• Collection of Personal Information

• Applying the APP

• What clients need to know

Elizabeth Anne Riley, PhD MA(Couns), BSc, Grad Dip Couns, Dip Hom

CMCAPA, PACFA (20111), SCAPE, ANZPATH,WPATH

Purpose of client note-taking and record-keeping

Do I have to keep client records?

What are the Australian Privacy Principles (APP)?

How do the APP apply to collection of information?

Personal Information

Sensitive Information

Keeping Client records

PeopleSmart Consulting © 2015 2

Client contract

Reflection

Remember

Accountability

Client progression

Emphasis

Direction/purpose

Meet requirements

Agency/Employment Contract

Report

Court requirements

PeopleSmart Consulting © 2015 3

PeopleSmart Consulting © 2015 4

Part 1 – Consideration of personal information privacy

Principles : transparent management & anonymity

Part 2 – Collection of personal information

Principles : Collection & notification of personal information

Part 3 – Dealing with personal information

Principles: Use or disclosure of personal information

Part 4 – Integrity of personal information

Principles : Quality & security of personal information

Part 5 – Access to and correction of personal information

Principles : Access to & correction of personal information

5 PeopleSmart Consulting © 2015

What personal information is kept

How it is collected and held

Purpose for which it is kept and used

When would it be disclosed

access and correction of information

How to complain about a breach of APP

Overseas disclosure?

Privacy Policy must be free of charge and easily accessible and provided on request

6 PeopleSmart Consulting © 2015

Personal Information (other than sensitive information)

Information where a person’s identity can be inferred

Must be necessary or directly related to the businesses functions or activities

Expressions of opinions

Intentions of the therapist towards that person

Name, addresses, income, educational or employment history

Must be collected by fair and lawful means

Personal Information must be collected from the individual unless:

The individual consent to collection of the information from someone else

It is required under Australian law/ court/tribunal order

It is unreasonable or impracticable to do so 7

PeopleSmart Consulting © 2015

Sensitive Personal Information

Ethnic origin, religious & political beliefs, memberships, health, psychiatric care/history, sex life, criminal information or proceedings

Requires a client’s specific consent

An agency or organisation – must be necessary for directly related to the entity’s function or activities

Collection is required under Australian Law/court/tribunal order

Without the client’s consent you would be required to show that:

Prevented or inadvised, in the substantial interests of the public good, it was protected by confidentiality

And, sharing of the information would be a breach of the client’s entitlement to confidentiality

8

PeopleSmart Consulting © 2015

could you have collected it? You can only make use of this information if you

could not have collected it yourself Must destroy the information or ensure it is de-

identified as soon as practicable

If you could have collected it yourself then you must notify the individual or otherwise ensure that they are aware of: Your identity and contact details The circumstances of the collection The purpose for which it was collected Any consequences arising from the collection Any person to whom it has been disclosed How they may access and correct the information How they may complain about a breach of the APP If it is to be disclosed to someone overseas and in

which country

9 PeopleSmart Consulting © 2015

10

Use PI for a secondary purpose: individual’s consent is directly related to the primary purpose is required for legal or health reasons If a written note is made of the use or disclosure

Cross-border disclosure Use of government related identifier

Ensure that PI is accurate, complete, up to date, relevant and not misleading

Protect PI from misuse, interference and loss Unauthorised access, modification or disclosure

If the information is no longer needed for the purpose for which it may be used you must ensure that the information is de-identified or destroyed.

11 PeopleSmart Consulting © 2015

Access to PI must be provided on request unless you are an agency and:

are authorised to refuse access

giving access would pose a serious risk or threat to an individual or public health/safety

giving access would impact on the privacy of others

The request is frivolous or vexatious

The information requested is related to an existing or anticipated legal proceeding between the individual and the organisation

Be unlawful or against a court/tribunal order

Unlawful activity or misconduct is suspected of a serious nature and access would prejudice taking action in relation to the matter

12

PeopleSmart Consulting © 2015

If you refuse to give access then

you must give reasonable access in a way that meets your needs and the individual’s needs

You must give the individual written notice that sets out:

Reasons for the refusal unless it is unreasonable to do so

The mechanism by which they can complain about the refusal

Any other relevant matter prescribed by regulation

13 PeopleSmart Consulting © 2015

14 PeopleSmart Consulting © 2015

The client Counselling /professional team in an agency Supervisor Colleagues – peer support/supervision Other professionals? Mediation – couple Family therapy – child protection

Court Other people for whom the client gives

consent

For which of the above do I need consent? For all except: When responding to a subpoena When mandatory reporting is necessary

Note: that a ‘duty of care’ in all but extreme circumstances would require client consent

15 PeopleSmart Consulting © 2015

If the information is out of date or inaccurate or the individual requests to correct it:

You must take all reasonable steps to do so

If the information was collected from a third party and the individual requests notification to that party, you must comply

You must not charge for access or correction

If you refuse to correct the PI then you must:

Provide reasons

A mechanism to complain

Supply an attachment identifying that the information is out of date, incorrect, irrelevant or misleading if the individual requests it.

16 PeopleSmart Consulting © 2015

17 PeopleSmart Consulting © 2015

18 PeopleSmart Consulting © 2015

dreriley@peoplesmart.net.au