Your rights in relation to privacy
Regis Aged Care Pty Ltd (ACN 125 223 645) (we, us, our) understands the importance of protecting the privacy of an individual’s personal information (including health information). This policy sets out how we aim to protect the privacy of your personal information, your rights in relation to your personal information managed by us and the way we collect, use and disclose your personal information.
‘You’ or ‘Your’ in this policy refers to the person or entity that is using our services, engaging with our services (including job applicants) or visiting our website.
This policy applies to all staff (including contracted agency staff) and volunteers.
The purpose of this policy and procedure is to:
a. ensure personal information is managed in an open and transparent way;
b. protect the privacy of personal information including health information of clients, residents and staff;
c. provide for the fair collection and handling of personal information;
d. ensure that personal information we collect is used and disclosed for legally permitted purposes only;
e. regulate the access to and correction of personal information; and
f. ensure the confidentiality of personal information through appropriate storage and security.
What kinds of personal information do we collect?
Personal information is any information that identifies an individual or any information from which an individual’s identity could reasonably be ascertained. During the provision of our services, including if you access our website, we may collect your personal information.
We generally collect five kinds of information:
1. personal information provided by you, including your name, address, telephone number and email address;
2. health and financial information in the event that you enter our care as a resident;
3. government identifiers such as Medicare, Pension or Veteran’s Affairs numbers;
4. information that we obtain about you in the course of your interaction with our website including your internet protocol (IP) address, the date and time of your visit to our website, the pages you have accessed, the links on which you have clicked and the type of browser that you were using; and
5. aggregated statistical data which is information relating to your use of our website and our services, such as traffic flow and demographics.
How do we collect personal information?
Personal information (including health information), may be collected:
a. from a client or resident;
b. from any person or organisation that assesses health status or care requirements, for example the Aged Care Assessment Team;
c. from the health practitioner of a client or resident;
d. from other health providers or facilities;
e. from family members or significant persons of a client or resident; and
f. from a legal advisor of a client or resident.
We will collect personal information directly from you unless:
a. a. we have your consent to collect the information from someone else; or
b. we are required or authorised by law to collect the information from someone else; or
c. it is unreasonable or impractical to do so.
Once you have provided your consent, you are able to withdraw it at any time by contacting us. However please understand that by withdrawing your consent, we may not be able to provide you with the services you require.
Why do we need your personal information?
We collect your personal information for the purposes of providing you with our care and services. Where applicable, we may use your personal information:
to provide aged care services to you;
to enable allied health care providers and medical practitioners to provide care and services to you;
to enable us to obtain the correct level of government funding in relation to your care;
to enable contact with a nominated person regarding your health status;
to lawfully liaise with a nominated representative and to contact family if requested or needed;
to identify and inform you of any other services that may be of interest to you;
to fulfil any of our legal requirements; or
for other purposes permitted or referred to under any terms and conditions you enter into or otherwise agree to with respect to our services.
If you do not wish to have your personal information used in any manner or purpose specified above, please contact our Privacy Officer.
We will at or before the time or as soon as practicable after we collect personal information from you, take all reasonable steps to ensure that you are notified or made aware of:
a. our identity and contact details;
b. the purpose for which we are collecting personal information;
c. the identity of other entities or persons to whom we usually disclose personal information;
e. whether we are likely to disclose personal information to overseas recipients and if so, the countries in which such recipients are likely to be located and if practicable, to specify those countries.
These matters are set out further in our full ‘Privacy Collection Statement’.
Who do we disclose your personal information to?
We may disclose your personal information to allied health professionals who assist us in providing care and services, medical practitioners, external health agencies such as the ambulance service, hospitals, the Australian Department of Social Services, the Aged Care Quality and Safety Commission, Medicare and relevant organisation or Government Departments as necessary to carry out the purposes for which the information was collected.
We may not use or disclose personal information for a purpose other than the primary purpose of collection, unless:
a. the secondary purpose is related to the primary purpose and you would reasonably expect disclosure of the information for the secondary purpose;
b. you have consented;
c. the information is health information and the collection, use or disclosure is necessary for research, the compilation or analysis of statistics, relevant to public health or public safety, it is impractical to obtain consent, the use or disclosure is conducted within the privacy principles and guidelines and we reasonably believe that the recipient will not disclose the health information;
d. we believe on reasonable grounds that the disclosure is necessary to prevent or lessen a serious and imminent threat to an individual’s life, health or safety or a serious threat to public health or public safety;
e. we have reason to suspect unlawful activity and use or disclose the personal information as part of our investigation of the matter or in reporting our concerns to relevant persons or authorities;
f. we reasonably believe that the use or disclosure is reasonably necessary to allow an enforcement body to enforce laws, protect the public revenue, prevent seriously improper conduct or prepare or conduct legal proceedings; or
g. the use or disclosure is otherwise required or authorised by law.
