In-Home Care Services Pty Ltd will manage and ensure that the organisation provides the service recipient
access to services and supports that respect and protect their dignity and right to privacy.
This policy applies to all Staff and contractors.

Policy

In-Home Care Services Pty Ltd is committed to protecting and upholding all stakeholders right to privacy and dignity; including service recipients, staff, management and representatives of agencies, In-Home Care Services Pty Ltd deal with.

In-Home Care Services Pty Ltd are committed to protecting and upholding the service recipients right to privacy and dignity as the organisation collect, store and handle information about them, their needs and the services provided to them.

In-Home Care Services Pty Ltd is subject to Privacy act 1988 and govertment rules and regulations. In-Home Care Services Pty Ltd will follow the guidelines of the Australian Privacy Principles in its information management practices.

In-Home Care Services Pty Ltd will ensure that each service recipient understands, and agrees to, what personal information will be collected and informed of the reason for the collection. The service recipient will be informed and agree to this information is being recorded material in an audio and/or visual format.

In-Home Care Services Pty Ltd will advise each service recipient of privacy policies using the language, mode of communication and terms that the service recipient is most likely to understand. (Easy Read documents are made available to all service recipients).

In-Home Care Services Pty Ltd will ensure that:

• It meets its legal and ethical obligations as an employer and service provider in relation to protecting the privacy of service recipients and organisational personnel.
• The service recipients are provided with information about their rights regarding privacy and confidentiality.
• The service recipients and organisational personnel are provided with privacy, and confidentiality is assured when they are being interviewed or discussing matters of a personal or sensitive nature.
• All staff, management and volunteers understand what is required in meeting these obligations.
• Service recipients are advised of In-Home Care Services Pty Ltd’s confidentiality policies using the language, mode of communications and terms that are most likely to be understood.
• In-Home Care Services Pty Ltd will attempt to locate interpreters and will use easy access materials.

This policy conforms to the Federal Privacy Act (1988) and the Australian Privacy Principles, which govern the collection, use and storage of personal information.

This policy will apply to all records, whether hard copy or electronic, containing personal information about individuals, and to interviews or discussions of a sensitive personal nature.

Procedures

Dealing with personal information

In dealing with personal information, In-Home Care Services Pty Ltd staff will:

• Ensure privacy for the service recipients, staff, or management when they are being interviewed or discussing matters of a personal or sensitive nature.
• Only collect and store personal information that is necessary for the functioning of the organisation and its activities.
• Use fair and lawful ways to collect personal information.
• Collect personal information only with consent from the individual.
• Ensure that people know of the type of personal information being held, the purpose of keeping the information and the method it is collected, used, disclosed, and who will have access to it.
• Ensure that personal information collected or disclosed is accurate, complete, and up-to-date, and provide access to the individual to review information or correct wrong information about themselves.
• Take reasonable steps to protect all personal information from misuse and loss and from unauthorised access, modification or disclosure.
• Destroy or permanently de-identify personal information no longer needed and/or after legal requirements for retaining documents have expired.
• Ensure that service recipients understand and agree with what personal information will be collected and why.
• Ensure service recipients are informed when any recordings occur in either audio and/or visual format. The service recipient’s involvement in any recording must be agreed to in writing.

Service recipient Records

Service recipient records will be kept confidential and only handled by staff directly engaged in the delivery of service to the service recipient. Information about service recipients may only be made available to other parties with the consent of the service recipient, or their advocate, guardian or legal representative. A written agreement giving permission to the recording must be maintained in the service recipient’s file. 

All hard copy files of service recipient records will be kept securely in a locked filing cabinet, in the office space.

