James Milson Village accepts and abides by the Privacy Act (1988) as amended and the Health Records and Information Privacy Act 2002 (NSW) and other privacy laws for the protection of personal information. In so doing all personal information pertaining to residents, employees and external service providers collected by the organisation will be carefully protected to ensure the individual’s privacy is maintained.
James Milson Village maintains that privacy and confidentiality can be maintained by:
- collecting only the information required under State and Federal legislation in order to deliver the service;
- ensuring openness and consultation with individuals in regard to the information collected;
- providing individuals with access to their health and other records;
- ensuring anonymity, where possible, and when requested by the individual;
- disclosing personal information to other parties only with the consent of the individual or where it is legally or ethically justified; and
- ensuring secure storage of information.
- Aged Care Principles 1997
- Coroners Act 1980 (NSW)
- Crimes Act 1900
- Evidence Act 1995
- Freedom of Information Act 1982
- Privacy Act 1988
- Protected Disclosures Act 2000
- Public Health Act 2010 (NSW)
- Privacy Amendment (Enhancing Privacy Protection) Bill 2012
- Work Health & Safety Act 2012 (NSW)
- Work Health & Safety Regulations 2012 (NSW)
- Health Records and Information Privacy Act 2002 (NSW)
- Electronic Transactions Act 2000
- Department of Social Services 2001 – Standards and Guidelines for Residential Aged Care Services
- Department of Social Services 2009 – Residential Care Manual
- NSW Health Department 2005 – PD2005_593 – NSW Health Privacy Manual (Version 2)
- NSW Health Department 2005 – PD2005_405 – Subpoenas
- NSW Health Department 2008 – PD2008_052 – Electronic Information Security Policy
Collection of personal information
- James Milson Village will only collect the personal information required to comply with State and Federal legislation for the delivery and funding of the care and lifestyle needs of residents or for the employment of staff or as otherwise required in order to provide aged care services.
- Residents and/or persons responsible or employees will provide the personal information or will be made aware of, and agree to, personal information being accessed from other sources.
- James Milson Village will provide the resident and/or person responsible or employee with information regarding the purpose and use of the personal information required and who will have access to the information.
- If it is likely that disclosure of personal information is needed to recipients overseas, the person and the country will be specified by James Milson Village.
- Residents and/or persons responsible or employees will be informed of their right to withhold information or provide information anonymously if applicable.
- Residents and/or persons responsible or employees will be informed of the complaints mechanism should they wish to make a complaint about how their personal information is being managed by James Milson Village.
Protection of personal information
- Residents and/or person(s) responsible, employees, volunteers, visiting heath providers and service providers are informed of James Milson Village’s responsibilities in relation to the protection of personal information through:
- contracts/service agreements
- policies and procedures
- All employees, volunteers will be required on commencement of service, to sign a HR 17 – Employee/Volunteer Confidentiality Agreement or a GM12e Privacy and confidentiality form (residents).
- No personal information will be provided by employees over the telephone unless it has been established that the caller has legitimate grounds to access information and can give proof of identity.
- The CEO/Operations & Care Manager are the only individuals authorised to divulge information related to employees, where it is legally and ethically justified. The CEO/Operations & Care Manager may nominate another member of the organisation to provide this information, in his/her absence in particular circumstances.
- No personal information about anyone except the name of the caller should be left on voice mail.
- Personal information may only be faxed in circumstances where it is urgently required and only then if the viewer can guarantee the confidentiality and security of the information. All facsimiles must be accompanied with the organisation’s coversheet (GM 1d) which carries a privacy warning.
- Personal information will not be sent by email unless all identifiers have been removed.
- Employees are advised to avoid having personal mail addressed to their place of work.
- The receptionist is the designated person who opens mail. All mail will be date stamped on receipt prior to distribution.
- Mail and facsimiles addressed:
- to residents will only be opened by the resident and/or person(s) responsible
- by title or position alone will be opened by the designated mail opener
- “personal” or “confidential” will be opened only by the addressee
- by title or position only and marked “personal” or “confidential” will be opened by the person occupying that position or by the person acting in the position
- to the organisation only will be opened by the designated mail opener and forwarded to the CEO/Operations & Care Manager or the nominated member of the organisation in his/her absence. Outgoing mail containing information subject to the Privacy Act will be sent in a sealed envelope, addressed to an individual by name and marked “confidential”. If couriered the envelope/parcel will be sealed with a sticker over the opening that is marked “confidential”.
- Personal information should not be copied unless it is essential to do so.
- The anonymity of residents and/or employees will be maintained during case presentations, research activities and at seminars and conference presentations.
- Fictitious data should be used for all training and demonstration purposes.
- Consent will be obtained to utilise photographs, slides and other visual aids that identify an individual(s).
- Personal information related to residents and/or employees will not be discussed in public areas or with individuals who are not directly involved with the care of the resident or supervision of the employee.
