Privacy and Confidentiality
Ballarat Community Health (BCH) recognises the value and importance of preserving the privacy of clients' personal and health information.
In order to do this the organisation complies with all of the requirements of the Australian Privacy Principles as detailed in the Privacy Act 1988 and the specific Victorian requirements in relation to health information detailed in the Health Records Act 2001.
All BCH staff must comply with the provisions of the relevant acts in relation to all client information collected, used, kept or disclosed in the course of their work.
Victoria's Health Records Act 2001, contains eleven Health Privacy Principles, covers the handling of all health information held by health service providers. Except where they conflict with the Australian Privacy Principles the Health Privacy Principles determine how health records are managed.
As a private company BCH is not subject to the provisions of the Freedom of Information Act 1992 but will consider any formal request for organisational information on a case-by-case basis. All requests for organisational documents should be referred to the Chief Executive Officer.
Australian Privacy Principles
The Australian Privacy Principles (APPs) with which this organisation complies are:-
- APP1 Open and Transparent Management of Personal Information – This involves having a clear policy in relation to the management of health information as well as processes for managing complaints associated with the handling of that information.
- APP2 Anonymity and Pseudonymity – This provides an option for clients to use a false name or ask that no name be recorded in relation to a service they receive. This does not apply to certain services however including those that are Medicare funded where the provision of a Medicare Card is required.
- APP3 Collection of Solicited Personal Information – This principle requires that personal information is only collected for a specific purpose (such as the delivery of health services) and then only collected with the permission of the client.
- APP4 Dealing With Unsolicited Personal Information – If information is received that has not been requested it must be dealt with in accordance with the other APPs, such as only being kept if it is for an agreed purpose.
- APP5 Notification of the Collection of Personal Information – This requires agencies to advise people about information collected about them that has come from other organisations. This would include other health agencies that have referred a client to BCH.
- APP6 Use or Disclosure of Personal Information – Information collected about a client cannot be disclosed to others or used for a purpose other than for which it was originally collected without the permission of the client.
- APP7 Direct Marketing – Personal information cannot be used for direct marketing to clients.
- APP8 Cross-border Disclosure of Personal Information – Personal records cannot be transferred to another country unless that country has privacy principles at least equally as stringent as those within Australia.
- APP9 Adoption Use and Disclosure of Government Related Identifiers – An organisation cannot use an identifying number (like a Medicare number) as the primary means of identifying a client. This means that separate numbering systems are used for client files.
- APP10 Quality of Personal Information – Organisations must make sure that information collected is accurate, up to date and complete.
- APP11 Security of Personal Information – Organisations must protect personal information from unauthorised access, changes or disclosure to others.
- APP12 Access to Personal Information – This includes a requirement that clients are able to get access to their own information. The processes adopted by BCH for clients to access their health records are noted below.
- APP13 Correction of Personal Information – If a client finds any information held about them is inaccurate they may ask for it to be formally corrected.
Health Privacy Principles
The Health Privacy Principles detail specific requirements in relation to health records and for the most part duplicate similar content to the Australian Privacy Principles:-
- Principle 1 – Collection
- Principle 2 – Use and Disclosure
- Principle 3 – Data Quality
- Principle 4 – Data Security and Data Retention
- Principle 5 – Openness
- Principle 6 – Access and Correction
- Principle 7 – Identifiers
- Principle 8 – Anonymity
- Principle 9 – Transborder Data Flows
- Principle 10 – Transfer or Closure of the Practice of a Health Service Provider
- Principle 11 – Making Information Available to Another Health Service Provider
The last two principles are specific to the health industry and relate to how information is transferred between health providers with the specific agreement of the client.
The following sections detail how the information of BCH clients is dealt with in accordance with these principles.
How BCH Will Handle Client Information
Ballarat Community Health is a standalone health entity providing a range of allied and other health services. Our aim is to work in partnership with the community, to create opportunities and supportive environments which empower people to develop healthy lifestyles and to prevent or manage illness.
BCH keeps the name and contact details of each client on a client record. Other details are recorded at each visit including information about the services that were provided and related documentation such as care plans. Only information that is required to provide the best possible care is collected.
The information collected is used to keep records up-to-date.
Personal information is seen only by the professionals of the service involved in the provision of care and by those involved in managing and planning service delivery for BCH. In all other cases information is only released if the client agrees or if the release is required by law or needed in a medical emergency.
Clients may choose not to share certain information with their health provider though this may affect the ability to provide the best possible services. Clients are urged to contact BCH if they wish to cancel or change their consent.
Personal information will not be provided to companies that wish to promote or advertise their products or services.
Information will only be collected from other people (such as a previous health care provider) if written permission has been obtained from the client.
All personal information is stored securely and kept in the strictest confidence. A client may choose to give a false name or ask that no name be recorded. A correct name must however be provided for any Medicare related service (such as seeing a doctor) and there are some situations where there are legal requirements to have correct details.
Accessing a Client Record
A client has a right to access their client record and correct it if needed. BCH staff can explain to clients how to access their records.
A client may make a formal request for all or part of their record by completing and submitting the Request to access client records form :-
- request_to_access_client_records.pdf (PDF 114Kb).
If a client record needs to be transferred to another service or provider then the following Client Consent for FIle transfer form may be used:-
- client_consent_for_file_transfer.pdf (PDF 84Kb).
Questions or Concerns About Privacy Matters
Ballarat Community Health always welcomes feedback in relation to its programs and services. Feedback forms are available at the following link:-
- feedback_form_-_august_2014.pdf (PDF 130Kb).
Alternatively, any questions or concerns about privacy or BCH programs and services may be directed to (03) 5338 4500 or email to firstname.lastname@example.org