Responsibilities for Managing Privacy

• All staff is responsible for the management of personal information to which they have access. Director is responsible for the content in In-Home Care Services Pty Ltd publications, communications and on the website and must ensure the following:
• Appropriate consent is obtained for the inclusion of any personal information about any individual, including In-Home Care Services Pty Ltd personnel (Consent Policy and Procedure)
• Information being provided by other agencies or external individuals conforms to privacy principles
• That the website contains a Privacy Statement that makes clear the conditions of any collection of personal information from the public through their visit to the website.
• The Director is responsible for safeguarding personal information relating to In-Home Care Services Pty Ltd’s staff, management and contractors. The Director will be responsible for:
• Ensuring that all Staff is familiar with the Privacy Policy and administrative procedures for handling personal information.
• Ensuring that service recipients and other relevant individuals are provided with information about their rights regarding privacy and dignity.
• Handling any queries or complaints about a privacy issue.

Privacy Information for Service Recipients

At the first interview, service recipients will be notified of the type of information is being collected about them, how their privacy will be protected, and their rights in relation to this data. Information sharing is part of In-Home Care Services Pty Ltd’s legislative requirements. Service recipients must give consent to any information sharing between the organisation and government bodies. The service recipients is offered to opt-out of any information sharing during audits.

Privacy for Interviews and Personal Discussions

To ensure privacy for service recipient or Staff when discussing sensitive or personal matters, In-Home Care Services Pty Ltd will only collect personal information which is necessary for the provision of support and services and which:

• Is given voluntarily, and
• Will be stored securely on the In-Home Care Services Pty Ltd database.

When in possession or control of a record containing personal information, In-Home Care Services Pty Ltd will ensure that the record is protected against loss, unauthorised access, modification or disclosure, by such steps as it is reasonable in the circumstances to take. If it is necessary for the record be given to a person in connection with the provision of a service to In-Home Care Services Pty Ltd, everything reasonable will be done to prevent unauthorised use or disclosure of that record In-Home Care Services Pty Ltd will not disclose any personal information to a third party without the individual’s consent unless that disclosure is required or authorised by or under law.

CONFIDENTIALITY POLICY AND PROCEDURE

The purpose of this policy and procedure is to ensure In-Home Care Services Pty Ltd upholds each service recipient’s individuality, dignity and privacy. The policy sets out In-Home Care Services Pty Ltd’s responsibilities relating to the collection and protection of service recipient’s information.

Definition

Health information – Any information or an opinion about the physical, mental or psychological health or ability (at any time) of an individual.

Personal information – Recorded information (including images) or opinion, whether true or not, about a living individual whose identity can reasonably be ascertained.

Sensitive information – Information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political party, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preference or practices, or criminal record.

Policy

Privacy and confidentiality of service recipient’s information are of paramount importance to In-Home Care Services Pty Ltd. In-Home Care Services Pty Ltd will only collect information necessary for effective service delivery. In-Home Care Services Pty Ltd will only use information collected for the purpose it was collected and secure it appropriately. 

In-Home Care Services Pty Ltd will collect, use and disclose information in accordance with relevant state and Federal privacy legislation.

