H1 Healthcare has systems to meet regulatory requirements. Information is used responsibly to inform the decision making process to improve services provided to clients.
H1 Healthcare is committed to providing a culture for privacy of personal information and systems for responsible handling of personal information collected.
Staff must ensure information is as accurate as possible and must undertake steps to maintain the security and confidentiality of personal information.
H1 Healthcare policies and procedures are designed to keep information private, and to assist H1 Healthcare representatives in upholding and promoting dignity at all times for all clients and staff.
When collecting personal information from clients and staff H1 Healthcare will take reasonable steps to ensure that the individual is aware of:
- H1 Healthcare’s identity and how to contact H1 Healthcare
- The fact that he or she is able to gain access to the information
- The purpose for which the information is collected
- To whom (or the types of individuals or organisations to which) H1 Healthcare usually discloses information of this kind
- Any law that requires the particular information to be collected
- The main consequences (if any) for the individual if all or part of the information is not provided.
H1 Healthcare will collect personal information directly from the subject of the information, where it is reasonable and practicable to do so. If H1 Healthcare collects the information from a third party (i.e. not directly from the subject), H1 Healthcare will take reasonable steps to ensure that the subject of the information is or has been made aware of the matters listed in the paragraph above.
With relation to H1 Healthcare clients the H1 Healthcare Consent form is completed and filed in the clients file to ensure collection is authorised. Other forms that may be required include:
- Request to correct Information
- Request to access Information
- Notification of refusal
Use and Disclosure
Any requests related to access and/or release of information is submitted to and processed by a nominated Director. This clause should be read in conjunction with POL-1.1 Accessing Personal Files.
H1 Healthcare will only disclose personal information for a purpose other than the primary purpose of collection (a secondary purpose) if:
- The secondary purpose is related to the primary purpose of collection, the subject of the information would reasonably expect H1 Healthcare to disclose the information for the secondary purpose, and the disclosure is made in the performance of a person’s duties as an employee of H1 Healthcare; or
- The individual has consented to/ requested the disclosure (e.g. to another service provider); or
- H1 Healthcare reasonably believes that the disclosure is necessary to prevent or lessen a serious and imminent threat to an individual’s life or health; or
- The disclosure is required or specifically authorised by law (e.g. to the Department of Health and Human services with relation to incident reporting).
H1 Healthcare will take all reasonable steps to ensure that the personal information it collects, uses or discloses is accurate, complete and up-to-date. H1 Healthcare uses its best endeavours to ensure that personal information is relevant, accurate, complete and up-to-date for the purpose for which it is to be used, both at the time of collection and before each use.
Data Security & Retention
H1 Healthcare will take all reasonable steps to protect personal information it holds from misuse and loss and from unauthorised access, modification and disclosure.
Furthermore it takes reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for any purpose.
On request, H1 Healthcare takes reasonable steps to let individuals know what sort of personal information it holds, for what purposes, and how it collects, uses, and discloses that information.
Access and Correction
Where H1 Healthcare holds personal information about an individual, it will provide the individual with access to the information on request, in a form or manner suitable to the individual’s reasonable needs, except to extent that:
- Providing access would pose a serious and imminent threat to the life or health of any individual; or
- Providing access would have an unreasonable impact upon the privacy of other individuals; or
- The request for access is frivolous or vexatious; or
- The information relates to existing or anticipated legal dispute resolution proceedings between H1 Healthcare and the individual, and the information would not be accessible by the process of discovery in those proceedings; or
- Providing access would reveal H1 Healthcare’s intentions in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
- Providing access would be unlawful.
Individuals may contact us to:
- Request access to their information should they feel it is inaccurate, incomplete, misleading or not up-to-date
- Seek more information about anything contained in this policy
- Request a copy of this policy in a different format
Make a privacy related complaint please contact:
- By telephone: 1300 255 541
- By email: email@example.com
- In writing: Level 1/111 Thistlethwaite St, South Melbourne VIC 3205
Information will be provided via electronic format/ postal service with one business days’ notice, or for those requesting to view information at the H1 Healthcare head office, with the provision of two business days’ notice.
Whenever it is lawful and practicable, individuals will have the option of not identifying themselves when dealing with H1 Healthcare. In instances where H1 Healthcare has an obligation to disclose information or statistics to government bodies, de identified information (e.g. assigning a number in lieu of client name) will be provided to protect the privacy and dignity of all individuals.
H1 Healthcare will not collect personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, or details of health, disability or sexual activity or orientation unless:
- The subject of information has consented; or
- The collection is required or specifically authorised by law; or
- The collection is necessary to prevent or lessen a serious and imminent threat to the life of any individual, where the subject of the information is physically or legally incapable of giving consent; or
- The collection is necessary for the establishment, exercise or defence of a legal or equitable claim.
Breach of Privacy
H1 Healthcare will take all reasonable steps to protect personal information held from misuse, interference and loss, and from unauthorised access, modification or disclosure.
Where a breach in privacy has occurred, H1 Healthcare will follow the steps below:
- Step 1: Contain the breach and do a preliminary assessment
- Step 2: Evaluate the risks associated with the breach
- Step 3: Provide notification to affected individuals – this will involve determining when notification is appropriate so as not to cause undue anxiety and de-sensitise individuals to notice. If a breach in privacy creates a real risk of serious harm to the individual, the individual will be notified immediately and offered an apology.
- Step 4: Prevent future breaches – by investigating the cause and considering whether to review an existing prevention plan, or, if there is no plan in place, develop one.
Transfer/Closure of Service
In the event that H1 Healthcare is being sold, transferred or closed down and not continuing services, H1 Healthcare will give notice of the transfer or closure to all service users.