- All paper-based clinical records pertaining to current residents will be securely stored in the designated offices. Access to electronic clinical records will be limited to appropriate individuals who have been issued with a secure password.
- All employee and volunteer records, pertaining to current staff will be securely stored in the CEO/Operations & Care Manager’s offices as applicable.
- All non-clinical data (agreements, asset declarations etc.) are to be stored separately to clinical records in the CEO’s office and only accessed by the CEO/Operations & Care Manager and administrative staff involved with residents agreements and accounts.
- No information regarding a resident, employee, visiting health professional, service provider or the facility will be disclosed to the media, by an employee.
- Requests from the media for information will be referred to the CEO who, in consultation with the James Milson Board of Management will determine what information, if any, will be provided. The decision will be based on consideration of:
- consent from the relevant parties
- possible legal implications
- ramifications to relevant individual(s) and/or the organisation.
Access to records
- Access to clinical records is restricted to health care personnel currently involved in the care, observation, assessment, diagnosis, professional advice and management of the resident and in other circumstances as described under Protocol “Authorised Disclosure”.
- Residents and/or persons responsible will be made aware of their right to access their internal record and the process for doing so in the Resident Handbook.
- A resident and/or person(s) responsible may by means of written application to the licensee of James Milson Village request access to their clinical records/administrative files. The licensee as soon as practicable on receipt of the application will make the clinical record available to the resident and/or person responsible or their nominated person, on site and in the presence of the Operations & Care Manager to assist with interpretation of the record. The licensee however, may refuse a request by a resident and/or person(s) responsible for access to their clinical record:
- if the medical practitioner in charge of the resident’s care advises that the request should be refused; and/or
- if the licensee is satisfied that access by the resident and/or person(s) responsible would be prejudicial to the resident’s physical or mental health.
- The application to the licensee for the request to access the clinical record will be retained in the resident’s clinical record.
- A resident and/or person(s) responsible is entitled to dissent from or add to the clinical record. The resident’s and/or person(s) responsible own comments will be attached, as an addendum, to the record along with an explanation of the circumstances.
- Access to employee records is restricted to the CEO/Operations & Care Manager and/or his/her representative and in other circumstances as described under Protocol “Authorised Disclosure”.
- An employee is entitled to access their records and to obtain a copy of any document therein. In these circumstances, access will be on site and in the presence of the CEO/Operations & Care Manager.
- An employee is entitled to dissent from or add to their employee record. The employee’s own comments will be attached, as an addendum, to the record along with an explanation of the circumstances.
- Personal information regarding a resident or employee may be disclosed:
- when valid informed consent is obtained from the resident and/or person(s) responsible/employee for disclosure of specific information for a specific purpose;
- When an employee believes disclosure is necessary in the interests of public safety. In this situation, the employee should contact the CEO/Operations & Care Manager or his/her representative;
- where there is an obligation under the Crimes Act 1958 to notify police about serious criminal offences (including drug trafficking, serious assaults or murder and manslaughter); and/or
- Where there is an obligation under the Coroners Act 2009 (NSW) to notify the coroner of deaths occurring under certain conditions.
- Information will be provided to government authorities who have specific statutory powers to demand access to information. In these circumstances the CEO/Operations & Care Manager will be responsible for responding to the subpoena promptly and will:
- obtain the precise authority of the person requesting access, including reference to the Section of the Act under which access is authorised;
- obtain the nature of the access requested, to ensure that only material relevant to the statutory demand is released;
- bring the subpoena to the attention of the CEO; and
- refer to the NSW Health Department PD2005_405 for guidance.
- This information will be recorded and stored in the client’s, employee’s or other relevant file.
- The use and disclosure of health information for secondary purposes (For example, research or collection of data for government departments) will be in accordance with the Health Privacy Principles 10(1)(d) and 11(1)(d) related to the Health Records and Information Privacy Act 2002 (NSW).Complaints can be made through:
- Complaints Mechanism
- utilisation of the Continuous Improvement Log
- contacting the CEO/Operations & Care Manager verbally or in writing
- contacting external agencies:
- Department of Social Services Office of Aged Care Quality and Compliance
- Aged Care Complaints Scheme – Toll-free: 1800 550 552 The Accommodation Rights Service Suite 5, 5th Floor 64 Kippax Street SURRY HILLS NSW 2010 Phone: (02) 9281 3600
- Written complaints will be initially received and recorded in accordance with FC 1 – Continuous Improvement. The Operations & Care Manager will be responsible for determining the Incident Rating Scale (IRS) level of each complaint and notifying in accordance with the Reporting Structure documented as Attachment E – Incident Reporting Scale in Pol/GM1 – Governance and Quality Management.
- All written complaints will be acknowledged and/or managed within seven (7) days of the receipt of the complaint by the CEO or Operations & Care Manager, as applicable.
- Pol/RM7 – Documentation
- Pol/GM1 – Governance and Quality Management
- Pol/GM7 – Information Technology
Related Flow Charts