Give us a Call
1800 - 828 - 585
Come see us
402/1 Como Crescent, 4215
Send us a Message
intake@aspirealliedhealth.com.au
Opening Hours
08:30 - 17:00

1.1 Privacy in Australia is predominantly governed by the Privacy Act 1988 (Cth). Under the Act there are 13 Australian Privacy Principles (APP).

 

1.2 The Act applies to:

(a) Australian Government agencies, including their contracted service providers;

(b) Organisations with an annual turnover of more than $3 million; and

(c) Certain smaller businesses such as private sector health providers, businesses dealing with credit information, and those that ‘opt in’ to the APP.

 

1.3 Aspire is a private sector health provider by reason of its provision of allied health services. Accordingly, it is required to comply with the Privacy Act and is bound by the APP

2.1 ‘Personal information’ is information or an opinion about a person who is identified or who is reasonably able to be identified. It does not matter whether the information is true, or whether it is recorded in material form.

For example: Name, address, telephone number, date of birth, observation notes.

 

2.2 ‘Sensitive personal information’ is information of a particular nature about an individual. It can be:

(a) Specific personal information (such as ethnicity, religious beliefs, political opinions, sexual orientation, and criminal history);

(b) Health information about the individual;

(c) Genetic information about the individual; or

(d) Biometric information (e.g. fingerprints) and templates.

3.1 Aspire collects personal information and sensitive personal information about participants as a necessary and usual part of its business operations.

 

3.2 The primary manner in which this information is collected is via the Service Access process. Aspire may also collect information through other, less formal, means.

 

3.3 Aspire only collects information which is:

(a) Relevant to conducting its provision of allied health services; and

(b) Required by law.

The relevance of some information may be solely to establish the participant’s identity, as this is an important aspect of ensuring privacy is maintained.

 

3.4 Aspire may also collect information about a participant’s family and carers. This is particularly relevant where the participant is under the age of 18 years old or is under a legal guardianship.

 

3.5 Aspire will collect some or all of the following information about participants. Aspire considers the following information categories to be relevant to its operations and effective delivery of services:

(a) Full name, including previous names;

(b) Gender;

(c) Date of birth;

(d) Disability status (physical and mental);

(e) Employment status;

(f) Address (postal and residential);

(g) Telephone contact numbers;

(h) Email address;

(i) Bank account details (where relevant, for refund purposes);

(j) Tax File Number;

(k) Centrelink identifiers; and

(l) Medical information, particularly with respect to:

- Diagnoses;

- Clinical opinions and notes;

- Medication prescriptions and records.

4.1 Aspire collects personal information about its employees and personnel.

4.2 The primary way this information is collected is during the employment process. Aspire may also collect information through other, less formal, means.

 

4.3 Aspire only collects information which is:

(a) Relevant to the person’s employment with Aspire; and

(b) Required by law.

The relevance of some information may be solely to establish the person’s identity, as this is an important aspect of ensuring privacy is maintained and conducting relevant employment checks and screening required for participation in the allied health industry.

 

4.4 Aspire will collect some or all of the following information about personnel. Aspire considers the following information categories to be relevant to its operations and effective delivery of services:

(a) Full name, including previous names;

(b) Gender;

(c) Date of birth;

(d) Disability status (physical and mental);

(e) Current employment role, status, and employer;

(f) Address (postal and residential);

(g) Telephone contact numbers;

(h) Email address;

(i) Name and contact details of next of kin/emergency contact;

(j) Bank account details (for payment of remuneration);

(k) Tax File Number;

(l) Superannuation provider nomination;

(m) Evidence of qualifications/registrations relevant to their role;

(n) Previous employment history;

(o) Criminal history;

(p) Name and contact details for personal references; and

(q) Such other information as necessary to conduct required employment screening and background checks for employees in the allied health industry.

5.1 Aspire will make use of personal information for both direct and indirect uses.

 

5.2 The direct uses relevant to participants are:

(a) To provide allied health services to the participant;

(b) To create and keep record of clinical notes concerning the services provided to participants; and

(c) To safeguard the health and wellbeing of participants.

 

5.3 The indirect uses relevant to participants include:

(a) To verify a participant’s identity;

(b) With consent, communicating information about services which Aspire may provide to participants;

(c) With consent, using the participant’s likeness and/or comments in marketing and promotional material;

(d) Internal reporting and record keeping;

(e) For communication to police, health care, and government agencies in the event of emergency;

(f) Pursuant to the consent or authorisation of the participant (or their legal guardian);

(g) Complying with regulator investigation and audit activity; and

(h) By compulsion of law, including lawful request from government bodies and by order of a court of competent jurisdiction.

 

5.4 The direct uses relevant to employees and personnel are:

(a) Conducting necessary and prudent background checks prior to employment; and

(b) Administering the employer/employee relationship.

 

5.5 The indirect uses relevant to employees and personnel include:

(a) Contacting relevant parties in the event of an emergency; and

(b) With consent, using the person’s likeness and/or comments in marketing and promotional material.

6.1 Aspire must disclose personal information in the following circumstances:

(a) For National Disability Insurance Scheme (NDIS) participants, in accordance with the requirements of the National Disability Insurance Agency (NDIA);

(b) With respect to child safety matters, in accordance with the requirements of the Department of Children, Youth Justice and Multicultural Affairs (or such other equivalent government department in a corresponding jurisdiction);

(c) At the written direction of the person (or their legal guardian) to whom it relates;

(d) By order of a court of competent jurisdiction; or

(e) By lawful requirement of a government body with appropriate legislative authority.

