Book your tour now: Beautiful newly renovated, modern independent living villas at Janoah Gardens, Manly West.

Privacy Policy

Policy

We will use all reasonable efforts to protect the privacy of individuals’ personal information and to comply with the obligations imposed by the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APP), the Aged Care Act and the Aged Care Principles.

This policy applies to all staff (including contracted agency staff) and volunteers.

We will only collect personal information by lawful and fair means and will only collect personal information that is necessary for one or more of our organisation’s functions or activities.

If it is reasonable and practicable to do so, we will collect personal information about an individual only from that individual.

In meeting our obligations with respect to the privacy of our clients we will acknowledge that people with disability, cognitive impairment, low literacy, or from culturally and linguistically diverse backgrounds, may require special consideration and we will take reasonable steps to support dignity, understanding and informed decision‑making.

Purpose Of Policy

The purpose of this policy and procedure is to:

  • ensure personal information is managed in an open and transparent way;
  • protect the privacy of personal information including Health Information of clients, residents and staff;
  • provide for the fair collection and handling of personal information;
  • ensure that personal information we collect is used and disclosed for relevant purposes only;
  • regulate the access to and correction of personal information; and
  • ensure the confidentiality of personal information through appropriate storage and security.

Definitions

What is “Personal Information”?

Personal Information is information or an opinion, whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

What is “Sensitive Information”?

Sensitive Information includes information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record, biometric information, biometric templates, health information about an individual, and genetic information.

What is “Health Information”?

Health Information is:

  • information or an opinion about:
    1. the health or a disability (at any time) of an individual;
    2. an individual’s expressed wishes about the future provision of health services to him or her; or
    3. a health service provided, or to be provided, to an individual that is also personal information; or
  • other personal information collected to provide, or in providing, a health service;
  • other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances; or
  • genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual.

What is “Unsolicited Information”?

Unsolicited Information is all personal information received from an individual that we did not actively seek to collect.

What is an “Employee Record”?

An Employee Record is a record of personal information relating to the employment of the employee. Examples of personal information relating to the employment of the employee are health information about the employee and personal information about all or any of the following:

  • the engagement, training, disciplining or resignation of the employee;
  • the termination of the employment of the employee;
  • the terms and conditions of employment of the employee;
  • the employee’s personal and emergency contact details;
  • the employee’s performance or conduct;
  • the employee’s hours of employment;
  • the employee’s salary or wages;
  • the employee’s membership of a professional or trade association;
  • the employee’s trade union membership;
  • the employee’s recreation, long service, sick, personal, maternity, paternity or other leave; and
  • the employee’s taxation, banking or superannuation affairs.

Collection, Use and Disclosure

We will collect and use information about you during the course of your relationship with us in a lawful, fair and transparent manner, consistent with the Australian Privacy Principles and this Policy. We explain below when and how we may collect, use and disclose this information.

It is important that the information we hold about you is up to date. You must let us know when the information you have provided has changed.

Collection Of Personal Information

Purpose of collection of Personal Information

We will only collect Personal Information about an individual by fair and lawful means and only if the information is necessary for one or more of our functions as an aged care provider and collection of the Personal Information is necessary to:

  • comply with the provisions of state or commonwealth law;
  • provide data to government agencies in compliance with state or commonwealth law;
  • determine eligibility to entitlements provided under any state or commonwealth law;
  • provide appropriate services and care;
  • enable contact with a nominated person regarding a client’s health status; and
  • lawfully liaise with a nominated representative and to contact family if requested or needed.

Some individuals may not want to provide information to us. The information we request is relevant to providing them with the care and services they need. If the individual chooses not to provide us with some or all of the information we request, we may not be able to provide them with the care and services they require.

We will not collect your Sensitive Information (including Health Information) unless the collection of the information is reasonably necessary for or directly related to one or more of our functions and:

  • you have consented to the collection of this information; or
  • the collection of the information is required to be authorised by or under an Australian law or a court/tribunal order; or
  • a permitted general situation exists to the collection of the information; or
  • a permitted health situation exists in relation to the collection of the information; or
  • we are a non-profit organisation and:
    1. the information relates to our activities; and
    2. the information relates only to the members of the organisation, or to individuals who have regular contact with us and our activities.

Methods Of Collection

Personal Information and Sensitive Information (including Health Information), may be collected:

  • from a client or resident;
  • from any person or organisation that assesses health status or care requirements, for example the Aged Care Assessment Team;
  • from the health practitioner of a client or resident;
  • from other health providers or facilities;
  • from family members or significant persons of a client or resident; and
  • from a legal advisor of a client or resident.

