Introduction
Curtin Heritage Living collects, uses, holds, and discloses personal and sensitive information about key stakeholders, including:
- Our clients;
- Prospective clients;
- Client representatives;
- Team members (including volunteers and students);
- Employee candidates;
- Suppliers and contractors; and
- The organisation.
It is essential that the collection, use, disclosure, storage, and disposal of personal information of our stakeholders is consistent with our legislative obligations, obligations to funding bodies and community expectations.
Any misuse, loss, interference, unauthorised access, modification, or unauthorised disclosure of private information is considered a breach of privacy.
Private and Sensitive Information
Private information has the meaning of the Privacy Act as ‘information or an opinion about an identified individual, or an individual who is reasonably identifiable’. This might include a person’s name and address, signature, medical records, bank account details, photos, videos and even information about what an individual likes and dislikes, their opinions and where they work.
Sensitive information refers to additional personal information that includes details about an individual’s racial or ethnic origin, political opinions, membership of political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record, or health information. Sensitive information is an important subset of personal information and is generally afforded a higher level of privacy protection than is afforded to other personal information.
Maintaining Privacy
Our organisation and our people protect personal and sensitive information by:
- Ensuring that stakeholders are aware of our privacy procedures by publishing the Privacy Statement in the:
- Client Agreement and Handbook;
- Employee Agreement and Handbook;
- Volunteer Agreement and Handbook;
- Supplier Agreement and Handbook;
- Health Practitioner Agreement; and
- Curtin Heritage Living website.
- The Privacy Statement includes details around:
- Why their personal information needs to be collected;
- How their personal information will be used;
- Who will have access to their personal information;
- That they may access information held about them; and
- The likely consequences of failing to provide the
- Ensuring that clients, or their legal representative, consent to the use and disclosure of private information in the Client Agreement.
- Maintaining professional relationships with clients, visitors, and team members.
- Respecting the confidentiality of all information that is collected and held.
- Limiting access to private information only to those who are authorised to use that information and only discussing client information with other team members who require that information to fulfil their own responsibilities.
- Identifying who is the legal next of kin for the client and only providing personal information to those parties.
- Physically protecting equipment and paper documents containing personal information in accordance with the Document Access, Storage and Archiving Procedure
- Restricting access to electronic records in accordance with the Document Access, Storage and Archiving Procedure.
- Participating in training on privacy and confidentiality.
Maintaining Privacy and Dignity in Activities of Daily Living
Clients have a fundamental right to privacy in their daily lives. This will, in part, be achieved by:
- Respecting the fundamental rights of clients in regard to choice, independence and privacy in accordance the Charter of Aged Care Rights;
- Ensuring dignity is always maintained when assisting individuals with activities of daily living;
- Providing private spaces where an individual can live and socialise;
- Knocking on the client’s door prior to entering, and if appropriate, waiting to be asked to enter the client’s room;
- Only conducting personal care in private spaces (where possible) and closing the door of the client’s room when attending to personal care;
- Always speaking to the client in a respectful manner and acting in a socially responsible manner when around clients, visitors, and team members;
- Not accessing client’s personal belongings without the permission of the client or family member.
Collecting Information
Clients, or their representatives, will be asked on entry to the service their personal wishes regarding name of choice and requests for privacy. These preferences will be documented in assessments and communicated to staff via the care plan.
We only collect and hold personal information about an individual that is necessary for business functions, activities and the provision of services and advice related to that individual.
The information collated about clients, client representatives and visitors is detailed in the Privacy Statement.
We will also collate information about prospective team members, including:
- Name and date of birth;
- Contact details (including emergency contacts);
- Qualifications, skills, and work experiences;
- Right to work information, including police clearances, declarations relating to previous convictions and immigration status;
- Previous and current illnesses, incidents and medical history that may impact a persons’ ability to undertake their duties;
- Work duties and performance;
- Details relevant to payroll including banking details, your pension entitlements and arrangements, superannuation details and taxation details.
- Records of your interactions with us, including emails, letters, notes and in some cases, video, photographic or voice recordings.
Personal information will usually be collected directly from the individual (or their personal representative), medical or health practitioners, referrers, and the government. We will only collect private information from those who are legally permitted to share that information.
Entering our Homes
Any client, team member, contractor or visitor entering our homes may be required by law to provide personal information regarding their health, vaccination status, recent travel details and details regarding social contacts.
Curtin Heritage Living uses electronic systems to capture and store this information.
The organisation also uses camera technology, including CCTV, photography, and facial recognition systems to identify people and, in some cases, monitor clients at risk of harm. This footage is stored for analysis and recall.
Cameras are in all external areas and common internal areas of our homes. They are also installed in individual client rooms.
We will always seek approval from individual clients, or their legal representatives should this technology be used within the client’s own room but will not seek individual approval for the use of this technology in common internal and external areas of our homes.
It is a condition of entry, or of employment, that people entering or working in our homes acknowledge that surveillance systems are in use and that both still and video images of individuals will be captured and stored.
All surveillance footage is stored securely, and access is limited only to authorised personnel.
The Storage and Protection of Private Information:
Curtin Heritage Living will record and update information about stakeholders in hard copy and electronic form. We will store this information securely in accordance with the Document Access, Storage and Archiving Information Procedure.
