Overview

• This policy ensures that we protect and handle personal information following the relevant privacy legislation. 
• HWH acknowledges an individual’s right to privacy while recognising that personal information must be collected, maintained and administered to provide a safe working environment and a high-quality standard.
• The information we collect is used to provide services to clients in a safe and healthy environment with individual requirements, to meet our duty of care obligations, to initiate appropriate referrals, and to conduct business activities to support those services.

• all personal information and sensitive personal information, including the personal information of employees and clients
• all confidential company information - that is, any information not publicly available
• all HWH staff, including key managers.

Policy

• To support the privacy and confidentiality of individuals:
  • HWH is committed to complying with the privacy requirements of the Privacy Act, the Australian Privacy Principles (APP) and the Privacy Amendment (Notifiable Data Breaches) 
  • we are fully committed to complying with the consent requirements of the NDIS Quality and Safeguarding Framework and relevant state or territory requirements
  • we provide all individuals with access to information about the privacy of their personal information
  • each individual has the right to opt out of consenting to and providing their details if they wish
  • individuals have the right to request access to their records by requesting this with their contact person
  • where we are required to report to government funding bodies, the information provided is non-identifiable and related to the services provided, age, disability, language, and nationality
  • personal information will only be used by us and will not be shared outside the organisation without your permission unless required by law (e.g. reporting assault, abuse, neglect, or where a court order is issued)
  • images or video footage of clients will not be used without their consent
  • clients have the option of being involved in external audits if they wish.

• To keep information secure:
  • we take reasonable steps to protect the personal information we hold against misuse, interference, loss, unauthorised access, modification and disclosure. All employees must complete the Cyber Wardens® online courses which are accessed through Talent LMS. 
  • we ensure personal information is accessible to the client and is able for use only by relevant workers
  • we ensure security for personal information
  • we ensure that personal information no longer required is securely destroyed or de-identified.

• As part of information security responsibilities:
  • We will take reasonable steps to reduce the likelihood of a data breach occurring, including storing personal information securely and accessible only to relevant workers
  • Suppose we know or suspect unauthorised parties have accessed your personal information, and we think this could cause harm. In that case, we will take reasonable steps to reduce the chance of harm and advise you of the breach and if necessary, the Office of the Australian Information Commissioner.

• A breach of privacy and confidentiality is an incident:
  • and our response will be to follow our incident management process for resolution
  • some may require further investigation and
  • an intentional breach will result in disciplinary action, including termination of employment. 

• Australian Privacy Principles guidelines 
• Australian Privacy Principles - Quick Reference 
• Cyber Wardens website 

• Sex Discrimination Act 1984 (Cth) 
• Racial Discrimination Act 1975 (Cth)   
• Disability Discrimination Act 1992 (Cth)  
• Age Discrimination Act 2004 (Cth)   
• Australian Human Rights Commission Act 1986 (Cth)    
• Children's Protection Act 1993
• Equal Opportunity Act 1984 
• Health and Community Complaints Commissioner (HCSCC) - Code of Conduct for Unregistered Health Practitioners.
• National Disability Insurance Scheme (Code of Conduct) Rules 2018, rule changes in 2021
• National Standards for Disability Services
• Privacy Act 1988 (Cth)
• Privacy Amendment (Notifiable Data Breaches) Act, No. 12, 2017 (Cth) 
• Workplace Gender Equality Act 2012 

• NDIS - Registration Renewal Process Guide (for providers), Version 3, 2020 (Cth) 
• NDIS - Practice Standards and Quality Indicators, Version 3, 2020 (Cth), and rule changes 2021
• NDIS (Code of Conduct) Rules 2018 (Cth)
• Social Media 
• Code of Conduct 
• Work Relationships & Boundaries
• Ethical Behaviour and Code of Conduct
• Duty of Care
• Communications Policy 
• Work Health and Safety
• Workforce Management - Discipline & Dismissals
• Mandatory Reporting
• Open Disclosure
• Working with Client Support Networks 
• Data Breaches & the Privacy Act