Summary
Humdrum is commited to safeguarding the confidentality of any personal or health information of individuals by:
- Creating procedures that protect privacy with regard to the collection, storage and disclosure of personal information; and,
- Complying with the Australian Privacy Principles and the Privacy Act 1988 (Cth) (the Privacy Act)
Who should read this document?
This Policy applies to the Personal Information of all Humdrum' members, volunteers, employees, clients/beneficiaries, donors, business partners and Online Users collected or held by Humdrum.
The meaning of terms and words used in this document
- Personal Information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
- Health Information is information or an opinion about:
- The physical, mental or psychological health (at any time) of an individual
- A disability (at any time) of an individual
- an individual's expressed wishes about the future provision of health services to him or her
- a health service that is provided or to be provided to an individual;
- other Personal Information collected to provide, or in providing, a Health Service
- other Personal Information about an individual collected in connection with the donation or intended
- donation by the individual of his or her body parts, organs or body substances
- other Personal Information that is genetic information about an individual in a form which is or could be predictive of the health (at any time) of the individual or of any of his or her descendants
- Health Service means an activity performed in relation to an individual that is intended or claimed (expressly or otherwise) by the individual or the person performing it.
- to assess, record, maintain or improve the individual's health; or
- to diagnose the individual's illness or disability; or
- to treat the individual's illness or disability or suspected illness or disability; or
- the dispensing of a prescription drug or medicinal preparation by a pharmacist.
- Sensitive Information means information or an opinion about an individual's;
- racial or ethnic origin;
- political opinion, or membership of a political association;
- religious beliefs or affiliations;
- philosophical beliefs;
- membership of a professional or trade association;
- membership of a trade union;
- sexual preferences or practices;
- criminal record; or
- health, genetic, biometric information or biometric templates
- Online Users refers to anyone who accesses the Humdrum website https://Humdrum.Community
- The website means the Humdrum website: https://Humdrum.Community
- Humdrum is an app-based system that has been developed especially for Humdrum including client information reporting and tracking system. It is intended to allow Humdrum to securely store important information and to report on the care and services HUMDRUM provides to clients across Australia and New Zealand. This system will enable HUMDRUM to better capture and monitor client achievements and outcomes, and to share this information with funding bodies and clients' networks.
What is our aim?
HUMDRUM is a for profit organisation operating throughout Australia. Our innovative support services deliver meaningful outcomes for individuals of all age groups, families and communities, promoting rights and valuing relationships.
HUMDRUM provides services in the Disability sector. HUMDRUM engages volunteers, employees and contractors and holds contracts and receives funding from State and Federal governments to deliver government programs. In providing such services, we comply with the Privacy Act and the Australian Privacy Principles (APPs) and any additional obligations under the contract.
This privacy policy sets out how we comply with our obligations under the Privacy Act. We are bound by the Australian Privacy Principles in the Privacy Act which regulate how organisations may collect, use, disclose and store personal information, and how individuals may access and correct personal information held by them.
Policy Guideline
This privacy policy sets out how we comply with our obligations under the Privacy Act. We are bound by the Australian Privacy Principles in the Privacy Act which regulate how organisations may collect, use, disclose and store personal information, and how individuals may access and correct personal information held by them.
Objectives
- To ensure information is received, recorded, accessed and stored appropriately to maintain confidentiality; To remain compliant with
- the Privacy Act 1988 (Cth) (as amended);
- all other relevant legislation;
- obligations imposed by Government body funding agreements as well as accreditation and licensing standards; and,
- all digital related policies and procedures; and
- any other HUMDRUM Policies and Procedures related to the collection, storage or other use of Personal Information.
- To ensure that all individuals are aware of their rights in regards to privacy and confidentiality and are aware of the means to access or amend private information held about them; and,
- To ensure that any Personal information collected is directly related to Humdrum' service functions or activities.
