Privacy
1. Background
True Relationships and Reproductive Health (True) is strongly committed to protecting the privacy of all individuals with whom it interacts or through who use its products and/or services. True collects personal information in order to conduct its business and to meet its legislative obligations. Organisationally, it is bound by legislation in the management of matters relating to the privacy of personal information.
True is committed to treating the personal information we collect in accordance with the Australian Privacy Principles (APP) in the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) (Reform Act). The APP provide a privacy protection framework that supports the rights and obligations of collecting, holding, using, accessing and correcting personal information.
The APP consists of 13 principle-based laws which apply equally to paper-based and digital environments. The APP complements the long-standing True organisational obligation to manage personal information in a regulated, open and transparent manner. This policy does not apply to personal information collected by True that is exempted under the Privacy Act. Read our Policy Statement.
2. Purpose
- To enable transparency of True’s operations according to the Australian Privacy Principles.
- To communicate True’s collection, use and management of personal information (including health information).
- To communicate the circumstances under which True would be required to disclose personal information to third parties.
- To ensure clients and staff of True are comfortable with entrusting their personal information to the organisation.
- To ensure staff compliance with the legislative requirements related to personal information collection, use, security and disclosure.
- To provide public access to True’s Privacy Policy.
3. Scope
Staff, visitors, contractors, members, clients / beneficiaries, donors, online visitors.
4. Abbreviations and Definitions
Australian Privacy Principles (APPs):
The Australian Privacy Principles as per Schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) (Reform Act) as from March 12th 2014.
Cookies:
A "cookie" is a packet of information stored on your computer that allows the FPQ server to identify and interact more effectively with your computer.
Health information:
Information or an opinion about:
- The health or a disability of an individual
- An individual’s expressed wishes about the future provision of health service to him or her
- A health service provided
- Other personal information collected to provide, or in providing a health services
- Other personal information about an individual collected in connection with the donation.
Misuse:
Information held is used for a purpose other than a permitted purpose.
Personal information:
Information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not; and whether the information or opinion is recorded in material form or not, for example:
- A person’s name and address
- Medical records
- Bank account details
- Photographs of an individual
- Videos including CCTV footage
- Information about likes and dislikes
- Place of employment.
Reasonable steps:
Determination of what are considered ‘reasonable steps’ to ensure information security will depend on the circumstances, including the following:
- The nature of the entity holding the personal information i.e. size and business model
- The nature and quantity of personal information held i.e. sensitive information
- The risk to the individuals concerned if the personal information is not secured
- The data handling practices of the entity holding the information
- The ease with which a security measure can be implemented.
Sensitive information:
As defined in Section 6 of the Privacy Act means:
- Personal Information or an opinion about an individual’s:
- Racial or ethnic origin
- Political opinions
- Membership of political associations
- Religious beliefs or affiliations
- Philosophical beliefs
- Memberships of professional / trade associations
- Sexual preferences or practices
- Criminal record;
- Health information about an individual; or
- Genetic information about an individual that is not otherwise health information.
5. Policy Statement
5.1. Open and transparent management of personal information
True, by way of this policy confirms open and transparent management of personal information in accordance with the APP. True will provide employees with training to enable them to understand the importance of good information handling and security practices including their responsibilities with respect to the protection of personal information.
5.2. Anonymity
True will, where lawful and practicable, give individuals the option of not identifying themselves when dealing with True.
5.3. Collection of Personal Information and notification of the collection
True will collect and use personal information (including health information and sensitive information) that is directly related to the functions or activities of the organisation (clinical, education and training settings) or activities carried out in support of its corporate functions such as human resources, business administration, property management and public relations activities.
True will only collect personal information from the individual where there is a legitimate reason to do so. True will collect personal information from another individual when the person has delegated another individual to provide the information on their behalf e.g. next of kin. True staff will take reasonable steps to ensure clients understand:
- what information has been and is being collected
- why the information is being collected, and whether this is due to a legal requirement
- how the information will be used or disclosed
- why and when their consent is necessary
- the procedures for access and correction of information, and responding to complaints of information breaches, including by providing this policy.
Personal information includes “sensitive information”. True will only collect sensitive information that is required for the primary purpose of client care. If sensitive information is required for secondary or unrelated purposes such as data analysis or research, True will always obtain the informed consent of the client.
Personal information may also be collected when an individual:
- completes a course registration form
- seeks support or advice via the telephone or via email or request True contact
- purchases a product
- makes and/or attends a clinical appointment.
5.3.1 Personal health information
True needs information about a client’s past and current health to provide high quality care. This information is called “personal health information”. The clinic staff will need to collect personal information as a provision of clinical services to a client at the practice. Collected personal information will include:
- client name, address and contact details
- Medicare number (where available- for identification and claiming purposes)
- healthcare identifiers
- medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors.
True will only collect information that is relevant to a client’s care. Clients are encouraged to ask the doctor, nurse or educator if they are uncertain about why the information is being collected.
5.3.2 Dealing with Unsolicited Personal Information
True evaluates all unsolicited information it receives to decide if it should be kept, acted on or destroyed.
