected in connection with the donation.
Information held is used for a purpose other than a permitted purpose.
Information or an opinion about an identified individual, or an individual who is reasonably
identifiable, whether the information or opinion is true or not; and whether the information or opinion is recorded in material form or not, for example:
A person’s name and address
Bank account details
Photographs of an individual
Videos including CCTV footage
Information about likes and dislikes
Place of employment.
Determination of what are considered ‘reasonable steps’ to ensure information security will depend on the circumstances, including the following:
The nature of the entity holding the personal information i.e. size and business model
The nature and quantity of personal information held i.e. sensitive information
The risk to the individuals concerned if the personal information is not secured
The data handling practices of the entity holding the information
The ease with which a security measure can be implemented.
As defined in Section 6 of the Privacy Act means:
Personal Information or an opinion about an individual’s:
Racial or ethnic origin
Membership of political associations
Religious beliefs or affiliations
Memberships of professional / trade associations
Sexual preferences or practices
Health information about an individual; or
Genetic information about an individual that is not otherwise health information.
5. Policy Statement
5.1. Open and transparent management of personal information
True, by way of this policy confirms open and transparent management of personal information in accordance with the APP. True will provide employees with training to enable them to understand the importance of good information handling and security practices including their responsibilities with respect to the protection of personal information.
True will, where lawful and practicable, give individuals the option of not identifying themselves when dealing with True.
5.3. Collection of Personal Information and notification of the collection
True will collect and use personal information (including health information and sensitive information) that is directly related to the functions or activities of the organisation (clinical, education and training settings) or activities carried out in support of its corporate functions such as human resources, business administration, property management and public relations activities.
True will only collect personal information from the individual where there is a legitimate reason to do so. True will collect personal information from another individual when the person has delegated another individual to provide the information on their behalf e.g. next of kin. True staff will take reasonable steps to ensure clients understand:
what information has been and is being collected
why the information is being collected, and whether this is due to a legal requirement
how the information will be used or disclosed
why and when their consent is necessary
the procedures for access and correction of information, and responding to complaints of information breaches, including by providing this policy.
Personal information includes “sensitive information”. True will only collect sensitive information that is required for the primary purpose of client care. If sensitive information is required for secondary or unrelated purposes such as data analysis or research, True will always obtain the informed consent of the client.
Personal information may also be collected when an individual:
completes a course registration form
seeks support or advice via the telephone or via email or request True contact
purchases a product
makes and/or attends a clinical appointment.
5.3.1 Personal health information
True needs information about a client’s past and current health to provide high quality care. This information is called “personal health information”. The clinic staff will need to collect personal information as a provision of clinical services to a client at the practice. Collected personal information will include:
client name, address and contact details
Medicare number (where available- for identification and claiming purposes)
medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors.
True will only collect information that is relevant to a client’s care. Clients are encouraged to ask the doctor, nurse or educator if they are uncertain about why the information is being collected.
5.3.2 Dealing with Unsolicited Personal Information
True evaluates all unsolicited information it receives to decide if it should be kept, acted on or destroyed.
5.4 Use or disclosure of Personal Information
True will use and disclose information only for the purpose it is given to us, or for purposes related to one of its activities in clinics and education or training settings. True will not disclose an individual’s personal information to a third party unless the person has consented to this release. True will take all reasonable steps to maintain the privacy of all information except as is otherwise required by law if the data is to be used for secondary or unrelated purposes, True will obtain the informed consent of the person.
5.4.1 Use or disclosure of Personal Health Information
Clinical Services will not disclose personal health information to any third party other than in the course of providing medical services, without full disclosure to the client or the recipient, the reason for the information transfer and full consent from the client. Exceptions to disclose without clients consent are where the information is:
required by law
necessary to lessen or prevent a serious threat to a client’s life, health or safety or public health or safety, or it is impractical to obtain the client’s consent
to assist in locating a missing person
to establish, exercise or defend an equitable claim
for the purpose of a confidential dispute resolution process.