We will collect Personal Information from the client or resident unless:

  • we have the consent of the client or resident to collect the information from someone else; or
  • we are required or authorised by law to collect the information from someone else; or
  • it is unreasonable or impractical to do so.

At admission, a client or resident should identify any parties from whom they do not wish Personal Information accessed or to whom they do not wish Personal Information provided.

This should be recorded in the file of the client or resident and complied with to the extent permitted by law.

Unsolicited Information

If Bethany Christian Care receives Personal Information that it did not actively seek to collect, we will, within a reasonable period, determine whether the information could have been lawfully collected under the Australian Privacy Principles.

If the information could not have been lawfully collected and is not required by law to be retained, the information will be destroyed or de‑identified as soon as practicable, where lawful and reasonable to do so.

Staff records

We must keep a record in respect of staff about:

  1. basic employment details such as the name of the employer and the employee and the nature of their employment (eg part-time, full-time, permanent, temporary or casual);
  2. pay;
  3. overtime hours;
  4. averaging arrangements;
  5. leave entitlements;
  6. superannuation contributions;
  7. termination of employment (where applicable); and
  8. individual flexibility arrangements and guarantees of annual earnings.

We may also collect Personal Information about a staff member relating to his/ her employment being Employee Records (as defined above).

Notification

We will at or before the time or as soon as practicable after we collect Personal Information from an individual take all reasonable steps to ensure that the individual is notified or made aware of:

  1. our identity and contact details;
  2. the purpose for which we are collecting Personal Information;
  3. the identity of other entities or persons to whom we usually disclose Personal Information;
  4. that our privacy policy contains information about how the individual may complain about a breach of the APPs and how we will deal with a complaint;
  5. whether we are likely to disclose Personal Information to overseas recipients and if so, the countries in which such recipients are likely to be located and if practicable, to specify those countries.

Use and disclosure of information

a. Permitted disclosure

We may not use or disclose Personal Information for a purpose other than the primary purpose of collection, unless:

  1. the secondary purpose is related to the primary purpose (and if Sensitive Information directly related) and the individual would reasonably expect disclosure of the information for the secondary purpose;
  2. the individual has consented;
  3. the information is Health Information and the collection, use or disclosure is necessary for research, the compilation or analysis of statistics, relevant to public health or public safety, it is impractical to obtain consent, the use or disclosure is conducted within the privacy principles and guidelines and we reasonably believe that the recipient will not disclose the Health Information;
  4. we believe on reasonable grounds that the disclosure is necessary to prevent or lessen a serious and imminent threat to an individual’s life, health or safety or a serious threat to public health or public safety;
  5. we have reason to suspect unlawful activity and use or disclose the Personal Information as part of our investigation of the matter or in reporting our concerns to relevant persons or authorities;
  6. we reasonably believe that the use or disclosure is reasonably necessary to allow an enforcement body to enforce laws, protect the public revenue, prevent seriously improper conduct or prepare or conduct legal proceedings; or
  7. the use or disclosure is otherwise required or authorised by law.
b. Cross border disclosure

We will not disclose an individual’s Personal Information to an overseas recipient. If we do, we will take all steps that are reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles, unless:

  1. the overseas recipient is subject to laws similar to the Australian Privacy Principles and the individual has mechanisms to take action against the overseas recipient;
  2. we reasonably believe the disclosure is necessary or authorised by Australian Law; or
  3. the individual has provided express consent to the disclosure.

c. Disclosure of Health Information

We may disclose Health Information about an individual to a person who is responsible for the individual if:

  • the individual is incapable of giving consent or communicating consent;
  • the service manager is satisfied that either the disclosure is necessary to provide appropriate care or treatment or is made for compassionate reasons or is necessary for the purposes of undertaking a quality review of our services (and the disclosure is limited to the extent reasonable and necessary for this purpose); and
  • the disclosure is not contrary to any wish previously expressed by the individual of which the service manager is aware, or of which the service manager could reasonably be expected to be aware and the disclosure is limited to the extent reasonable and necessary for providing care or treatment.

A person responsible is a parent, a child or sibling, a spouse, a relative, a member of the individual’s household, a guardian, an enduring power of attorney, a person who has an intimate personal relationship with the individual, or a person nominated by the individual to be contacted in case of emergency, provided they are at least 18 years of age.