5.4 Use or disclosure of Personal Information
True will use and disclose information only for the purpose it is given to us, or for purposes related to one of its activities in clinics and education or training settings. True will not disclose an individual’s personal information to a third party unless the person has consented to this release. True will take all reasonable steps to maintain the privacy of all information except as is otherwise required by law if the data is to be used for secondary or unrelated purposes, True will obtain the informed consent of the person.
5.4.1 Use or disclosure of Personal Health Information
Clinical Services will not disclose personal health information to any third party other than in the course of providing medical services, without full disclosure to the client or the recipient, the reason for the information transfer and full consent from the client. Exceptions to disclose without clients consent are where the information is:
- required by law
- necessary to lessen or prevent a serious threat to a client’s life, health or safety or public health or safety, or it is impractical to obtain the client’s consent
- to assist in locating a missing person
- to establish, exercise or defend an equitable claim
- for the purpose of a confidential dispute resolution process.
Personal information will only be used for the purpose of providing medical services and for claims and payments, unless otherwise consented to. True clinicians will inform the client where there is a statutory requirement to disclose certain personal information (for example, some medical conditions require mandatory notification).
5.5 Direct Marketing
True may use personal information to keep clients and customers informed of products, courses and information that may be of interest. Clients and customers may opt-out of direct marketing at any time by notifying True.
5.6 Quality of Personal information
True will take all reasonable steps to make sure that information we collected or disclosed is accurate, complete and up to date.
5.7 Security of Personal Information
The personal information True holds is stored in a secure manner. True and our contracted partner(s) will protect the personal information it holds from misuse, loss, unauthorised access, modification or disclosure. True may store the personal information collected in various forms, including through an electronic medical record system, in which the data is stored in a secure external environment. True will comply with the APPs, and this Privacy Policy, in the storage of personal information.
True use technologies and processes such as access control and network firewalls to protect your privacy. When information is no longer needed it will be destroyed (unless it is required under law to retain the record).
Personal information held by True will be:
- received and stored in a secure location
- accessible by staff on a need to know basis only
- protected from viewing by unauthorised persons
- not taken from True premises unless authorised and for a specific purpose.
5.8 True website and IT system security and privacy
Use of the True website, will not enable personal identification of an individual user and True will not collect personal information unless specifically provided to True through an online transaction. All of this information is used by True for aggregated statistical analyses or systems administration purposes only. No attempt will be made to identify users or their browsing activities, except where required by law.
True uses cookies (see definitions) and other internet technologies to manage its website and online products and services. True may collect non-personal information from an individual browser through its server to aid website management including:
- the type of browser and operating system used to access
- the Internet Service Provider and top level domain name
- the address of any referring web site
- the accessing of a computer's Internet Protocol (IP) address.
5.8.1 Links to other sites
True may create links to third party websites. True are not responsible for the content or privacy practices employed by websites that are linked from our website.
5.8.2 Emails
True’s internet service provider or information technology staff may monitor email traffic for system trouble shooting and maintenance purposes only.
5.9 Access and correction of Personal Information
Information will be made available to an individual who requests their personal information including their medical records. Clients are encouraged to make this request in writing, and True will respond within a reasonable time. Access may be refused if True reasonably believe that:
- the request does not relate to the personal information of the person making the request
- a person’s health, safety and wellbeing may be compromised by releasing the information
- providing access would be unlawful or would prejudice a legal investigation
- the request is frivolous and/or vexatious
- the information relates to an existing or anticipated legal claim between True and the client,
- and the information would not be accessible through the legal discovery process.
True will take reasonable steps to correct personal information where it is clear that the records are not accurate or up to date. If information held by True is incorrect or inaccurate, True will take all reasonable steps to amend or correct the information. From time to time, the clinicians will ask clients to verify the personal information held by the service is correct and up to date. Clients may also make a written request for the staff to correct or update their information.
True will respond in writing to an individual's request to access personal information or to grant access in the manner requested by the individual or a request for correction to personal information is refused, and state the reasons for refusal and the mechanism to complain about the refusal.
5.10 Identifiers
True will adopt its own identifier system in respect of individuals. True will not use or disclose the identifier unless necessary for client care.
5.11 Cross-border disclosure of Personal Information
The Commonwealth Privacy Act limits the flow of information outside Australia. True will not disclose personal information to anyone outside Australia without need and without client consent.
5.12 Breach of personal information
True will respond to a suspected or known breach of personal information including informing an individual(s) of a breach, investigating breaches, identifying causes and correcting deficits and where required notifying other parties.
5.13 Enquires or complaints
Enquiries or complaints regarding this policy or the handling of personal information should be directed to:
Chief Executive Officer
True Relationships & Reproductive Health
Postal address: PO Box 215, Fortitude Valley Q 4006
Street address: 230 Lutwyche Road, Windsor Q 4030
Email: ceo@true.org.au
Tel: 07 3250 0240
6. References
Australian Privacy Principles (APP) guidelines (Privacy Act 1988).
Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cwlth)
APP fact sheets
Further information:
Further general information about your privacy rights and privacy law from the Office of the Australian Information Commissioner can be obtained by:
calling their Privacy Hotline on 1300 363 992
visiting their web site at http://www.oaic.gov.au/
writing to: The Australian Information Commissioner, GPO Box 5218, Sydney NSW 20
True Relationships & Reproductive Health
Privacy policy version 6, July 2016