 

6.2 Aspire may disclose personal information about participants in the following circumstances:

(a) At the written request of a participant’s health care provider who provides an appropriate written consent from the participant to whom the information relates (or their legal guardian);

(b) To a related corporation of Aspire for purposes relating to the provision and administration of services to the participant;

(c) To an appropriate member of Aspire’s personnel, or professional consultant, for legitimate purposes connected with their services to Aspire;

(d) To a third party service provider for a purpose connected to the current provision of allied health services to the participant; or

(e) To an external dispute resolution professional for the purposes of settling a dispute, with the participant’s consent (or that of their legal guardian).

 

6.3 Aspire may disclose personal information about employees and personnel for all necessary and incidental activities pertaining to their employment.

 

6.4 Personal and sensitive personal information may only be disclosed in one of three manners:

(a) By personnel of Aspire in the course of their ordinary activities, to the limit and in the manner reasonably necessary to fulfil those activities;

(b) By a responsible officer of Aspire in answer to a legal compulsion; or

(c) By a manager or director of Aspire in accordance with the principles set out in this policy.

 

6.5 In all circumstances, Aspire shall reasonably determine whether an appropriate authority to disclose information has been received.

7.1 Aspire will take all reasonable and necessary precautions to ensure the safe and effective management of personal information and sensitive personal information.

 

7.2 All digital information records of personal information (including sensitive and medical information) shall be kept:

(a) Via the CTARS application in secure cloud-based servers physically located within Australia at top-tier secure data centres, which are continuously monitored for digital and physical access;

(b) In an encrypted format at rest, in use, and in communication (to and from the server); and

(c) Protected at all times by complex, algorithmically generated password authentication processes.

 

7.3 All physical information records shall be kept:

(a) Administration offices:

i. The majority of files are kept electronically;

ii. All physical files are kept in locked filing cabinets;

iii. Administration areas are generally not accessible except by administration personnel. Where such areas are publicly accessible, members of the public are escorted by personnel; and

iv. Files are only accessible by personnel members with reason and authority to access them;

(b) Therapy rooms:

i. All physical files are kept in locked filing cabinets;

ii. Only files relevant to the participant being provided with services are accessed; and

iii. Files in use are kept in the immediate vicinity of personnel who have reason and authority to access them;

(c) Accommodation:

i. Residences only hold physical files which are relevant to the participants in residence at that location;

ii. All files are kept in the support workers’ office, which is locked when support workers are not occupying them;

iii. Files within the office are kept in locked drawers; and

iv. Files are only accessible by personnel members with reason and authority to access them;

(d) Archival:

i. Archived files stored in a locked room at an administration office;

ii. The administration office is not generally accessed by members of the public; and

iii. Files are only accessible by personnel members with reason and authority to access them.

8.1 Aspire shall retain information in accordance with its legislated and regulatory requirements. All records will be kept for a minimum period of seven years.

 

8.2 Aspire may keep participant records exceeding these time frames, at its election on a case-by-case basis.

9.1 Participants, employees, and personnel have a right to access information which Aspire holds about them.

 

9.2 Relevant persons may request access verbally or in writing, but the access request must be sufficiently particular so that Aspire can determine what information is being sought.

 

9.3 When requested to do so, Aspire will respond to a request for access within 30 days.

 

9.4 Aspire will determine a request for information access in accordance with the Information Access Procedure.

 

9.5 Aspire may impose a charge for providing access to the information (but not a charge for requesting access). The charge, if levied, will represent the cost to Aspire in providing the access (such as labour costs to retrieve the information, copying/scanning documents, and postage where applicable).

10.1 Aspire will correct information that it holds about, or in connection with, participants and personnel (expressly including family and next of kin) which is inaccurate, out-of-date, incomplete, irrelevant, or misleading.

 

10.2 To ascertain information that needs correction, Aspire will use:

(a) Self-reporting, via information credibly known or acquired;

(b) Information from trusted, credible third parties (including courts, tribunals, government departments and agencies);

(c) The person to whom the information pertains (whether by request or otherwise); and

(d) Established and authorised guardians, representatives, and advocates of the person to whom the information pertains.

 

10.3 Aspire will take steps to verify the information as it determines is relevant according to the circumstances and nature of the information. This may include seeking confirmation from the person to whom the information pertains.

 

10.4 Aspire may refuse to change information if it is not able to credibly verify the correctness of the information change.

 

10.5 Aspire may give written notice to a person about whom a change has been made. Aspire will determine the need to do so according to the nature and circumstances of the change. Example considerations are:

(a) The relevant person informed Aspire of the change required;

(b) The relevant person requested confirmation of the change;

(c) Whether the change is material or incidental to the services provided by Aspire;

(d) The likelihood that the person is reasonably aware of the information being changed; and

(e) Lawful directions and requirements from courts, tribunals, law enforcement, government departments and agencies.

 

10.6 Aspire may, at its discretion and when reasonable to do so, elect not to update information which is no longer necessary to the conduct of its activities.

Example: Aspire may elect not to update information it holds about a person who is no longer received services, and who is not credibly expected to resume services.

11.1 Complaints that Aspire has breached this policy or its lawful obligations with respect to privacy shall be determined in accordance with Aspire’s Feedback, Compliments and Complaints Policy.

 

11.2 Alternatively, complaints may be made to the:

Australian Information Commissioner

GPO Box 5218 SYDNEY NSW 2001

Phone: 1300 363 992

Email: enquiries@oaic.gov.au Website: https://www.oaic.gov.au/individuals/how-do-i-make-a-privacy-complaint

 

Skip to content