Policy
Protecting the privacy of clients’ information is a critical aspect of OSA Group’s
information management strategy. OSA Group is bound by the National Privacy
Principles (NPP) and other requirements under The Privacy Amendment (Private
Sector) Act 2000, and the Health Records Act 2002. A further measure of OSA
Group’s commitment is our adherence to the ethical standards governing
confidentiality and privacy contained within the Code of Ethics of the state
Psychologist Registration Board and Australian Association of Social Workers.
The following statement describes the policies adopted by OSA Group for the
collection and management of personal information, and compliance with the NPP,
The Privacy Amendment Act and the Health Records Act. The Policy applies to all
information collected after December 21, 2001, and any already existing information
that is used or disclosed after December 21, 2001.
What is Personal Information?
Personal information that OSA Group holds can be classified into two categories:
• Personal information
• Sensitive information
Personal information is information gathered, received, and stored, both electronically
and hardcopy, that is of a private and confidential nature that is not public knowledge.
This information is generally comprised of clients’ names, address, date of birth,
telephone contacts, and employment details.
Sensitive information is a subset of personal information, and generally includes
information or opinion which is relevant to the psychological service being provided.
This information is generally compiled by a Counsellor or Consultant and may
include, but is not limited to, clients’ case file notes, session plans, assessment
report, assessment results, consulting and training documentation, and critical
incident documentation.
Purpose of Collection of Information
The broad purpose of collecting personal information is to set-up and administer a
service, determine client’s requirements, and provide the appropriate service.
Information is gathered primarily as part of the assessment, diagnosis and
intervention relevant to the psychological service being provided to the individual.
The information is retained in order to document what happens during sessions, and
enables the Counsellor or Consultant to provide a relevant and informed service.
An additional primary purpose for collecting personal and sensitive information is for
the provision of statistical reports to organisations. The reports may include overall
service delivery information, trends within and across organisations, and client
satisfaction and feedback information. These reports do not include information,
which identifies individuals.
A secondary purpose for collecting personal information is for invoicing procedures,
where applicable and as complies with contractual obligations.
Personal information is held in either secure filing cabinets, secure archives, or
stored electronically in a computer database. Access is limited to authorised
employees and relevant contractors only. Information is destroyed after seven years
in accordance with gazetted guidelines.
Use and Discolsure of Personal Information
Use of information is strictly limited to the primary purpose for which it was originally
collected. All clients are provided with written information regarding the purpose, use
and management of both personal and sensitive information to be collected, and they
must consent to this in writing prior to service delivery. Information can only be used
or disclosed for a secondary purpose with the written consent of the individual,
except for the following exemptions:
Exemptions
The National Privacy Principle lists the following exemptions whereby information can
be disclosed without consent:
• To reduce the risk to a client or other’s life
• Use of the information for research
• Use or disclosure where required by law, or where reasonably necessary for the
investigation of a criminal offence.
While the NPP states that Counsellors and Consultants can disclose information, the
guidelines specifically defer to professions’ Code of Ethics, which can help determine
whether a practitioner will choose to disclose.
Where a client is incapacitated, the Counsellor or Consultant may disclose the
information to someone who is responsible for the client. This includes (but is not
limited to) a parent, adult child, spouse, guardian, or a person who has an intimate
personal relationship with the client.
Data Quality
OSA Group will take every reasonable step to ensure the personal and sensitive
information it collects, uses or discloses is accurate and complete.
Data Security
OSA Group will take every reasonable step to protect the personal information its
holds from misuse, and loss, and from unauthorised access, modification or
disclosure.
Openness
A copy of the Privacy Policy is available upon request. On request, OSA Group will
take every reasonable step to let that person know, generally, the nature, purpose,
collection, uses, and disclosure of information.
Provision of Privacy officer
A Privacy Officer will be designated in each state head office to function as the point
of contact for client enquiries and requests for access of information.
Access and Correction of Information
The Privacy Amendment (Private Sector Act) 2000 and NPP require that OSA Group
allow persons to access all their personal information, including obtaining a
photocopy, and the right to correct it, or at least attach a personal statement of
correction.
Requests for access to personal information can be made by contacting the relevant
OSA Group state office, or by writing to The Privacy Officer in the relevant state
office. Receipt of requests will be confirmed in writing.
The request for access should state specifically the details of the personal
information and/or correction of personal information required. There is no fee for
lodging a request for personal information, and/or for correction of personal
information. OSA Group is entitled to set a reasonable fee to cover the
administrative cost of actually providing or correcting the nformation.
If the individual has made a written request for access, OSA Group will acknowledge
the request as soon as possible or at least within 14 days.
If granting access is straight forward, OSA Group will grant access within 14 days, or
if giving it is more complicated, within 30 days.
An appointment may be made with the client where necessary for clarification
purposes.
The NPP provide that in certain circumstances OSA Group may deny access to
information and/or refuse to correct information held. If a request is denied, OSA
Group will explain this decision in writing by reference to The Privacy Amendment
(Private Sector Act) 2000 and the NPP.
Identifiers
OSA Group will not use as its own identifier for a client the identifier assigned by a
third party agency.
Anonymity
Where it is lawful and practicable, OSA Group will not require individuals to identify
themselves when entering into transactions with OSA Group. Furthermore,
individuals may decline to provide personal or sensitive information to their
Counsellor or Consultant. Individuals will be made aware that retaining anonymity
may in some cases, impact the nature of service delivery.
Transborder Data Flow
OSA Group undertakes not to transfer personal information about a client to another
person in a foreign country that is not subject to a comparable privacy scheme
(except with the client’s consent).
Complaints Procedure
Concerns about any aspect of the management of personal information should be
directed initially to the Privacy Officer in the relevant OSA Group state office.
Complaints will be managed by the existing Service Incident and Customer
Complaint protocols.
Where clients are dissatisfied with any decision made by OSA Group, they will be
informed in writing that the matter can be referred to the National Privacy
Commissioner.
The National Privacy Commissioner can be contacted by writing to:
The Director of Complaints
Office of the Federal Privacy Commissioner
GPO Box 5218
SYDNEY NSW 1042
Or by telephoning 1300 363 992
Authority
Authorised by the Chief Executive Officer.