Procedures

• In-Home Care Services Pty Ltd will keep service recipient informed of their rights.
• In-Home Care Services Pty Ltd will ensure service recipient and or their authorised representative has access to service recipient personal information.
• In-Home Care Services Pty Ltd will keep service recipient information secure.
• Computers and laptops will be protected by user access credentials.
• In-Home Care Services Pty Ltd will not release information related to service recipient to other individuals or services without the consent of the service recipient or their representative.
• In-Home Care Services Pty Ltd will respect service recipient’s right to withdraw from consent at any time.
• In-Home Care Services Pty Ltd will collect, use and disclose information in accordance with relevant state and Federal privacy legislation.
• All staff are responsible for upholding Company’s privacy and confidentiality responsibilities. 
• Management will make arrangements for service recipients with special needs to assist with protecting their privacy and dignity.
• In-Home Care Services Pty Ltd will give due consideration to individuals and groups with special needs when upholding their privacy, dignity and confidentiality.
• In-Home Care Services Pty Ltd will capture service recipient information the privacy of their home or in In-Home Care Services Pty Ltd’s office and ensure that it is in an area that prevents other people from hearing their personal details.
• Service recipient privacy will be respected, and assistance will be given in a dignified and appropriate manner during social outings or in their own home.
• Staff will ensure time and space for service recipient privacy, respecting and encouraging service recipient independence.
• Individual choice will be respected in regard to clothing and grooming, taking into account various factors such as the weather to ensure warmth if cold or to avoid overheating during hot seasons.
• Employees will show respect for the service recipient’s home and service recipient belongings.
• Company will collect, use and disclose information in accordance with relevant state and Federal privacy legislation.
• Service recipient Information will not be collected or released to other individuals or services without informed consent from the service recipient or their representative, or in exceptional circumstances i.e., where legislation requires, in case of life threating emergency.
• Clinical records to be kept in a locked filing cabinet when not being used in the office; if a home file is kept this is to be kept discretely and privately in the service recipient’s home where the service recipient wishes to keep it.
• Company will not provide service recipient information over the phone as it is difficult to determine the identity of the caller(s).
• Company will ensure improvements identified through staff and service recipient feedback, are actioned through the company’s Continuous Improvement Plan.
• Company will monitor staff knowledge and application of confidentiality and privacy principles on-the-job and through yearly Performance Reviews.
• Company will provide additional on-the-job and formal training to staff where required.

Staff Privacy and Confidentiality

Staff information In-Home Care Services Pty Ltd collects include, but is not limited to tax declaration form; employment / engagement contract; personal details; emergency contact details; medical details; Police and Working with Children Check records; Qualifications; First Aid, CPR and Anaphylaxis certificates; medical history; personal resume; payroll information; and Superannuation details

Staff information may be accessed the Management Team. 

Staff have the right to request access to personal information In-Home Care Services Pty Ltd holds about them, without providing a reason for requesting access; access this information; and make corrections if they consider the information is not accurate, complete or up to date.

If an individual requests access to or the correction of personal information, within a service benchmark of 2 working days (and no more than 45 days after receiving the request), staff will provide access, or reasons for the denial of access; correct the personal information, or provide reasons for the refusal to correct the personal information; or provide reasons for the delay in responding to the request for access to or correction of personal information.

Staff personal and health information will only be disclosed for medical treatment or emergency; with written consent from the staff member; or when required by Commonwealth Law, or to fulfil legislative obligations such as mandatory reporting.

Monitoring and Review

In-Home Care Services Pty Ltd Management Team will review this policy and procedure at least annually. This process will include a review and evaluation of current practices and service delivery types, contemporary policy and practice in this clinical area, the Incident Register and will incorporate staff, service recipient and another stakeholder feedback. Feedback from service users, suggestions from staff and best practice developments will be used to update this policy.

In-Home Care Services Pty Ltd Continuous Improvement Plan will be used to record and monitor progress of any improvements identified and where relevant feed into In-Home Care Services Pty Ltd service planning and delivery processes.

MANAGEMENT OF DATA BREACH POLICY AND PROCEDURE

To meet legislative compliance requirements as a mandatory reporter of eligible data breaches to both the Office of the Australian Information Commissioner (OAIC) and any individuals who may be potentially affected by a data breach; to inform relevant authorities of any breach, and to limit and reduce risks to the business and ensure continuous improvement in maintenance of data held by In-Home Care Services Pty Ltd.

All Staff are required to maintain the confidentiality of all data relating to service recipients and other Staff members. This policy relates to all personal data regarding both service recipients and team members.

Policy

In-Home Care Services Pty Ltd views data breaches as having serious consequences, the organisation must have robust systems and procedures in place to identify and respond effectively.

In-Home Care Services Pty Ltd will delegate relevant staff members with the knowledge and skills required to become a Response Team member.

Staff are required to inform the Director or their delegate of the potential, or suspected, data breach immediately. Within forty-eight (48) hours, the Director is to complete a Data Breach Process Form and ensure that, as a regulated entity, they notify the particular individuals and the Commissioner about eligible data breaches as soon as practicable (no later than thirty (30) days after becoming aware of the breach or suspected breach).

