Kurrajong Privacy

Purpose

Kurrajong is committed to protecting your personal information and we agree to comply with the Australian Privacy Principles (APPs) set out in the Commonwealth Privacy Amendment (Enhancing Privacy Protection) Act 2012. This policy sets out the guidelines we will follow when dealing with the information of people with a disability and their families, as well as the information of staff employed by Kurrajong.

Kurrajong will also comply with the NSW Health Records and Information Privacy Act 2002 to protect information about your health and your health records.

Privacy laws and its impact on not-for-profit organisations

The Privacy Act applies to organisations that collect, handle, or use personal information. The impact therefore on Not-For-Profit Organisations is considerable:

  • Not-For-Profit Organisations (such as Kurrajong) in delivering their services collect personal and often sensitive information about people with disability and their families,

  • As an employer, Not-For-Profit Organisations also hold substantial personal information about its staff members, and

  • Not-For-Profit Organisations who rely on fundraising to fund many of their services maintains databases containing the personal information of supporters.

What are the Australian Privacy Principles (APPs)?

The APPs regulate the way that organisations can collect, use, keep, secure and disclose personal information. It also gives individuals the right to know what information an organisation holds about them and a right to request the information provided be corrected if they believe it to be incorrect.

A summary of the 13 APPs can be accessed using the following link: http://www.oaic.gov.au/privacy/privacy-resources/privacy-fact-sheets/other/privacy-fact-sheet-17-australian-privacy-principles

Why does Kurrajong need your personal information?

When you access any of the services available from Kurrajong, information is collected about you. This information may include your:

  • Personal Details - your name, address and date of birth, parents/family members etc.

  • Sensitive Information - your health status, local doctor, medications, lifestyle choices, financial details etc.

  • Personal Information - your likes/dislikes, personal goals etc.

We will make every effort to ensure that your information is kept up-to-date. We appreciate your assistance in telling us when your situation changes.

This collection of your information is necessary for your entry to Kurrajong's services and to enable assessment of the services and supports you need from us.

Collection and use of your information by Kurrajong

We collect your personal information mainly from you, your family, carer or advocate. We may also collect information from other people and organisations you tell us about.

We will ask you to give us your consent to do this by filling in Form 158 Permission to Display Photos and Videos, and Form 159 Authority to Obtain and Release Information.

This information is used primarily so that we can provide you with the various services and supports you tell us you want. We will get your permission before we obtain information from people and organisations outside Kurrajong. The information we collect helps to identify the services and supports that you would like from Kurrajong, and this enables us to effectively match your goals with the services we provide to you.

Any information that is given to us from another person or organisation that will not help us provide services to you will be disregarded and securely destroyed.

We would like to use your information to keep you and your family advised of current information and achievements of Kurrajong services, and to request your assistance and support with our fundraising and lobbying for services. You are able to tell us if you do not want your information used for this purpose by checking a box on Form 159 Authority to Obtain and Release Information.

What information about you will Kurrajong disclose?

The information we collect from you is strictly confidential. Only staff members involved in your programs and the management of the service you use has access to the information you have provided. Sharing of your information within our organisation is strictly on a 'Need to Know' basis.

Security exists to ensure the confidentiality of that information. Any staff member who has access to this information is bound by a duty of confidentiality, has signed the Form 138 Confidentiality Agreement, and has received training in protecting your privacy.

Information may be provided to other health professionals as required as part of our care and services for you. Your permission will be obtained before information is released.

Your information may need to be provided to government agencies to comply with funding agreements.

We are only able to use or disclose your information without your consent if required or authorised by or under an Australian law or a court/tribunal order.

Storage of your information

Your information will be securely stored in locked files and/or on password protected electronic files on Kurrajong's secure servers.

Kurrajong does not use off-shore cloud technology to store authorised electronic information that you have provided us.

Retention and destruction of your information

The length of time that we keep your information depends on the type of information involved and whether you are still using our services eg. childrenÔÇÖs information is required by law to be held by us until the child has reached the age of 25; personnel records are kept for a minimum of 7 years.

All information about you that we are not required to keep or is no longer useful for the provision of services to you will be destroyed by mechanical shredding. See Policy 6.28 Managing the Information of the People we Support for more information.

How can you access your personal information?

You are entitled to access the personal information you have provided to Kurrajong and to request that the information be corrected if it is incorrect.

Contacting us about your personal information

If you have any questions regarding our Privacy Policy or this Statement or you would like to gain access to correct or update your personal information, please contact the Deputy CEO (Privacy Officer) at:

Administration Office
131 Lord Baden Powell Drive
WAGGA WAGGA NSW 2650

(PO BOX 8576 WAGGA WAGGA NSW 2650)

TELEPHONE: (02) 6932 6000

Reference

Commonwealth Privacy Amendment (Enhancing Privacy Protection) Act 2012.

Health Records and Health Information Privacy Principles

Collection

  1. Lawful - only collect your health information for a lawful purpose. It must also relate directly to the agency’s activities.
  2. Relevant - make sure that your health information is relevant, accurate, current and non-excessive.
  3. Direct - collect your health information from only you, unless exemptions apply.
  4. Open - collect your health information from only you, unless exemptions apply.

Storage

  1. Secure - store your health information securely. It should not kept longer than needed, and disposed of properly.

Access and Accuracy

  1. Transparent - provide you with details about the health information they are storing, why and how you can access it.
  2. Accessible - allow you to access your health information in a reasonable timeframe and without being costly.
  3. Correct - allow you to update, correct or amend your health information when needed. (Note: private sector organisations should also refer to s33- 37 of the HRIP Act for further provisions).
  4. Accurate - make sure that your health information is correct and relevant before using it.

Use

  1. Limited - only use your health information for the reason that is was collected, unless exemptions apply.

Disclosure

  1. Limited - only disclose your health information for the reason that is was collected otherwise separate consent is needed from you.

Identifiers and anonymity

  1. Not identified - can only give you an ID number if it is reasonably necessary.
  2. Anonymous - give you the option of receiving information from you anonymously, where practicable.

Transferrals and linkage

  1. Controlled - only transfer health information outside NSW in accordance with the HPP 14.
  2. Authorised - only use health records linkage systems if you have provided consent.

Reference

NSW Health Records and Information Privacy Act 2002

Policy 3.5 Personnel Records

Policy 3.6 Confidential Information

Policy 6.28 Managing Information of the People We Support

Policy 3.9 Grievance Policy

Form 159 Authority to Obtain and Release Information Form 158 Permission to Display Photos and Videos Form 138 Confidentiality Agreement