Service with a smile
Privacy Policy
1. Introduction
1.1 Purpose
This Policy and the Policies and Procedures and related documentation set out in section 1.5 below (Related Documentation) supports Ability Aid to apply the Privacy and Dignity and Information Management NDIS Practice Standards.
1.2 Policy Aims
Ability Aid is committed to ensuring each Client is treated with dignity and respect, can maintain their identity, make informed choices about their care and services, and live the life they choose.
In this regard, Ability Aid is committed to ensuring it:
- (a) has a culture of inclusion and respect for consumers;
- (b) supports consumers to exercise choice and independence;
- (c) respects consumers’ privacy.
1.3 NDIS Quality Indicators
In this regard, Ability Aid aims to demonstrate each of the following quality indicators through the application of this Policy and the relevant systems, procedures, workflows, and other strategies referred to in this Policy and the Related Documentation:
Privacy and Dignity- (a) Consistent processes and practices are in place that respect and protect the personal privacy and dignity of each participant.
- (b) Management of each participant’s information ensures that it is identifiable, accurately recorded, current, and confidential. Each participant’s information is easily accessible to the participant and appropriately utilized by relevant workers.
- (c) Each participant understands and agrees to what personal information will be collected and why, including recorded material in audio and/or visual format.
- (a) Each participant’s consent is obtained to collect, use, and retain their information or to disclose their information (including assessments) to other parties, including details of the purpose of collection, use, and disclosure. Each participant is informed in what circumstances the information could be disclosed, including that the information could be provided without their consent if required or authorized by law.
- (b) Each participant is informed of how their information is stored and used, and when and how each participant can access or correct their information, and withdraw or amend their prior consent.
- (c) An information management system is maintained that is relevant and proportionate to the size and scale of the organization and records each participant’s information in an accurate and timely manner.
- (d) Documents are stored with appropriate use, access, transfer, storage, security, retrieval, retention, destruction, and disposal processes relevant and proportionate to the scope and complexity of support delivered.
1.4 Scope
(a) This Policy applies to the provision of all services and supports at Ability Aid.
(b) All permanent, fixed-term, and casual staff, contractors, and volunteers are required to take full responsibility for ensuring full understanding of the commitments outlined in this Policy.
1.5 Related Documentation
The application of the above NDIS Practice Standard by Ability Aid is supported in part by and should be read alongside the Policies and Procedures and related documentation corresponding to this Policy in the Policy Register.
2. Definitions
2.1 Definitions
In this Policy:
Ability Aidmeans Hemadave Courier Pty Ltd ABN 70 169 088 028
Clientmeans a client of Ability Aid (including an NDIS participant).
Key Management Personnelmeans Kamlesh Dave, Navia hobokhoree and other key management personnel involved in Ability Aid from time to time.
Legislation Registermeans the register of legislation, regulations, rules, and guidelines maintained by Ability Aid.
Personal informationmeans information or an opinion (whether true or not and whether recorded in a material form or not) about an individual who is identified or reasonably identifiable from the information.
Policy Registermeans the register of policies of Ability Aid.
Related Documentationhas the meaning given to that term in section 1.1
Sensitive informationis a subset of personal information that is generally afforded a higher level of privacy protection. Sensitive information includes health and genetic information and information about racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or trade union, sexual preferences or practices, criminal record and some types of biometric information.
Workermeans a permanent, fixed-term or casual member of staff, a contractor or volunteer employed or otherwise engaged by Ability Aid and includes the Principal.
3. Policy Statement
3.1 Communication of Privacy and Dignity Policy
To ensure Clients understand the subject matter of this Privacy and Dignity Policy in a manner which is responsive to their needs and in the language, mode of communication and terms that the Client is most likely to understand, Ability Aid will:
- (a) use respectful, open, clear, and honest communication in all professional interactions (e.g., spoken, written, social media).
- (b) consistently respect the Client’s privacy and confidentiality in how they communicate and interact with them.
- (c) communicate effectively with Clients to promote their understanding of the subject matter of this Privacy and Dignity Policy (e.g., active listening, use of plain language, encouraging questions).
- (d) identify potential barriers to effective communication and make a reasonable effort to address these barriers including by providing information and materials on how to access interpreter services, legal and advocacy services.
- (e) work with bilingual assessment staff, interpreters (linguistic and/or sign), communication specialists and relevant advocacy agencies/services that can also assist Client participation, inclusion, informed choice and control.
- (f) encourage Clients to engage with their family, friends and chosen community if Ability Aid has been directed to do so.
3.2 The personal information that Ability Aid collects
The personal information that Ability Aid collects from a Client includes their:
- (a) name, address, telephone and email contact details;
- (b) gender, date of birth and marital status, information about their disability and support needs;
- (c) health and medical information;
- (d) numbers and other identifiers used by Government Agencies or other organizations to identify individuals;
- (e) financial information and billing details including information about the services individuals are funded to receive, whether under the NDIS or otherwise;
- (f) records of interactions with individuals such as system notes and records of conversations individuals have had with Ability Aid’s Workers;
- (g) information about the services Ability Aid provides to individuals and the way in which Ability Aid will deliver those to individuals.