Guiding Principles
- HUMDRUM believes that individuals and communities have a right to privacy, dignity and confidentiality. This right will be upheld at all times through practices of sharing and providing information in a discrete manner and on a need-to-know basis;
- HUMDRUM will be guided by the Australian Privacy Principles at all times;
- Where HUMDRUM operates databases or information systems (e.g. App database or human resources information systems), the relevant policies and procedures are to be followed for the appropriate use of Personal Information within these systems;
- HUMDRUM aims to create a workplace which is respectful, ethical and professional in all matters pertaining to confidential or private information held about an individual.
Policy Commitments
- HUMDRUM will make available to individuals' information about privacy rights and how to access or amend their personal information;
- HUMDRUM will ensure there is an allocated role as a central contact point for any individual requiring information or wanting to contact HUMDRUM about a privacy matter.
- HUMDRUM will take steps to ensure that in reasonable circumstances the privacy policy is available free of charge and in an appropriate form.
Performance Indicators
- Zero instances of a breach of confidentiality relating to Personal Information, Health Information or Sensitive Information;
- 100% of personnel, contractor, volunteer or carer files to hold a signed confidentiality agreement and a completed privacy checklist (where applicable).
Collection of Personal and Sensitive Information
Personal and/or sensitive information collected by HUMDRUM from clients/beneficiaries, business partners, HUMDRUM people and Online Users is Personal Information and/or Sensitive Information and as such falls under this policy.
HUMDRUM’s services can be accessed on an anonymous basis or using a pseudonym if requested. If this is possible and lawful, we will take all reasonable steps to comply with your request. However, we may not be able to provide the services in ques4on if we are not provided with the Personal Informa4on requested, or it is imprac4cal to deal with individuals who have not iden4fied themselves or use a pseudonym.
The HUMDRUM website may from 4me to 4me contain links to other websites. When an Online User accesses a website that is not HUMDRUM’s website, it may have a different privacy policy.
How we collect information
Where possible, we collect your Personal Information and Sensitive Information directly from you. We collect information through various means. We will not collect information unless it is necessary for the functions or activities of HUMDRUM.
If you do not want to disclose information that we have requested, please raise this with us.
There are situations where we may also obtain Personal Information about you from a third party source. If we collect information about you in this way, we will take reasonable steps to contact you and ensure that you are aware of the purpose for which we are collecting your personal information and the organisations to which we may disclose your information, subject to any exceptions under the Privacy Act.
Health Information
As necessary to administer HUMDRUM services and functions, HUMDRUM may collect Health Information relating solely to the members of the organisation or to individuals who have regular contact with the organisation in connection with its activities. When collecting Health Information from you, as this is Sensitive Information, HUMDRUM will obtain your consent to such collection and explain how this information will be used and disclosed
If Health Information is collected from a third party, HUMDRUM will inform you that this information has been collected and will explain how this information will be used and disclosed.
HUMDRUM will not use Health Information beyond the consent provided by you, unless your further consent is obtained or in accordance with one of the exceptions under the Privacy Act or in compliance with another law. If HUMDRUM uses your Health Information for research or statistical purposes, it will be de-identified if practicable to do so.
Use and Disclosure of Personal Information
We only use Personal Information for the purposes for which it is given to us, or for the purposes which are related to one of our functions or activities. Personal Information will not be disclosed for marketing purposes.
For the purposes referred to in this Privacy Policy (discussed above under "Collection of Personal and Sensitive Information"), we may also disclose your Personal Information to other external organisations including:
- government departments/agencies who provide funding for HUMDRUM services;
- contractors who manage some of the services we offer. In such circumstances, steps are taken to ensure that the contactors comply with the APPs when they handle Personal Information and are only authorised to use Personal Information in order to deliver the services or perform the functions required by HUMDRUM;
- doctors and health care professionals, who assist us to deliver our services;
- other regulatory bodies, such as WorkCover/WorkSafe; and
- our professional advisors, including our accountants, auditors and lawyers.