Access

You have a right to request that we provide you access to the Personal Information we hold about you (and we shall make all reasonable attempts to grant that access) unless providing access:

  • is frivolous or vexatious;
  • poses a serious threat to the life or health of any individual;
  • unreasonably impacts upon the privacy of other individuals;
  • jeopardises existing or anticipated legal proceedings;
  • prejudices negotiations between the individual and us;
  • be unlawful or would be likely to prejudice an investigation of possible unlawful activity;
  • an enforcement body performing a lawful security function asks us not to provide access to the information; or
  • giving access would reveal information we hold about a commercially sensitive decision making process.

Requesting Access

Requests for access to information can be made orally or in writing and addressed to the service manager of the relevant service. We will respond to each request within a reasonable timeframe generally within 14–30 days, unless a longer period is required or permitted by law.

Declining access

An individual’s identity should be established prior to allowing access to the requested information. If unsatisfied with the individual’s identity or access is requested from an unauthorised party, we can decline access to the information.

We can also decline access to information if:

  • there is a serious threat to life or health of any individual;
  • the privacy of others may be affected;
  • the request is frivolous or vexatious;
  • the information relates to existing or anticipated legal proceedings; or
  • the access would be unlawful.

We will provide in writing the reasons for declining access to the requested information.

Granting access

On request (and after determining an individual’s right to access the information) we should provide access to Personal Information.

Charges

If we charge for providing access to Personal Information, those charges will not be excessive.

Personal Information Quality

We aim to ensure that the Personal Information we hold is accurate, complete and up-to-date. Please contact us if any of the Personal Information you have provided to us has changed. Please also contact us if you believe that the information we have about you is not accurate, complete or up-to-date.

Correction

If an individual establishes the Personal Information held about them is inaccurate, incomplete, out-of-date, incomplete, irrelevant or misleading we must take reasonable steps to correct the information.

If we disagree with an individual about whether information is accurate, complete and up-to-date, and the individual asks us to associate with the information a statement claiming that the information is inaccurate, incomplete, out-of-date, incomplete, irrelevant or misleading we must take reasonable steps to do so.

If we refuse to correct the Personal Information as requested by the individual, we will give the individual written notice that sets out:

  • the reasons for the refusal, except to the extent that it would be unreasonable to refuse;
  • the mechanisms available to complain about the refusal; and
  • any other matter prescribed by the regulations.

Direct Marketing

Personal Information

We will not use or disclose Personal Information about an individual for the purposes of direct marketing, unless the information is collected directly from you and:

  • you would reasonably expect us to use or disclose your Personal Information for the purpose of direct marketing; and
  • we have provided you a means to ‘opt-out’ and you have not opted out.

Sensitive Information

We will not use or disclose Sensitive Information about an individual for the purposes of direct marketing, unless the individual has consented to the information being used for direct marketing.

An individual’s rights in relation to direct marketing activities

If we use information for the purposes of direct marketing the individual may:

  • ask us not to provide direct marketing communications to us
  • ask us not to disclose or use the information
  • ask us to provide the source of the information.

Personal Information Security

We are committed to keeping secure the Personal Information you provide to us.

We will take all reasonable steps to ensure the Personal Information we hold is protected from misuse, interference, loss, from unauthorised access, modification or disclosure.

Information of a Client or Resident

  • We must keep the records of a client or resident in a secure storage area.
  • If the records are being carried while providing care only the staff member carrying the records will have access to them.
  • Records of previous clients and residents and earlier unused volumes of current clients or residents shall be archived and stored in a locked service away from general use.
  • Only health professionals attending to the care of a client or resident are to have access to information of the client or resident. All records shall only be used for the purpose it was intended.
  • A client or resident, or his/ her representatives shall be provided access to records as requested and after consultation with the service manager. At these times, a qualified staff member is to remain with a client or resident or representative to facilitate the answering of any questions raised.
  • Details of a client or resident are not to be provided over the phone, unless the staff member is sure of the person making the inquiry. If in doubt, consult the service manager.
  • No staff shall make any statement about the condition or treatment of a client or resident to any person not involved in the care except to the immediate family or representative of the client or resident and then only after consultation with the service manager.
  • All staff must be discreet with their comments at all times, protecting and respecting the privacy, dignity and confidentiality of all clients and residents.
  • Handovers shall be conducted in a private and confidential manner.

Security measures

Bethany Christian Care takes reasonable steps to protect Personal Information from misuse, interference, loss, unauthorised access, modification or disclosure. These controls include:

  • secure storage of paper records, including locked filing cabinets and restricted‑access areas;
  • controlled access to offices and administrative areas where Personal Information is stored;
  • electronic security measures such as password protection, access permissions, firewalls, and virus‑protection software;
  • requirements for staff to secure or log off electronic systems when Personal Information is not in active use; and
  • contractual requirements for information technology and other service providers to implement appropriate security measures and notify Bethany Christian Care of any actual or suspected security incidents.