Typically, Ability Aid does not collect personal information in the form of recorded material in audio and/or visual format.
3.3 Sensitive information and protection of dignity
3.3 Sensitive information and protection of dignity
Ability Aid only collects sensitive information where it is reasonably necessary for Ability Aid’s functions or activities and either:
- (a) the individual has consented; or
- (b) Ability Aid is required or authorized by or under law (including applicable privacy legislation) to do so.
For example, in order to provide Ability Aid’s services to a Client or to respond to a potential Client’s inquiries about services, Ability Aid may be required to collect and hold their sensitive information including health and medical information and information relating to their disability and support requirements.
Ability Aid will treat Clients with dignity and respect and as far as reasonably practicable protect the privacy and dignity of each Participant and, in particular, their sensitive information.
3.4 How Ability Aid collects personal information
Ability Aid collects personal information in a number of ways, including:
- (a) through Ability Aid’s website;
- (b) when individuals correspond with Ability Aid (for example by letter, fax, email or telephone);
- (c) on hard copy forms;
- (d) in person;
- (e) from referring third parties (for example, the National Disability Insurance Scheme or a support coordinator);
- (f) at events and forums; and
- (g) from third party funding and Government Agencies.
3.5 Why does Ability Aid collect personal information?
The main purposes for which Ability Aid collects, holds, uses and discloses personal information are:
- (a) providing individuals with information about Ability Aid’s services and supports.
- (b) answering their inquiries and delivering service to Clients
- (c) administering Ability Aid’s services and supports and processes payments.
- (d) conducting quality assurance activities including conducting surveys, research and analysis and resolving complaints
- (e) complying with laws and regulations and to report to funding and Government Agencies.
- (f) promoting Ability Aid and its activities, including through events and forums.
- (g) conducting research and statistical analysis relevant to Ability Aid’s activities (including inviting individuals to participate in research projects and activities).
- (h) reporting to funding providers.
- (i) recruiting employees, contractors and volunteers.
- (j) processing payments.
- (k) answering queries and resolving complaints.
- (l) evaluating Ability Aid’s work and reporting externally.
- (m) carrying out internal functions including administration, training, accounting, audit and information technology.
- (n) other purposes which are explained at the time of collection or which are required or authorized by or under law (including, without limitation, privacy legislation).
- (o) purposes for which an individual has provided their consent.
- (p) for research, evaluation of services, quality assurance activities, and education in a manner which does not identify individuals. If individuals do not wish for their de-identified data to be used this way, they should contact Ability Aid.
- (q) to keep individuals informed and up to date about Ability Aid’s work, for example, changes to the National Disability Insurance Scheme or information about disability supports, either where Ability Aid has their express or implied consent, or where Ability Aid is otherwise permitted by law to do so. Ability Aid may send this information in a variety of ways, including by mail, email, SMS, telephone, or social media.
- (r) where an individual has consented to receiving marketing communications from Ability Aid, that consent will remain current until they advise Ability Aid otherwise. However, individuals can opt out at any time.
- (s) to manage and improve users’ experience on the Ability Aid website using “cookies”. A cookie is a small text file that Ability Aid’s site may place on their computer as a tool to remember their preferences. Individuals may refuse the use of cookies by selecting the appropriate settings on their browser.
- (t) to tailor advertising, both on Ability Aid’s website and through advertising networks on other websites, based on their visits or behavior through cookies on their device. Individuals can control how cookies are used and for what through the settings on their chosen browser.
- (u) to track visits to the Ability Aid website, using this information to track the effectiveness of the website. While this data is mostly anonymous, sometimes Ability Aid will connect it to individuals, for instance in personalizing a webpage, or pre-filling a form with their details. For more information on Ability Aid’s analytics tools, read Google’s privacy policy.
3.6 What third parties does Ability Aid disclose personal information to?
Ability Aid may disclose personal information to third parties where appropriate for the purposes set out above, including disclosure to:
- (a) Ability Aid’s funding providers;
- (b) government and regulatory bodies, including the National Disability Insurance Agency, Medicare, the Department of Social Services, the Department of Health & Human Services, and the Australian Taxation Office;
- (c) people acting on their behalf including their nominated representatives, legal guardians, executors, trustees, and legal representatives;
- (d) the police, or to the Disability Services Commissioner, or to comply with compulsory notices from courts of law, tribunals or Government Agencies;
- (e) financial institutions for payment processing;
- (f) referees whose details are provided to Ability Aid by job applicants; and
- (g) Ability Aid’s contracted service providers, including:
- (1) information technology service providers
- (2) invoice processing service providers
- (3) marketing and communications service providers including call centers
- (4) freight and courier services
- (5) external business advisers (such as recruitment advisors, auditors, and lawyers).
In the case of these contracted service providers, Ability Aid may disclose personal information to the service provider and the service provider may, in turn, provide Ability Aid with personal information collected from individuals in the course of providing the relevant products or services.
