Privacy Policy

Policy & Procedure: Privacy Policy
Version No: 0004 Effective Date: 29/05/2021 Page 1

PURPOSE: To ensure clients personal information is managed responsibly
and in accordance with the Privacy and Health Acts.

RELEVANT TO: All staff
RELATED FORMS: Personal Information Request

Confidentiality is the assurance that written or spoken information is secure from
unauthorised disclosure.
Privacy is maintained when personal matters are protected from the intrusion or view of
Sensitive information includes information such as health, racial or ethnic background, or
criminal record.

Personal information refers to any information recorded about a client where their identity
is known or could reasonably be worked out. Personal information includes a person’s name,
address, Medicare number and any health information (including opinion) about the client.
Health information is a particular kind of personal information and attracts additional
privacy protection because of its greater sensitivity. Health information includes information
about a person’s health, disability, use of health services, or other personal information
collected from someone when delivering a health service.

Global Humanitarian Aid Services is committed to meeting the organisation’s obligations un
der the Privacy and Health Acts in relation to the privacy of personal information and ensuring
client confidentiality is maintained at all times.
Clients are entitled to expect that information about them will be treated as confidential and
that staff will refrain from voluntary disclosure of any personal information leaned directly or
indirectly, to an unauthorised third party.
On accessing a service/program clients are to be informed:
 of the personal and sensitive information that is collected and stored for the primary
purposes of providing appropriate quality service delivery in a safe and healthy
environment to meet individual requirements, to meet duty of care obligations, and
initiate appropriate referrals;
 that information will be shared within the organisation on a ‘need to know basis’, and
with external agencies with their consent;
 that information may be disclosed as required by law, for example, reporting of assault,
abuse, neglect, where a court order is issued, or in the case of an emergency; and
 that the personal and sensitive information is to remain current and up to date and that,
in accordance with the Freedom of Information Act 1982, clients have the right
Policy & Procedure: Privacy Policy
Version No: 0004 Effective Date: 29/05/2021 Page 1
 to request access to their personal and sensitive information. They can do this by
completing a Personal Information Request form.
Personal information about clients is not only essential for delivering appropriate services,
support and care, it is also necessary for a number of other purposes:
 Assuring and improving the quality of services, support and care in the context of effective
team work.
 Effective administration which includes:
o Managing and planning services
o Auditing
o Risk management, health and safety
o Investigating complaints and potential legal claims
 Training
 Statistical information

As a consequence, client information will be seen and used by Global Humanitarian Aid
Services’s professional staff and Management, where relevant. Where this occurs, client information will be anonymised i.e. unique identifier assigned via Departmental databases.
Global Humanitarian Aid Services recognises that clients may have concerns about their privacy and the confidentiality and security of information collected by the organisation. Global
Humanitarian Aid Services policy aims to provide reassurance to clients that personal information held by the organisation will be protected, with a copy of this policy provided to anyone
who asks for

Staff members are to:
 Ensure that personal and sensitive information collected, stored, and released is as
outlined in this policy and procedure
 Ensure client consent has been obtained where photographs and other media forms are to
be used for promotional materials, and prior to the sharing of information with external
agencies or people
 Share information within the organisation, on a ‘need to know basis’
 Utilise a private room or space to conduct interviews or for conversation of a personal
 Respect the privacy of a client’s personal and sexual relationships, and for their gender
 Be courteous, and mindful of cultural differences
 Ensure that clients are presented in the most positive light whilst participating in
activities both onsite and in the wider community
 Promote client’s rights, remind client’s of these rights, and initiate or facilitate necessary
action as needed
Any disclosure in circumstances other than those outlined in this policy is likely to constitute a
breach of confidentiality and may be regarded as an unauthorised disclosure.
Unauthorised disclosure of personal information is a most serious matter, which may lead to
disciplinary action.
Policy & Procedure: Privacy Policy
Version No: 0004 Effective Date: 29/05/2021 Page 1
Collection of Personal Information
Global Humanitarian Aid Services will only collect personal information that is required and
necessary to
deliver a quality service to the client.
Use & Disclosure of Personal Information
Personal information will only be used or disclosed by Global Humanitarian Aid Services as allowed by legislation. To facilitate Global Humanitarian Aid Services delivering appropriate services and benefits to clients, personal information collected may be shared within the organisa
tion on a ‘need to know basis’, and with external agencies with their consent. Consent where
possible should be given by completing the relevant service/program consent form or in writing. Personal information is not transferred or shared with organisations outside of Australia.
Global Humanitarian Aid Services is required to report to Government funding bodies. Information provided is non-identifiable, and relates to the types of services and support provided,
age, language, and nationality. The reports assist in determining community needs and planning for the future. Your consent is obtained to share information for this purpose.
Information may be disclosed as required by law, for example, reporting of assault, abuse,
neglect, or where a court order is issued.
Where a client is incapable of giving or communicating consent, disclosure may occur if it is
necessary for the provision of appropriate care or treatment to the client; or for
compassionate reasons. The information disclosed is limited to the information that is
reasonable and necessary to achieve either of these two purposes. Disclosure would not occur
if it were contrary to client’s wishes expressed before that client lost the capacity to give or
communicate consent.
A client may withdraw or change the consent for release of information, at anytime, where
possible withdrawing consent by completing the relevant service/program consent form or in
Security of Personal Information
An electronic or hard copy file containing a client’s details and services provided are retained
in a secure location in accordance with legislation.
To prevent any unauthorised access to client information, Global Humanitarian Aid Services
has installed computer and network security, including password protection processes. Hard
copies of any information are stored in locked cabinets/offices and secured storage areas.
Where consent has been received to disclose personal information, information should be
disclosed directly to the intended organisation/professional/individual. Where information is
disclosed by fax, the following precautions should be followed to minimise risks.
 Before sending a fax, ring the intended recipient to confirm their number and alert them of an
incoming fax
 Do not send the information by using a pre-programmed dialled number
 Send only the minimum amount of information necessary
 Always use a fax cover sheet containing your details and a request that you be contacted if the
recipient is not the addressee