We will not disclose your personal information to an overseas recipient.
Disclosure to a person responsible
We may disclose Health Information about an individual to a person who is responsible for the individual if:
a. the individual is incapable of giving consent or communicating consent;
b. the service manager is satisfied that either the disclosure is necessary to provide appropriate care or treatment or is made for compassionate reasons or is necessary for the purposes of undertaking a quality review of our services (and the disclosure is limited to the extent reasonable and necessary for this purpose); and
c. the disclosure is not contrary to any wish previously expressed by the individual of which the service manager is aware, or of which the service manager could reasonably be expected to be aware and the disclosure is limited to the extent reasonable and necessary for providing care or treatment.
A ‘person responsible’ is a parent, a child or sibling, a spouse, a relative, a member of the individual’s household, a guardian, an enduring power of attorney, a person who has an intimate personal relationship with the individual, or a person nominated by the individual to be contacted in case of emergency, provided they are at least 18 years of age.
Security of your personal information
We take all reasonable steps to ensure that the personal information we hold is protected against misuse, loss, unauthorised access, modification or disclosure. We hold personal information in both hard copy and electronic forms in secure databases on secure premises and in secure cloud based technology, accessible only by our authorised staff.
Non-current information is archived in secure premises in accordance with our Information Retention Policy.
However, we cannot guarantee the security of any personal information transmitted to us via the Internet.
Can you access the personal information that we hold about you?
Under the Privacy Act, you have a right to access your personal information that is collected and held by us. If at any time you would like to access or change the personal information that we hold about you, or you would like more information on our approach to privacy, please contact our Privacy Officer.
To obtain access to your personal information, you will have to provide us proof of identity. This is necessary to ensure that personal information is provided only to the correct individuals and that the privacy of others is protected. We will take all reasonable steps to provide access to your personal information within 30 days from your request. In less complex cases, we will try to provide information within 14 days.
If providing you with access requires a detailed retrieval of your personal information, a fee may be charged for the cost of retrieval and supply of information.
You can choose to deal with us anonymously or use a pseudonym (in so far as this does not contravene any legal requirement), however we may not be able to provide you with the best service or effectively deal with any issues raised, without all of your personal information.
Other times and ways we collect, use and disclose information
Closed Circuit Televisions Surveillance (CCTV)
We use CCTV at some of our residential aged care facilities and other business premises to maintain the safety and security of our care recipients, staff, visitors and all other people who enter our properties. Some of our CCTV systems may collect and store personal information.
Records of current and past employees which are directly related to the employment relationship are managed in accordance with workplace laws. Privacy laws may apply to employee personal information if the information is used for something that is not directly related to the employment relationship between the employer and Regis.
Regis will collect personal information from job applicants to help us assess the applicant. We may store information about unsuccessful applicants for the purposes of future recruitment.
Personal information collected and held by us in relation to our volunteers will be managed in accordance with this policy and the Privacy Act.
Privacy Data Breaches
In the event that your Personal Information is lost, stolen or subject to unauthorised access or disclosure, Regis will implement the Regis Aged Care Data Breach Response Plan. Regis will also adhere to its obligations under the Privacy Act in relation to any required notifications to the Office of the Australian Information Commissioner and to those people whose Personal Information has been lost, stolen or subject to authorised access or disclosure.
How to contact us
For further information or enquiries regarding your personal information, please contact our Privacy Officer at firstname.lastname@example.org.
Please direct all privacy complaints to our Privacy Officer at email@example.com.
At all times, privacy complaints will:
- be treated seriously;
- be dealt with under the Regis Privacy Complaints Management Process;
- be dealt with as promptly as possible;
- be dealt with in a confidential manner; and
- not affect your existing obligations or affect the commercial arrangements between you and us.
Our Privacy Officer or their delegate will conduct the investigation into your complaint. You will be informed of the outcome of your complaint following completion of the investigation.