Personal information will only be used for the purpose of providing medical services and for claims and payments, unless otherwise consented to. True clinicians will inform the client where there is a statutory requirement to disclose certain personal information (for example, some medical conditions require mandatory notification).
5.5 Direct Marketing
True may use personal information to keep clients and customers informed of products, courses and information that may be of interest. Clients and customers may opt-out of direct marketing at any time by notifying True.
5.6 Quality of Personal information
True will take all reasonable steps to make sure that information we collected or disclosed is accurate, complete and up to date.
5.7 Security of Personal Information
True use technologies and processes such as access control and network firewalls to protect your privacy. When information is no longer needed it will be destroyed (unless it is required under law to retain the record).
Personal information held by True will be:
received and stored in a secure location
accessible by staff on a need to know basis only
protected from viewing by unauthorised persons
not taken from True premises unless authorised and for a specific purpose.
5.8 True website and IT system security and privacy
Use of the True website, will not enable personal identification of an individual user and True will not collect personal information unless specifically provided to True through an online transaction. All of this information is used by True for aggregated statistical analyses or systems administration purposes only. No attempt will be made to identify users or their browsing activities, except where required by law.
the type of browser and operating system used to access
the Internet Service Provider and top level domain name
the address of any referring web site
the accessing of a computer's Internet Protocol (IP) address.
5.8.1 Links to other sites
True may create links to third party websites. True are not responsible for the content or privacy practices employed by websites that are linked from our website.
True’s internet service provider or information technology staff may monitor email traffic for system trouble shooting and maintenance purposes only.
5.9 Access and correction of Personal Information
Information will be made available to an individual who requests their personal information including their medical records. Clients are encouraged to make this request in writing, and True will respond within a reasonable time. Access may be refused if True reasonably believe that:
the request does not relate to the personal information of the person making the request
a person’s health, safety and wellbeing may be compromised by releasing the information
providing access would be unlawful or would prejudice a legal investigation
the request is frivolous and/or vexatious
the information relates to an existing or anticipated legal claim between True and the client,
and the information would not be accessible through the legal discovery process.
True will take reasonable steps to correct personal information where it is clear that the records are not accurate or up to date. If information held by True is incorrect or inaccurate, True will take all reasonable steps to amend or correct the information. From time to time, the clinicians will ask clients to verify the personal information held by the service is correct and up to date. Clients may also make a written request for the staff to correct or update their information.
True will respond in writing to an individual's request to access personal information or to grant access in the manner requested by the individual or a request for correction to personal information is refused, and state the reasons for refusal and the mechanism to complain about the refusal.
True will adopt its own identifier system in respect of individuals. True will not use or disclose the identifier unless necessary for client care.
5.11 Cross-border disclosure of Personal Information
The Commonwealth Privacy Act limits the flow of information outside Australia. True will not disclose personal information to anyone outside Australia without need and without client consent.
5.12 Breach of personal information
True will respond to a suspected or known breach of personal information including informing an individual(s) of a breach, investigating breaches, identifying causes and correcting deficits and where required notifying other parties.
5.13 Enquires or complaints
Enquiries or complaints regarding this policy or the handling of personal information should be directed to:
Chief Executive Officer
True Relationships & Reproductive Health
Postal address: PO Box 215, Fortitude Valley Q 4006
Street address: 230 Lutwyche Road, Windsor Q 4030
Tel: 07 3250 0240
Australian Privacy Principles (APP) guidelines (Privacy Act 1988).
Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cwlth)
APP fact sheets
Further information on privacy
Further general information about your privacy rights and privacy law from the Office of the Australian Information Commissioner can be obtained by:
calling their Privacy Hotline on 1300 363 992
visiting their web site at http://www.oaic.gov.au/
writing to: The Australian Information Commissioner, GPO Box 5218, Sydney NSW 20
True Relationships & Reproductive Health