Connect Health & Community is committed to protecting the privacy and confidentiality of clients, employees, volunteers, students and recruitment applicants in the collection, use, storage and disposal of any information relating to them.
Connect Health & Community Privacy Policy outlines how we handle personal information about individuals in an open and transparent manner in accordance with the Australian Privacy Principles (APPs) and Victorian Health Privacy Principles (HPPs) which relate to the collection, use, disclosure, quality, security, retention and transfer of, and access to, health information of an individual.
This policy applies to all Connect Health & Community employees, students, volunteers and any person carrying out activities on behalf of Connect Health & Community, irrespective of their employment status.
Connect Health & Community is bound by, and complies with the Privacy Act 1988 (Commonwealth), which has been amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012. The Amending Act replaces the National Privacy Principles with the Australian Privacy Principles (APPs)
Privacy legislation includes the Privacy Act (Commonwealth) 1988 and Health Records Act (HRA) 2001 (Victoria). The Privacy Act is within the jurisdiction of the Office of the Australian Information Commissioner (OAIC). The HRA within the jurisdiction of the Health Services Commissioner of Victoria.
The Health Records Act (HRA) aims to protect health information handled within the Victorian public and private sectors. It also provides individuals with a right to access their health information held by a private sector health organisation. Under the HRA, health information that is collected, held or used by health providers must be handled in accordance with Privacy Principles.
The APPs apply to ‘APP entities’ including private healthcare organisations, community health centres and dental practices. Public hospitals are not an APP entity.
The APPs introduce a concept of ‘permitted general situations’ and ‘permitted health situations’ – exceptions to the collection, use and disclosure of personal information and health information respectively, where this would otherwise be prohibited by the APPs.
APP 1 Open and transparent management of personal information
APP 2 Anonymity and pseudonymity
APP 3 Collection of solicited personal information
APP 4 Dealing with unsolicited personal information
APP 5 Notification of the collection of personal information
APP 6 Use or disclosure of personal information
APP 7 Direct marketing
APP 8 Cross-border disclosure of personal information
APP 9 Adoption, use or disclosure of government related identifiers
APP 10 Quality of personal information
APP 11 Security of personal information
APP 12 Access to personal information
APP 13 Correction of personal information
Victorian dentists and dental practices are subject to both Commonwealth & State Privacy laws.
HPP 1 Collection
HPP 2 Use and Disclosure
HPP 3 Data Quality
HPP 4 Data Security and Data Retention
HPP 5 Openness
HPP 6 Access and Correction
HPP 7 Identifiers
HPP 8 Anonymity
HPP 9 Trans-border Data Flow
HPP 10 Transfer or closure of the practice of a health service provider
HPP 11 Making information available to another health service provider
Connect Health & Community has an appointed Privacy Officer. The Privacy Officer is the key contact within the organisation for all matters relating to privacy.
Consent is when Connect Health & Community collect personal information from an individual. Staff will discuss the content of this policy with the individual and request consent to the collection of information. If an individual chooses not to consent to collection of personal information, the level or type of service Connect Health & Community can offer to an individual may be limited.
| Board of Directors | Ensure systems are in place for compliance with Privacy legislation |
| Chief Executive , Managers and Team Leaders | Ensure compliance with Privacy Policies and Procedures by staff and volunteers in their program or service areaEnsure adequate resources to enable employees to comply with Privacy Policies and Procedures.Ensure the employee declaration is read, understood and signed by all employees.Take appropriate disciplinary action when Privacy Policies and Procedures are compromised or breached |
| Privacy Officer | The Privacy Officer is responsible for providing guidance on the use and disclosure of personal and/or health information. |
| All employees and volunteers | Connect Health & Community employees, volunteers, students and contractors are responsible for maintaining privacy, confidentiality and security of personal and health information. Connect Health & Community employees must understand and adhere to all internal, external and stakeholder Privacy Policies and Procedures, as applicable |
2.1.7 Mandatory Reporting of Suspected Child Abuse
2.1.8 Elder Abuse
2.2.1 Creating and Maintaining Health Records
2.2.2 Location and Storage of Health Records
2.2.3 Health Record Audits
2.5.5 Informed Consent
2.5.6 Client Complaints and Compliments
2.22 Information Management
2.23 Information Technology
2.30 Mandatory Reporting of Suspected Professional Misconduct