This policy statement includes:
- Use and disclosure
- Data quality
- Retention and disposal
- Use of government identifiers
- Access and ownership
- Privacy complaints
- RDNS Privacy Officer.
RDNS is committed to protecting the privacy and security of personal and health information it collects. We adhere strictly to the requirements of the Privacy Act 1988 (Cth) and other relevant privacy legislation.
Our contractors and subcontractors are required to enter into written contracts ensuring their strict compliance with privacy law.
Client means, for the purposes of this policy, individuals who receive RDNS services or, where applicable, other individuals who provide information to RDNS.
Personal and health information
Personal information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in material form or not, about an individual whose identity is apparent, or can be reasonably ascertained, from the information or opinion. Personal information includes health information.
RDNS collects personal and health information to provide services to the best possible standard. Types of personal information which we may collect include:
- identifying and contact information, such as name, age, employment details, email address and mobile phone number
- information about health and health services provided to a client, and
- financial information.
Personal and health information is collected in various forms, eg. paper records and electronic records (including telephone recordings).
Personal and health information is collected with the client’s informed consent (or that of their authorised representative) or otherwise in accordance with the law. Some information may also be collected about persons involved in the care of clients.
RDNS may collect personal and health information directly from the client, from another person involved in the care of the client (for example, a carer, a hospital or a health service provider) or from a person authorised to provide this information on behalf of the client.
Clients are not obliged to identify themselves or disclose their personal or health information when seeking services from RDNS. However, if clients decline to identify themselves, RDNS may not always be able to provide the service or level of service expected or required.
Use and disclosure
Personal and health information collected is used and disclosed by RDNS for the primary purpose of providing health and other care related services to clients.
RDNS may also use and disclose personal and health information to:
- manage our service providers, and
- manage, review, develop and improve our services, processes and systems.
Personal and health information may be disclosed by RDNS to third parties (eg. RDNS contractors, other health providers or government agencies) involved in the client’s care or the provision of our services, or to other providers of goods or services to RDNS, usually with the consent of the client (or their authorised representative) unless otherwise permitted by law.
Personal and health information may be used or disclosed by RDNS without the consent of the client/their authorised representative for a secondary purpose that the client would reasonably expect in the circumstances – or in other circumstances permitted under privacy legislation, including any of the following:
- situations involving a serious and imminent threat to the health, safety or welfare of a client or the public
- if required or permitted by law
- where the client is incapable of giving consent and it is not reasonably practicable to obtain the consent of an authorised representative or there is no authorised representative
- for research, compilation or analysis of statistics in the public interest or relevant to public health and safety in accordance with Guidelines issued by the Australian Information Commissioner/State Health Services Commissioner (or equivalent)
- to an immediate family member on the grounds of necessity or compassion and limited to what is reasonable and necessary and the client is incapable of consenting.
RDNS does not ordinarily disclose personal or health information to any person outside Australia. However, if we do, RDNS will comply with the requirements of privacy legislation regarding overseas disclosures.
RDNS will not use personal information for direct marketing without a client’s (or their authorised representative’s) consent, or unless permitted under privacy legislation. RDNS may use a client’s information to inform them about our fundraising activities.
RDNS takes reasonable steps to ensure that collected personal and health information is accurate, relevant, complete and kept up to date.
RDNS takes reasonable measures to protect personal and health information, in whatever form, from misuse, interference, loss, and unauthorised access, modification or disclosure.
Access to and security of our client record left in the client’s home is the responsibility of the client.
Personal and health information held by RDNS is stored in secure and locked facilities and may only be accessed by authorised staff.
Retention and disposal
RDNS retains client health and personal information in accordance with relevant privacy legislation.
Adults’ records are retained for 7 years from the last date of service.
Minors’ records are retained until the client is 25 years of age, or 7 years after the last date of service, whichever is the later.
Where a service is known to be related to a pregnancy or birth, records are retained for the same period as for minors.
Client records are destroyed as confidential documents after the required retention period.
Use of government identifiers
RDNS will not use government identifiers (eg. Medicare numbers) as our own identifier of clients (ie. UR number).
RDNS may use or disclose such identifiers in circumstances when required for a specific legitimate purpose (eg. where required for funding applications, DVA requirements).
Clients from whom we collect personal and health information are advised as to what information is collected, held, used, disclosed, how it is protected and how it can be accessed and corrected. This information may be given in writing, verbally or both depending on the nature of the service.
Access and ownership
The documents and other media in which personal and health information collected by RDNS is stored, contained or held are the property of RDNS unless agreed otherwise under contract with a third party.
Clients have a legal right to access their personal or health information in accordance with privacy legislation. However, in some circumstances RDNS may not permit access to personal or health information, for example:
- legal professional privilege applies
- access would pose a serious threat to the life or health of the client or any other person
- access would have an unreasonable impact on the privacy of others
- information has been given in confidence by another person or non-health organisation
- access would be prejudicial to law enforcement or legal proceedings, or
- access has been previously provided or refused in the same way.
If RDNS does not permit access, we will provide a reason for this decision.
Clients can freely access information held in the RDNS paper record in their home (but may not remove the record).
Requests are otherwise directed in writing to the Privacy Officer at the address/email below.
Clients may seek corrections or amendments to their personal or health information in accordance with relevant privacy legislation.
Clients may request their current nurse/care worker to arrange minor clerical changes to the record (eg. change of address).
All other requests for correction are to be made in writing to the Privacy Officer at the address/email below.
If you suspect RDNS may have breached your privacy, you may make a privacy related complaint to the RDNS Consumer Relations Coordinator in writing at the address/email below.
Complaints will receive a formal response. If you wish to discuss your privacy issues with a third party, you can contact:
Office of the Australian Information Commissioner
address: GPO Box 5218, Sydney NSW 2001
phone: 1300 363 992
fax: 02 9284 9666
RDNS Privacy Officer
Address – RDNS Limited
31 Alma Road
Email – firstname.lastname@example.org
For general enquiries, phone 1300 33 44 55.