Except as set out above, HUMDRUM will not disclose an individual's Personal Information to a third party unless one of the following applies:
- the individual has consented;
- the individual would reasonably expect us to use that information for another purpose related to the purpose for which it was collected (or in the case of sensitive information - directly related to the purpose for which it was collected);
- it is otherwise required or authorised by law;
- it will prevent or lessen a serious threat to somebody's life, health or safety or to the public health or safety;
- it is reasonably necessary for us to take appropriate action in relation to suspected unlawful activity, or misconduct of a serious nature that relates to our functions or activities;
- it is reasonably necessary to assist in locating a missing person;
- it is reasonably necessary to establish, exercise or defend a claim at law;
- it is reasonably necessary for a confidential dispute resolution process;
- it is necessary to provide health services;
- it is necessary for the management, funding or monitoring of a health service relevant to public health or public safety;
- it is reasonably necessary for the enforcement of a law conducted by an enforcement body, in this case HUMDRUM will make a written note of the disclosure;
- a permitted general situation exists, as defined in 16A of the Privacy Amendment (Enhancing Personal Privacy) Act 2012; or
- a permitted health situation exists as outlined by s16B of the Privacy Amendment (Enhancing Personal Privacy) Act 2012.
Security of Personal Information and Sensitive Information
HUMDRUM takes reasonable steps to protect the Personal Information and Sensitive Information we hold against misuse, interference, loss, unauthorised access, modification and disclosure.
These steps include password protection for accessing our electronic IT systems, securing paper files in locked cabinets and applying physical access restrictions. Only authorised personnel are permitted to access our systems and controlled premises.
When Personal Information is no longer required, it is destroyed in a secure manner, or will be de-identified.
Access to and correction of personal information
If an individual requests access to the Personal Information we hold about them, or seeks to change that Personal Information, upon this request we will give the individual access, unless:
- the request does not relate to the personal information of the person making the request;
- the request would have an unreasonable impact on the privacy of other individuals
- providing access would pose a serious threat to the life, health or safety of a person or to public health or public safety;
- providing access would create an unreasonable impact on the privacy of others;providing access would create an unreasonable impact on the privacy of others;
- the request is frivolous and vexatious;
- the request relates to existing or anticipated legal proceedings;
- providing access would prejudice negotiations with the individuals making the request;
- access would be unlawful;
- denial of access is authorised or required by law;
- access would prejudice an action in relation to suspected unlawful activity, or misconduct of a serious nature relating to the functions or activities of the HUMDRUM.
- access discloses a 'commercially sensitive' decision making process or information; or
- any other reason that is provided for in the APPs or in the Privacy Act.
Requests for access and/or correction should be made to the Privacy Officer. For security reasons, any requestmust be made in writing with proof of identity. This is necessary to ensure that personal information is provided only to the correct individuals and that the privacy of other persons is preserved
In the first instance, HUMDRUM will assume (unless otherwise informed) that any request relates to current records. These current records will include personal information which is included in HUMDRUM databases and in paper files which may be used on a day to day basis.
We will take all reasonable steps to provide access to the information requested with 14 days of your request. In situations where the request is complicated or requires access to a large volume of information, we willi take all reasonable steps to provide access to the information requested within 30 days.
We will provide access by allowing you to inspect, take notes or print outs of personal information that we hold about you.
HUMDRUM may charge you reasonable fees to reimburse us for the costs we incur relating to your request for access to information, including in relation to photocopying and delivery cost of information stored off site. For current fees, please contact the relevant staff member.
If we deny access to information, we will set out our reasons for denying access in writing. Where there is a dispute about the right to access information or forms of access, this will be dealt with in accordance with the HUMDRUM complaints procedure. More information about this process can be obtained from the Privacy Officer.
If an individual is able to establish that personal information HUMDRUM holds about her/him is not accurate, complete or up to date, HUMDRUM will take reasonable steps to correct our records unless it is impracticable or unlawful to do so. In the event a request for change is refused HUMDRUM will set out, in writing, the reasons for refusal and the mechanism by which you can complain. We will not charge an individual for making the request or correcting the information