Access to Personal Information is restricted to staff and contractors who require access to perform their duties.

Mandatory Data Breach Notifications

Aged Care Providers must report an “eligible data breach” to the Office of the Australian Information Commissioner (OAIC) and to the affected individuals as soon as practicable after becoming aware of an eligible data breach. An investigation into a data breach must be undertaken within 30 days of becoming aware of the breach.

A data breach is considered an eligible data breach if it is likely to result in serious harm to any individual the breach effects.

The Privacy Officer is responsible to responding to data breaches on behalf of Bethany Christian Care.

The OAIC website contains information regarding mandatory reporting. See attached link: Report a data breach - Home (oaic.gov.au)

Media

No member of staff shall make any statement to the press, radio or television station or to any reporter for the media. If a staff member is approached to make a statement or comment they must refer the person to our Chief Executive Officer.

Grievance Procedure

How to make a complaint

If you wish to make a complaint about the way we have managed your Personal Information you may make that complaint verbally or in writing by outlining out the details of your complaint to any of the following:

  • Our Privacy Officer (who is our Systems and Processes Manager)

Phone: (07) 3737 5080

Fax: (07) 3841 5088

Email: bethany@bethanycc.org.au

  • Clinical Manager (The Plains or Janoah Gardens)

Phone: (07) 3737 5000

Fax: (07) 3423 0304

Email: bethany@bethanycc.org.au

  • The CEO

Phone: (07) 3737 5080

Fax: (07) 3841 5088

Email: bethany@bethanycc.org.au

Alternatively, complaints may also be referred to a number of services as set out below:

  • Australian Information Commissioner

The Australian Information Commissioner receives complaints under the Act. Complaints can be made:

Online: Privacy complaints - Home (oaic.gov.au)

By phone: on 1300 363 992

In writing:

Address your letter to the Australian Information Commissioner at the:

Office of the Australian Information Commissioner

GPO Box 5218

Sydney NSW 2001

  • Aged Care Quality and Safety Commission

The Aged Care Quality and Safety Commission receives complaints under the Act. Complaints can be made:

Online: At Making a complaint | Aged Care Quality and Safety Commission

By phone: on 1800 951 822.

Or if you need an interpreter you can phone the Translating and Interpretation Service on 131 450 and ask to be put through to the Aged Care Complaints Scheme on 1800 951 822.

For hearing or speech impaired TTY users, phone 1800 555 677 then ask for 1800 951 822.

For Speak and Listen users, phone 1800 555 727 then ask for 1800 951 822.

For Internet relay users, connect to National Relay Service and enter 1800 951 822.

In writing:

Address your letter to the Aged Care Quality and Safety Commission at:

GPO Box 9819

IN YOUR CAPITAL CITY

How we will deal with your complaint

The complaint will be investigated by us in accordance with our internal procedures and processes.

The complainant may be invited to participate in a conference by the staff member conducting the investigation. At the discretion of the Bethany Christian Care manager with responsibility for the investigation, other interested parties may also be invited to participate in the conference to discuss the nature of the complaint and attempt to resolve it. This may include the presence or participation of a support person or advocate for the complainant.

The complainant will be provided with a response to his/ her complaint within a reasonable timeframe after completion of any investigation. This response will be in writing and will include the outcome of the investigation, any proposed action and details of the right to lodge a complaint with any relevant external organisations.

Privacy Officer

Bethany Christian Care undertakes privacy monitoring and assurance activities to assess compliance with this policy and the Australian Privacy Principles. These activities may include periodic reviews of information handling practices, staff education and training, and privacy audits coordinated by the Privacy Officer. We have appointed a Privacy Officer to manage and administer all matters relating to protecting the privacy of individuals’ Personal Information. Our Privacy Officer is our Systems and Processes Manager.

The Privacy Officer can be contacted if any relevant person wishes to obtain more information about any aspect of this policy or about the way in which we operate to protect the privacy of individuals’ Personal Information.

As stated above, complaints may also be made to the Privacy Officer if any person suspects we have breached this Privacy Policy, the Australian Privacy Principles or he/ she is otherwise unhappy with the management of his/ her, or if he/ she is responsible for another person, that person’s Personal Information.

Annual Review

This policy, along with our Collection Statement, will be reviewed at least two-yearly for currency/ accuracy/ compliance, by the senior management of Bethany Christian Care.

Bethany Christian Care

The Plains

333 Underwood Road
Eight Mile Plains, QLD 4113

Janoah Gardens

11 Audell Street
Manly West, QLD 4179