The Provision of Private Information to Third Parties:
Curtin Heritage Living will only use or disclose available information for the purpose that:
- It was originally collected and made known to the individual;
- The individual would reasonably expect;
- Is required or permitted by any law; or
- Is otherwise authorised by the
Curtin Heritage Living works closely with other agencies and contractors who help us facilitate and coordinate services and may give private information to:
- government departments and agencies who provide us with funding or who are legally permitted to make enquiries around clients or staff;
- emergency services (including ambulance, police, fire brigade) who may be called upon to assist during the delivery services;
- assessment bodies;
- other contracted organisations and businesses who may be called upon to assist us to plan, promote and deliver our services; and
- any persons acting on our behalf, including professional advisors.
Where Curtin Heritage Living provides your information to other agencies we will ensure they hold privacy standards equivalent to our own. Curtin Heritage Living will not provide your information to any other organisation for the purposes of that organisation’s direct marketing.
Direct Marketing:
From time to time, we may contact clients and their representatives to provide them with information about our services and other business partners that may be of interest to them.
When clients join the Curtin Heritage Living Community, they are asked to consent to us using their personal information for direct marketing purposes (as described in this document). Clients can withdraw their consent at any stage.
Access to, and Correction of Personal Information
Clients may request access to their own personal information that is held by us. This information will be corrected upon request and with documented confirmation that the personal information held is not accurate, complete, or up to date.
All requests from a client to view or receive a verified copy of the personal information held by us must be forwarded to the Managing Director. Team members are not permitted to provide information without the consent of the Managing Director.
In limited circumstances, we may not allow a client access to their personal information or may decline requests to correct some of the personal information held. If this occurs, we will provide an explanation in writing. Examples of when we may decline access to personal information is if:
- Access will pose a threat to the life or health of someone;
- Access would have an unreasonable impact on another person’s privacy;
- Information relates to anticipated or existing legal proceedings;
- The request is frivolous or vexatious;
- Giving access would be unlawful;
- Denial of access is authorised or required by law;
- Access discloses a ‘commercially sensitive’ decision making process or information; or
- There is another legal requirement for denying access, such as those specified in the Australian Privacy
Anonymity and Pseudonymity
Where practical and on request, we will provide people with the option of remaining anonymous or using a pseudonym when dealing with us, such as when making initial enquires into our operations and the services provided.
Operational and legal obligations require that individuals identify themselves to us once contractual discussions commence or if the lack of personal information restricts the ability for us to administer and/or manage an individual’s service. We will advise the client if failure to provide personal information may jeopardise the delivery services.
Dealing with Unsolicited Personal Information
Unsolicited information is the personal information received without Curtin Heritage Living taking any active steps to collect it.
We may retain unsolicited personal information and manage it in accordance with this policy if it can be determined that the unsolicited personal information:
- Could have been collected; or
- Is contained in a Commonwealth record.
If the above cannot be determined, we will destroy or de-identify the unsolicited personal information as soon as practicable, if it is lawful and reasonable to do so. We will not pass on unsolicited personal information received without the prior consent of the sender.
Release of Images for Marketing Purposes
We will obtain an individual’s express consent before using or publishing any image or recording of that individual for marketing purposes.
Adoption, Use or Disclosure of Government Related Identifiers
We will not use any personal identifiers issued by a state or Commonwealth agency (e.g., Medicare number or tax file number) as a means of identification within our organisation’s records systems. We will only use or disclose that identifier as required or permitted by law.
Where necessary, personal information or a unique code will be used to identify external contacts of our organisation. This unique code will never be a personal identifier issued by a state or Commonwealth agency.
Privacy or Data Breaches
Possible breaches in privacy will be managed in accordance with the Data Breach Procedure.
Team members are required to report possible breaches in privacy, including:
- Lost or stolen computer/data storage device, or paper records containing personal information;
- Hard disk drives and other digital storage media (integrated in other devices, for example, multifunction printers, or otherwise) being disposed of or returned to equipment lessors without the contents first being erased;
- Databases containing personal information being ‘hacked’ into or otherwise illegally accessed by individuals outside of the organisation;
- Employees accessing or disclosing personal information outside the requirements or authorisation of their employment;
- Mistakenly providing personal information to the wrong person, for example by sending details out to the wrong address;
- Improperly releasing the personal information of another person; or
- A team member becoming aware of another employee sharing confidential information with unauthorised or inappropriate parties.
If an Individual has a Complaint About Privacy
An individual may make a complaint if they believe that there has been a breach of privacy or if they do not agree with a decision made by us regarding access to their personal information.
Complaints can be made either verbally or in writing and we will endeavour to resolve the complaint by following the Continuous Improvement Procedure.
If an individual is not satisfied with Curtin Heritage Living’s decision regarding a complaint relating to privacy, a formal written complaint can be directed to the Australian Information Commissioner at:
Post:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992 (TTY: 133 677 then ask for 1300 363 992)
Email: enquiries@oaic.gov.au
Newsletter
Join our mailing list to get the latest news and updates.
Need help?
Our Resident Liaison is available to answer any queries you may have about our living options and services.