The purpose of this policy and procedure is to:
- ensure personal information is managed in an open and transparent way;
- protect the privacy of personal information including health information of clients, care recipients and workers;
- provide for the fair collection and handling of personal information;
- ensure that personal information we collect is used and disclosed for legally permitted purposes only;
- regulate the access to and correction of personal information; and
- ensure the confidentiality of personal information through appropriate storage and security.
Workers this policy applies to
- “The Company”- Regis Healthcare Limited (ACN 125 203 054) together with its subsidiaries including Regis Aged Care Pty Ltd (ACN 125 223 645) (together, we, us, our)
- all Regis workers (including employees, labour hire employees, contractors, agency, students and volunteers).
Your rights in relation to privacy
The Company understands the importance of protecting the privacy of an individual’s personal information (including sensitive information). This policy sets out how we aim to protect the privacy of your personal information, your rights in relation to your personal information managed by us and the way we collect, use and disclose your personal information.
‘You’ or ‘Your’ in this policy refers to the person or entity that is using our services, engaging with our services (including candidates) or visiting our website.
What kinds of personal information do we collect?
Personal information which is any information that identifies an individual or any information from which an individual’s identity could reasonably be ascertained.
Sensitive information (a sub-set of personal information) which includes information or an opinion about race or ethnic origin, political beliefs, religious beliefs or affiliations, sexual orientation, criminal record, health information and genetic information.
We may collect your personal information, including sensitive information:
- If you make an enquiry regarding our services;
- If you access our website;
- During the recruitment process;
- During provision of our services.; and
- During the discharge process.
We generally collect five kinds of information:
- personal information provided by you, including your name, address, telephone number and email address;
- sensitive information comprising health and financial information including both personally identifiable information and aggregated statistical information:
- when assessing your application to receive our services; and
- in the event that you enter our care as a care recipient;
- government identifiers such as Medicare, Pension or Veteran’s Affairs numbers;
- information that we obtain about you in the course of your interaction with our website including your internet protocol (IP) address, the date and time of your visit to our website, the pages you have accessed, the links on which you have clicked and the type of browser that you were using; and
- aggregated statistical data which is information relating to your use of our website and our services, such as traffic flow and demographics.
How do we collect personal information?
Personal information (including sensitive information), may be collected from:
- a client or care recipient;
- any person or organisation that assesses health status or care requirements, for example the Aged Care Assessment Team;
- the health practitioner of a client or care recipient;
- other health providers or facilities;
- family members, a responsible person or significant persons of a client or care recipient; and
- a legal advisor of a client or care recipient.
We will collect personal information directly from you unless:
- we have your consent to collect the information from someone else; or
- we are required or authorised by law to collect the information from someone else; or
- it is unreasonable or impractical to do so.
Once you have provided your consent, you are able to withdraw it at any time by contacting us. However please understand that by withdrawing your consent, we may not be able to provide you with the services you require.
Why do we need your personal information?
Where applicable, we may use your personal information:
- To assess your application to receive our aged care services, or in response to enquiries about our services in order to communicate with you in relation to those services;
- To provide and manage the delivery of aged care services to you;
- To enable allied health care providers and medical practitioners to provide care and services to you;
- To enable us to obtain the correct level of government funding in relation to your care;
- To complete our quality, monitoring and assurance processes;
- To enable contact with a nominated person regarding your health status or relevant updates to your service;
- If you are the nominated contact person for a care recipient, in order to provide updates in relation to care and services being received;
- To lawfully liaise with a nominated representative and to contact family if requested or needed;
- To identify and inform you of any other services that may be of interest to you;
- To fulfil any of our legal requirements;
- To assess an application for employment with us;
- Where you have given your express consent;
- For other purposes permitted or referred to under any terms and conditions you enter into or otherwise agree to with respect to our services.
If you do not wish to have your personal information used in any manner or purpose specified above, please contact our Privacy Officer at firstname.lastname@example.org.
We will at or before the time or as soon as practicable after we collect personal information from you, take all reasonable steps to ensure that you are notified or made aware of:
- Our identity and contact details;
- The purpose for which we are collecting personal information;
- The identity of other entities or persons to whom we usually disclose personal information;
- Whether we are likely to disclose personal information to overseas recipients and if so, the countries in which such recipients are likely to be located and if practicable, to specify those countries.
These matters are set out further in our Regis Aged Care Privacy Collection Statement available on our website.
Who do we disclose your personal information to?
We may disclose your personal information to allied health professionals who assist us in providing care and services, medical practitioners, pharmacies, external health agencies such as the ambulance service, hospitals, the Australian Department of Social Services, the Aged Care Quality and Safety Commission, Medicare and relevant organisations or Government Departments as necessary to carry out the purposes for which the information was collected.
We may not use or disclose personal information for a purpose other than the primary purpose of collection, unless:
- the secondary purpose is related to the primary purpose, and you would reasonably expect disclosure of the information for the secondary purpose; or
- You have consented; or
- The information is health information, and the collection, use or disclosure is necessary for research, the compilation or analysis of statistics, relevant to public health or public safety, it is impractical to obtain consent, the use or disclosure is conducted within the privacy principles and guidelines and we reasonably believe that the recipient will not disclose the health information; or
- We believe on reasonable grounds that the disclosure is necessary to prevent or lessen a serious and imminent threat to an individual’s life, health or safety or a serious threat to public health or public safety; or
- We have reason to suspect unlawful activity and use or disclose the personal information as part of our investigation of the matter or in reporting our concerns to relevant persons or authorities; or
- We reasonably believe that the use or disclosure is reasonably necessary to allow an enforcement body to enforce laws, protect the public revenue, prevent seriously improper conduct or prepare or conduct legal proceedings; or
- The use or disclosure is otherwise required or authorised by law.
