Download - Dr Elizabeth Riley - PeopleSmart Consulting (NSW) - The National Privacy Principles and Client Notes
• Collection of Personal Information
• Applying the APP
• What clients need to know
Elizabeth Anne Riley, PhD MA(Couns), BSc, Grad Dip Couns, Dip Hom
CMCAPA, PACFA (20111), SCAPE, ANZPATH,WPATH
Purpose of client note-taking and record-keeping
Do I have to keep client records?
What are the Australian Privacy Principles (APP)?
How do the APP apply to collection of information?
Personal Information
Sensitive Information
Keeping Client records
PeopleSmart Consulting © 2015 2
Client contract
Reflection
Remember
Accountability
Client progression
Emphasis
Direction/purpose
Meet requirements
Agency/Employment Contract
Report
Court requirements
PeopleSmart Consulting © 2015 3
Part 1 – Consideration of personal information privacy
Principles : transparent management & anonymity
Part 2 – Collection of personal information
Principles : Collection & notification of personal information
Part 3 – Dealing with personal information
Principles: Use or disclosure of personal information
Part 4 – Integrity of personal information
Principles : Quality & security of personal information
Part 5 – Access to and correction of personal information
Principles : Access to & correction of personal information
5 PeopleSmart Consulting © 2015
What personal information is kept
How it is collected and held
Purpose for which it is kept and used
When would it be disclosed
access and correction of information
How to complain about a breach of APP
Overseas disclosure?
Privacy Policy must be free of charge and easily accessible and provided on request
6 PeopleSmart Consulting © 2015
Personal Information (other than sensitive information)
Information where a person’s identity can be inferred
Must be necessary or directly related to the businesses functions or activities
Expressions of opinions
Intentions of the therapist towards that person
Name, addresses, income, educational or employment history
Must be collected by fair and lawful means
Personal Information must be collected from the individual unless:
The individual consent to collection of the information from someone else
It is required under Australian law/ court/tribunal order
It is unreasonable or impracticable to do so 7
PeopleSmart Consulting © 2015
Sensitive Personal Information
Ethnic origin, religious & political beliefs, memberships, health, psychiatric care/history, sex life, criminal information or proceedings
Requires a client’s specific consent
An agency or organisation – must be necessary for directly related to the entity’s function or activities
Collection is required under Australian Law/court/tribunal order
Without the client’s consent you would be required to show that:
Prevented or inadvised, in the substantial interests of the public good, it was protected by confidentiality
And, sharing of the information would be a breach of the client’s entitlement to confidentiality
8
PeopleSmart Consulting © 2015
could you have collected it? You can only make use of this information if you
could not have collected it yourself Must destroy the information or ensure it is de-
identified as soon as practicable
If you could have collected it yourself then you must notify the individual or otherwise ensure that they are aware of: Your identity and contact details The circumstances of the collection The purpose for which it was collected Any consequences arising from the collection Any person to whom it has been disclosed How they may access and correct the information How they may complain about a breach of the APP If it is to be disclosed to someone overseas and in
which country
9 PeopleSmart Consulting © 2015
Use PI for a secondary purpose: individual’s consent is directly related to the primary purpose is required for legal or health reasons If a written note is made of the use or disclosure
Cross-border disclosure Use of government related identifier
Ensure that PI is accurate, complete, up to date, relevant and not misleading
Protect PI from misuse, interference and loss Unauthorised access, modification or disclosure
If the information is no longer needed for the purpose for which it may be used you must ensure that the information is de-identified or destroyed.
11 PeopleSmart Consulting © 2015
Access to PI must be provided on request unless you are an agency and:
are authorised to refuse access
giving access would pose a serious risk or threat to an individual or public health/safety
giving access would impact on the privacy of others
The request is frivolous or vexatious
The information requested is related to an existing or anticipated legal proceeding between the individual and the organisation
Be unlawful or against a court/tribunal order
Unlawful activity or misconduct is suspected of a serious nature and access would prejudice taking action in relation to the matter
12
PeopleSmart Consulting © 2015
If you refuse to give access then
you must give reasonable access in a way that meets your needs and the individual’s needs
You must give the individual written notice that sets out:
Reasons for the refusal unless it is unreasonable to do so
The mechanism by which they can complain about the refusal
Any other relevant matter prescribed by regulation
13 PeopleSmart Consulting © 2015
The client Counselling /professional team in an agency Supervisor Colleagues – peer support/supervision Other professionals? Mediation – couple Family therapy – child protection
Court Other people for whom the client gives
consent
For which of the above do I need consent? For all except: When responding to a subpoena When mandatory reporting is necessary
Note: that a ‘duty of care’ in all but extreme circumstances would require client consent
15 PeopleSmart Consulting © 2015
If the information is out of date or inaccurate or the individual requests to correct it:
You must take all reasonable steps to do so
If the information was collected from a third party and the individual requests notification to that party, you must comply
You must not charge for access or correction
If you refuse to correct the PI then you must:
Provide reasons
A mechanism to complain
Supply an attachment identifying that the information is out of date, incorrect, irrelevant or misleading if the individual requests it.
16 PeopleSmart Consulting © 2015