If a staff member becomes aware that there are reasonable grounds to believe that there has been an eligible data breach, In-Home Care Services Pty Ltd is required to promptly notify any individuals at risk of being affected by the data breach and the OAIC.

In-Home Care Services Pty Ltd will undertake the following when an eligible data breach has occurred:

1. Prepare a statement that, at a minimum, contains:
   1. In-Home Care Services Pty Ltd contact details:
      1. If relevant, the identity and contact details of any entity that jointly or simultaneously holds the same information, in respect of which the eligible data breach has occurred, e.g., due to outsourcing, joint venture or shared services arrangements. If information of this sort is included in the statement, the other entity will not need to report the eligible data breach separately.
   2. A description of the data breach.
   3. The kinds of information concerned.
   4. The steps it recommends individuals take to mitigate the harm that may arise from the breach (while the entity is expected to make reasonable efforts to identify and include recommendations, it is not expected to identify every recommendation possible following a breach).
2. Provide a copy of the prepared statement to the OAIC using online Notifiable Data Breach Form.
3. Undertake such steps, as are reasonable in the circumstances, to notify affected or at-risk individuals of the contents of the statement. Individuals will be notified by email, telephone or post, depending on the situation; if direct notification is not practicable In-Home Care Services Pty Ltd will publish the statement on its website and take reasonable steps to publicise its contents.

Definition

Data breach (Eligible Data Breach) Unauthorised access to or unauthorised disclosure of personal information or personal information is lost in circumstances where unauthorised access to, or unauthorised disclosure of the information is likely to occur.

Likely (likely to result in serious harm) To be interpreted to mean more probable than not

Reasonable person A person in In-Home Care Services Pty Ltd who is properly informed, based on information immediately available or following reasonable enquiries, or an assessment of the data breach.

Likely to result in serious harm 

OAIC Office of the Australian Information Commissioner

Likely to result in serious harm 

An assessment as to whether an individual is likely to suffer ‘serious harm’ because of an eligible data breach depends on, among many other relevant matters:

• the kind and sensitivity of the information subject to the breach
• whether the information is protected and the likelihood of overcoming that protection
• if a security technology or methodology is used in relation to the information to make it unintelligible or meaningless to persons not authorised to obtain it – the information or knowledge required to circumvent the security technology or methodology
• the persons, or the kinds of persons, who have obtained, or could obtain, the information
• the nature of the harm that may result from the data breach.

Potential forms of serious harm Could include physical, psychological, emotional, economic and financial harm, as well as harm to reputation.

Remedial action There are a number of exceptions to the notification obligation, including importantly where an entity is able to take effective remedial action to prevent unauthorised access to, or disclosure of, information when it is lost or to prevent any serious harm resulting from the data breach. Where such remedial action is taken by an entity, an eligible data breach will not be taken to have occurred, and therefore an entity will not be required to notify affected individuals or the OAIC

Suspicion of an eligible data breach If In-Home Care Services Pty Ltd merely suspects that an eligible data breach has occurred, but there are no reasonable grounds to conclude that the relevant circumstances amount to an eligible data breach, the entity must undertake a “reasonable and expeditious assessment” of whether there are in fact reasonable grounds to believe that an eligible data breach has occurred

Assessment time frame Within 30 days after the day, it became aware of the grounds that caused it to suspect an eligible data breach.

Personal Information Personal information includes a broad range of information, or an opinion, that could identify an individual. What is personal information will vary, depending on whether a person can be identified or is identifiable in the circumstances.

For example, personal information may include:

• an individual’s name, signature, address, phone number or date of birth
• sensitive information
• credit information
• staff member record information
• photographs
• internet protocol (IP) addresses
• voiceprint and facial recognition biometrics (because they collect characteristics that make an individual’s voice or face unique)
• location information from a mobile device (because it can reveal user activity patterns and habits)