PURPOSE

The purpose of this policy is to outline Mikayla Howe’s privacy and confidentiality principles when collecting, using, storing, and disclosing information.

SCOPE

This policy is applicable to all Mikayla Howe staff, board members, contractors, students and volunteers and any other persons carrying out activities on behalf of Mikayla Howe irrespective of their employment status.

POLICY STATEMENT

Mikayla Howe is committed to protecting the privacy and confidentiality of clients, staff, and stakeholders in the way personal and private information (including, but not limited to health information) is collected, stored, and shared. Mikayla Howe adheres to the following privacy and confidentiality principles:

1. Mikayla Howe will uphold all individuals legislated rights to privacy of personal information, in accordance with the Australian Privacy Principles as detailed in the Privacy Act 1988 and the specific Victorian requirements in relation to health information detailed in the Health Records Act 2001.

2. Personal and health information will be collected from individuals as is necessary to provide a safe and quality service. Such information will be used to deliver services to individuals, and for approved secondary purposes such as funding, management, planning, monitoring, improvement or evaluation, or training provided by Mikayla Howe to employees or persons working with the organisation.

3. Clients have a right to seek access to the health information held about them and to correct it if it is incorrect or misleading, unless doing so would:

• pose a serious threat to the life or health of any person
• have an unreasonable impact on the privacy of other individuals.
• The information relates to existing legal proceedings between the organisation and the individual.

4. Mikayla Howe will take all reasonable steps to protect the information it holds from misuse, loss, unauthorised access, modification and/or disclosure with safeguards appropriate to the sensitivity of the personal information being stored or transmitted.

5. All Mikayla Howe employees will maintain all information in the strictest of confidence with regard to all applicable legislation, including the Health Records Act, Australian Privacy Principles, and employment contracts. Failure to secure information appropriate or evidence of inappropriate access to information that falls outside of the primary or an approved secondary purpose may be considered a breach of the Code of Conduct and result in disciplinary action.

6. All Mikayla Howe stakeholders (including former employees) are prohibited from disclosing information that would identify a current or past patient or client that was obtained as a result of being a patient or client, unless an exception applies and is permitted by law or the patient has consented in accordance with Section 141 of the Victorian Health Services Act 1988.

7. Information contained on Personnel files will be managed in accordance with the Information Privacy Act 2000. Personnel files will only be accessible to the individual, the relevant Team Leader and/or manager, Executive Manager, Human Resources Advisor, Payroll Officer, and the CEO unless under the following exceptional circumstances. Information may only be communicated further where strictly necessary to enable other professionals within the organisation to perform their required duties or illegal or unethical activity has occurred which may require certain relevant information to be passed on to Police or a professional body.

8. Other third-party information (for example individuals applying for positions) will only be retained for the duration of the need (e.g., for the duration of the tendering, recruitment, or grievance process). At the conclusion of this process information will be disposed of in a suitably confidential manner (for example shredded and disposed of in confidential waste bins).

9. All staff will receive training in privacy and confidentiality as part of induction/orientation processes and maintain their understanding through ongoing familiarity with policies and procedures and through ongoing professional development identified through performance and development review and supervision as required to meet the organisation’s legal and ethical obligations to ensure privacy and confidentiality.