3.7 How is personal information stored and used?
(a) Ability Aid holds personal information in a number of ways, including in hard copy documents, electronic databases, email contact lists, and in paper files held in drawers and cabinets. Paper files may also be archived in boxes and stored offsite in secure facilities.
(b) Ability Aid must take reasonable steps to:
- (1) make sure that the personal information that Ability Aid collects, uses and discloses is accurate, up to date and complete and (in the case of use and disclosure) relevant;
- (2) protect the personal information that Ability Aid holds from misuse, interference and loss and from unauthorized access, modification or disclosure; and
- (3) destroy or permanently de-identify personal information that is no longer needed for any purpose that is permitted by the Australian Privacy Principles, subject to other legal obligations and retention requirements applicable to Ability Aid.
(c) Ability Aid Workers must only access and use personal information for a valid work purpose. When handling personal information, Workers should:
- (1) confirm recipient details before sending faxes or emails;
- (2) always store any hard copies of confidential information that is not being used in a secure cabinet or room;
- (3) be aware of the surroundings and people nearby;
- (4) limit taking hard copy information away from secure sites;
- (5) secure information when traveling e.g. in briefcase, folder etc.;
- (6) dispose unneeded copies of information securely; and
- (7) ensure the information is available to people who need to access it.
(d) Ability Aid Workers may only share personal information as set out under this policy and in circumstances permitted under law.
3.8 How is personal information kept secure?
Ability Aid ensures that the personal information is protected by security safeguards that are reasonable in the circumstances to take against the loss or misuse of the information.
The steps Ability Aid takes to secure the personal information Ability Aid holds include:
- (a) online protection measures (such as encryption, firewalls, and anti-virus software);
- (b) security restrictions on access to Ability Aid’s computer systems (such as login and password protection) and cloud-based storage (using Google Drive and OneDrive);
- (c) controlled access to Ability Aid’s premises;
- (d) personnel security (including restricting the use of personal information by Ability Aid Workers to those who have a legitimate need to know the information for the purposes set out above); and
- (e) training and workplace policies.
3.9 Information retention
Unless otherwise required by law, all Client records and personal information will be retained for at least seven years after a Client ceases to be a client.
3.10 Information disposal
(a) Workers should ensure record retention requirements have been met prior to the disposal of any personal information.
(b) When disposing of personal information, Workers should:
- (1) Place unneeded working documents or copies of information in secure bins or adequate shredders.
- (2) Ensure any electronic media including computers, hard drives, USB keys, etc. are sanitized when no longer required.
3.11 Privacy incidents
Privacy incidents may result from unauthorized people accessing, changing, or destroying personal information. Examples of situations from which incidents may arise include:
- (a) the accidental download of a virus onto an Ability Aid computer;
- (b) discussing or sharing of personal information on a social networking website such as Facebook;
- (c) loss or theft of a portable storage device containing personal information;
- (d) non-secure disposal of hard copies of personal information (i.e. placing readable paper in a recycle bin or hard waste bin);
- (e) documents sent to the wrong fax number or email address; and
- (f) documents sent to a free web-based email account such as Yahoo!, Gmail, or Hotmail.
Privacy incidents can:
- (g) occur due to accidental or deliberate actions;
- (h) result from human error or technical failures; and
- (i) apply to information in any form, whether electronic or hard copy.
3.12 Incident reporting
It is vital all privacy incidents are reported as soon as possible so that their impact may be minimized. Employees should be aware of:
- (a) how to identify potential privacy incidents
- (b) the reason for reporting incidents is so their impact can be minimized – not to punish individuals
- (c) the need to report all incidents to their manager as soon as they become aware of them.
Ability Aid must report all Client related privacy incidents to the:
- (a) Department of Health;
- (b) NDIS Commission
- (c) Office of the Australian Information Commissioner,
as applicable, within one business day of becoming aware of, or being notified of a possible privacy incident, or within one business day of an allegation being made of a potential breach.
A breach of Client privacy may have a major impact, a non-major impact, or be a near miss or an incident with no apparent impact on a Client. In each case, the incident has to be reported and managed in accordance with the Incident Management and Reporting Policy
3.13 Access and Correction
Clients have a legal right to request access or correction of their personal information held by Ability Aid.
Clients may ask individuals to verify their identity before processing any access or correction requests, to ensure that the personal information Ability Aid holds is properly protected.
3.14 Complaints
If a Client has a complaint about how Ability Aid has collected or handled their personal information, it will be managed in accordance with the Ability Aid Feedback and Complaints Management System.
4. General
4.1 Relevant Legislation, Regulations, Rules and Guidelines
Legislation, Rules, Guidelines, and Policies apply to this policy and supporting documentation as set out in the Legislation Register
4.2 Inconsistency
If and to the extent that the terms of this Policy are or would be inconsistent with the requirements of any applicable law, this Policy is deemed to be amended but only to the extent required to comply with the applicable law.
4.3 Policy Details
Approved By: The board of Hemadave Courier Pty Ltd
Approval Date: January 2022
Next Scheduled Review: January 2024
Version: 1
Contact us today!
0470350468 | contactus@abilityaid.net.au