1. PURPOSE OF POLICY
In accordance with the Privacy Act 1988, the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (including the Australian Privacy Principles (APPs), in conjunction with all relevant state and territory privacy legislation, the White Jacket Pty Ltd has established standards for the management of personal and health information.
These standards set out our obligations in relation to the collection, retention, security, access, use and disclosure of personal and health information.
In the course of providing our services, there is certain personal information we may require.
Who is responsible for privacy?
It is the responsibility of all White Jacket Pty Ltd employees and contractors to protect the privacy of any individuals by managing personal and health information in accordance with this policy.
What is personal information?
Personal information is any information or opinion about an identifiable person (“an individual”). This includes records containing an individual’s name, address, telephone number and gender.
What is health information?
Health information is a specific type of personal information, which includes information or an opinion about the physical or mental health of an individual, or the disability of an individual.
2. PRIVACY STANDARDS
- Lawful – White Jacket Pty Ltd will only collect personal and health information directly related to a function or activity related to the function or activity being offered.
- Relevant – White Jacket Pty Ltd will ensure that the health information collected is necessary, relevant, accurate, complete and up to date.
- Direct – White Jacket Pty Ltd will collect personal and health information directly for an individual whom the information relates to unless; the individual has authorised collection of the information from someone else, or in the case of information relating to a person under the age of 16 years, the information has been provided by a parent or guardian of the person.
- Open – White Jacket Pty Ltd will take reasonable steps to inform individuals why we are collecting information, what we will do with it and who will see it.
2.2 Storage and Protection
- Storage – White Jacket Pty Ltd records of individuals information are kept in electronic form, when not required for clinical care.
- White Jacket Pty Ltd is required by law to retain medical records for a period of seven years.
- Protection – Electronic information kept on computers is password protected and is available only to White Jacket Pty Ltd employees and contractors who are involved in managing an individual, in the course of the White Jacket Pty Ltd business.
- Disposal – Information or hard copy documents that are no longer required are disposed of appropriately using shredding machines into secure bins. Electronic data is securely deleted so it is no longer accessible.
2.3 Access and Accuracy
- Transparent, Accessible and Accurate – White Jacket Pty Ltd will take all reasonable steps to explain what personal and health information we are storing and how an individual is able to access this information without unreasonable delay or expense.White Jacket Pty Ltd will endeavour to ensure that the information is relevant, up to date, complete and accurate before using it.
2.4 Use and Disclosure
- Limited – White Jacket Pty Ltd will only use and disclose an individuals’ health information for the purpose for which it was collected, where the individual concerned is aware of through explicit consent and it is a directly related purpose that you would expect. White Jacket Pty Ltd does not expect to disclose personal information to any overseas recipients. White Jacket Pty Ltd does not use or disclose personal information for the purpose of direct marketing. However, the organisation may use personal or health information without consent in order to deal with a serious and imminent threat to any person’s health or safety, where illegal activity is suspected or where requested by law enforcement authorities.
- Identification – White Jacket Pty Ltd allocates unique case numbers to all clients for internal use only, in order to effectively manage case records including file notes, reports and case records.
2.6 Information Collected
The amount and type of personal information White Jacket Pty Ltd collects and holds about an individual referred to us may, but not be limited to include:
- Personal details such as name, address, date of birth, and contact details including telephone numbers, address and photo ID.
- Information about a medical condition, and the nature of the condition and the manner in which any injury or condition arose.
- Information regarding social and work relationships as and when applicable to the purpose for which we are engaged.
- Information collected is relevant to the purpose, not excessive, is accurate and up to date.
- Information does not intrude to unreasonable extent on the personal affairs of the individual to whom the information relates to.
2.7 How is the information collected?
- Via telephone, correspondence and liaison.
- Face to face during assessments or meetings.
- Via Teleconference and Webinars for the purposes of assessments, treatment or counselling sessions and meetings.
- At the workplace through assessment or meetings.
- Through the reports of third parties.
2.8 Purpose of collecting and holding information?
- To ensure the most efficient and useful direction of services.
2.9 Anonymity and Pseudonymity
Individuals have the option of not identifying themselves or of using a pseudonym unless the White Jacket Pty Ltd is required or authorised under Australian law or a court/tribunal to identify the individual or it is impracticable to deal with the individual anonymously or by a pseudonym.
2.10 Overseas recipients
No personal data is provided to overseas recipients.
Consent is provided by one or more of the following means.
- By signing relevant medical certificates that explicitly outline how an individual consents to information release and exchange by relevant participants in the relevant scheme.
- By completing and signing the White Jacket Pty Ltd consent form. This includes during direct face to face contact or through Teleconference, Webinar platforms and electronic applications.
- By obtaining verbal approval from the individual for the release and exchange of information to relevant scheme participants. In this instance a clear file note is documented.
Where an interpreter is involved, ensure that the interpreter co-signs any information release agreement.
In relation to the White Jacket Pty Ltd service provision, information may be exchanged between the nominated treating doctor, the employer, the insurer or agent, other treating practitioners, injury management consultants and any other authorised scheme authority or administrator.
Where reasonable and practicable to do so, we will collect your personal Information only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.
4. INFORMATION AND DOCUMENT ACCESS
All requests for personal information must be sent in writing to White Jacket Pty Ltd by emailing email@example.com. White Jacket Pty Ltd endeavours to respond within a reasonable period after the request is made and provide access to the information in the manner requested where reasonable and practicable to do so.
White Jacket Pty Ltd may also provide information to other parties in the case where:
- We reasonably believe it is necessary to assist an enforcement body to perform its functions.
- We suspect that an unlawful activity has been, is being or may be engaged in and the personal information is a necessary part of our investigation or reporting of the matter.
- We reasonably believe it is necessary to prevent a threat to life, health or safety.
- We are authorised or required by law to do so, (e.g. where information is required by bodies regulating us or in response to subpoenas or warrants).
- We have contracted an external organisation to provide support services and that organisation has agreed to conform to our privacy standards
5. PRIVACY ON OUR WEBSITES AND APPLICATIONS
This policy also applies to any personal information White Jacket Pty Ltd collects via its websites, and applications, including mobile applications, in addition to personal information individuals provide to White Jacket Pty Ltd directly, through completing request forms or registration forms.
White Jacket Pty Ltd may contact an individual using the personal information provided in order to:
- Keep the individual informed of latest trends within the workplace wellbeing sector and provide relevant workplace health information.
- Provide information about upcoming events and other matters that may be of interest.
- Send newsletters and updates on services and changes including relevant legislative requirements.
If an individual receives any communications from White Jacket Pty Ltd which they no longer wish to receive, they may request removal of their personal information from the mailing list by emailing firstname.lastname@example.org allowing 14 days for this request to be processed.
6. PRIVACY COMPLAINTS
Grievances concerning team member or individual privacy (including concerning potential breach of the Australian Privacy Principles) should be raised by either telephone or emailing email@example.com
Should the individual feel their complaint has not been resolved at this level, or after 30 days of making the initial complaint, they may then complain to the Office of the Australian Information Commissioner.
7. DATA BREACH RESPONSE
As per the Privacy Act 1998, White Jacket Pty Ltd have an obligation to report privacy breaches. As a result of an amendment to the Privacy Act: Privacy Amendment (Notifiable Data Breaches) Act 2017, notification to the Office of the Australian Information Commissioner (OAIC) will be mandatory when a data breach could give rise to a ‘real risk of serious harm’ to the affected individuals. (Effective from 22 February 2018).
Further information on this can be found at:
Information about the Australian Privacy Principles can be found at: https://www.oaic.gov.au/privacy/australian-privacy-principles/