Policy & Procedure: Privacy Policy
Version No: 0004 Effective Date: 29/05/2021 Page 1
 Label the fax ‘private’ or ‘confidential’, and mark it for the attention of the addressed recipient
 Ask the recipient to ring to confirm receipt of the message
 Retain a copy of the print transmission report
 Make a note on the original document that it has been faxed
 Disguise identities if necessary and appropriate
There are particular risks to privacy in sending information by email. These include
misdirection due to error in typing the address and the ease of copying, forwarding, amending
or disclosing the information to others. If email is used, care should be taken with the list of
Access to Personal Information
The client and authorised others may seek access to personal information by completing the
Personal Information Request form. Completed forms are to be submitted to the relevant Unit
Manager to verify the person seeking the information has the relevant authority to do so.
The relevant Unit Manager will provide acknowledgement of the request within 14 days of
receipt, advising of any costs involved in processing the request, where relevant. If requested
information is approved for access, the information will be provided within 30 days.
Access will be denied, as outlined in legislation and may include for example:
 The release of such information would pose a threat to life or health of any clients
 A client’s record contains information about another person where to release such
information would have an unreasonable impact on the privacy of that other person
 The request is considered frivolous or vexatious
 Legal proceedings are underway, or where it is anticipated there will be future legal
proceedings, information may be withheld if it is considered that it not be discoverable in
those proceedings. For example, documents subject to legal profession privilege
 Negotiations are under way between the organisation and the client, and access to
information may prejudice negotiations
 Providing access would be unlawful
 Denying access is required or authorised by or under law
 Providing access would be likely to prejudice an investigation of possible unlawful activity
Access to Health Information
When an organisation provides a health service, the Health Privacy Principles (HPPs) apply to
all identifying personal information originally collected by the organisation in the course of
providing that service. All such information is “health information”. Global Humanitarian Aid
Services is referred to in the Act as a “health service provider”.
This will include personal information collected to provide services by:
 medical practitioners (general practitioners);
 dentists;
 mental health providers;
 allied health service providers; o nursing services.

Policy & Procedure: Privacy Policy
Version No: 0004 Effective Date: 29/05/2021 Page 1
Corrections to Personal Information
Under legislation, it is necessary for Global Humanitarian Aid Services to ensure that the personal information collected, used, or disclosed is accurate, complete, and up-to-date.
Where a client believes information is not up-to-date, accurate and complete, the client may
ask to have it amended. Amendments will be attached to the record noting the correct
information, rather than permanently erasing details.
Concerns Regarding Personal Information
For any concerns relating to privacy matters, clients should discuss their concerns with
the relevant Unit Manager. Complaints will be managed in accordance with the
Complaints Management policy & procedure.

Privacy Act (1988)
Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Privacy Amendment Act)
Privacy Regulation 2013
Australian Privacy Principles (APPs)
Information Privacy Act (2000)
Health Records Act (2001) VIC
Freedom of Information Act 1982
Office of the Privacy Commissioner
Tel: 1300 363 992
Health Services Commissioner
Complaints and Information
Telephone: 1300 582 113
Fax No.: (61 3) 9032 3111