Disclosure to a person responsible
We may disclose personal information including health information about an individual to a person who is responsible for the individual if:
- the individual is incapable of giving consent or communicating consent;
- the service manager is satisfied that either the disclosure is necessary to provide appropriate care or treatment or is made for compassionate reasons or is necessary for the purposes of undertaking a quality review of our services (and the disclosure is limited to the extent reasonable and necessary for this purpose); and
- the disclosure is not contrary to any wish previously expressed by the individual of which the service manager is aware, or of which the service manager could reasonably be expected to be aware, and the disclosure is limited to the extent reasonable and necessary for providing care or treatment.
A ‘Person Responsible’ may, depending upon the circumstances, be a parent, a child or sibling, a spouse, a relative, a member of the individual’s household, a statutory decision maker, guardian, an enduring power of attorney, a person who has an intimate personal relationship with the individual, or a person nominated by the individual to be contacted in case of emergency, provided they are at least 18 years of age.
A ‘service manager’ is a person employed by us in a management capacity and who is responsible for the provision of appropriate care and treatment of an individual.
Security of your personal information
We take all reasonable steps to ensure that the personal information we hold is protected against misuse, loss, unauthorised access, modification or disclosure. We hold personal information in both hard copy and electronic forms in secure databases on secure premises and in secure cloud-based technology, accessible only by our authorised personnel. Non-current information is archived in secure premises in accordance with our Information Retention Policy.
However, we cannot guarantee the security of any personal information transmitted to us via the Internet.
Cloud based storage
Some personal information is stored in secure cloud based technology. Where information is stored in cloud based technology operated by third party service providers, we will take all reasonable steps to ensure that the third party service provider adheres to Privacy Laws.
Transfer of data outside of Australia
In most cases, your personal information is held in Australia. In some cases, we or third parties, use services such as data cloud storage systems, where personal information is held in other countries. In the event that we transfer your personal information to a third-party cloud based storage provider based in another jurisdiction, we will take all reasonable steps to ensure that your personal information is protected against unauthorised access and loss and that the jurisdiction in which the third party provider is based has adequate privacy laws and privacy protections.
Can you access the personal information that we hold about you?
Under the Privacy Act, you have a right to access your personal information that is collected and held by us. If at any time you would like to access or change the personal information that we hold about you, or you would like more information on our approach to privacy, please contact our Privacy Officer.
To obtain access to your personal information, you will have to provide us proof of identity. This is necessary to ensure that personal information is provided only to the correct individuals and that the privacy of others is protected.
We will take all reasonable steps to provide access to your personal information within 30 days from your request. In less complex cases, we will try to provide information within 14 days.
If providing you with access requires a detailed retrieval of your personal information, a fee may be charged for the cost of retrieval and supply of information.
You can choose to deal with us anonymously or use a pseudonym (in so far as this does not contravene any legal requirement), however we may not be able to provide you with the best service or effectively deal with any issues raised, without all of your personal information.
Other times and ways we collect, use, and disclose information
Closed Circuit Television Surveillance (CCTV)
We use CCTV at some of our residential aged care facilities and other business premises to maintain the safety and security of our care recipients, workers, visitors and all other people who enter our properties. Some of our CCTV systems may collect and store personal information.
Records of current and past workers which are directly related to the employment relationship are managed in accordance with workplace laws. Privacy laws may apply to employee personal information if the information is used for something that is not directly related to the employment relationship between the employer and Regis.
Regis will collect personal information from candidates. We may store information about unsuccessful applicants for the purposes of future recruitment.
Contractors, Volunteer and Student Records
Personal information collected and held by us in relation to our contractors, volunteers and students will be managed in accordance with this policy and the Privacy Act.
Unsolicited Personal Information
Unsolicited personal information is information provided by you to Regis in circumstances where we have not requested the personal information. If we receive your personal information in this manner, we will consider whether or not we could have collected your personal information under this policy and:
- if we determine that we could not have collected the personal information, we will destroy or de-identify the information; or
- if we could have collected the personal information under this policy, we will manage the information in accordance with this policy.
Privacy Data Breaches
In the event that your personal information is lost, stolen or subject to unauthorised access or disclosure, Regis will implement the Regis Aged Care Data Breach Response Plan. Regis will also adhere to its obligations under the Privacy Act in relation to any required notifications to the Office of the Australian Information Commissioner and to those people whose personal information has been lost, stolen or subject to authorised access or disclosure.
Changes to this policy
We may update this policy from time to time. The policy was last updated in December 2022. By continuing to deal with us, you accept this policy as it applies from time to time.
Our website shall remain up to date with the current policy.
How to contact us
For further information or enquiries regarding your personal information, please contact our Privacy Officer at email@example.com
Please direct all privacy complaints to our Privacy Officer at firstname.lastname@example.org
At all times, privacy complaints will:
- Be treated seriously;
- Be dealt with under the Regis Privacy Complaints Management Process;
- Be dealt with as promptly as possible;
- Be dealt with in a confidential manner; and
- Not affect your existing obligations or affect the commercial arrangements between you and us.
Our Privacy Officer or their delegate will conduct the investigation into your complaint. You will be informed of the outcome of your complaint following completion of the investigation.
If you dissatisfied with the handling or outcome of your complaint, you may directly contact the following:
Phoning: 1800 035 544 (free call from landlines) or TTY 133 677. Interpreters can be arranged.
National Relay Service and ask for 1800 035 544.