This policy and procedure sets out staff responsibilities relating to collecting, using, protecting, and releasing personal information, in compliance with privacy legislation.

It applies to all:

• LME Care staff

• Aspects of LME Care’s operations

• Staff and client personal information

This policy and procedure should be read in conjunction with LME Care’s Records and Information Management Policy and Procedure. It meets relevant legislation, regulations, and Standards as set out in Schedule 1: Legislative References.

Outcome:
Management of each client’s information ensures that it is identifiable, accurately recorded, current, and confidential. Each client’s information is easily accessible to the client and appropriately utilised by relevant workers.

Indicators:

• Each client’s consent is obtained to collect, use, and retain their information or to disclose their information (including assessments) to other parties, including details of the purpose of collection, use, and disclosure.
• Each client is informed in what circumstances the information could be disclosed, including that the information could be provided without their consent if required or authorised by law.
• Each client is informed of how their information is stored and used, and when and how they can access or correct their information and withdraw or amend their prior consent.

Outcome:
Each client accesses supports that respect and protect their dignity and right to privacy.

Indicators:

• Consistent processes and practices are in place that respect and protect the personal privacy and dignity of each client.
• Each client is advised of confidentiality policies using the language, mode of communication, and terms that the client is most likely to understand.
• Each client understands and agrees to what personal information will be collected and why, including recorded material in audio and/or visual format.

Regulates how personal information about individuals is handled. The Act includes thirteen Australian Privacy Principles (APPs), which set out standards, rights, and obligations for handling, holding, using, accessing, and correcting personal information. 


The Act protects the privacy of an individual’s information where it relates to Commonwealth agencies and private businesses (including not-for-profit organisations) with a turnover of more than $3 million. All organisations that provide a health service and hold health information (other than in a staff record) are covered by the Act.

Personal information or an opinion about:

• The health, including an illness, disability, or injury (at any time) of an individual
• An individual’s expressed wishes about the future provision of health services to the individual
• A health service provided, or to be provided, to an individual

That is also:

• Personal Information
• Other Personal Information collected to provide, or in providing, a health service to an individual
• Other Personal Information collected in connection with the donation, or intended donation, by an individual of body parts, organs, or body substances
• Genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual

Information or an opinion about an identified individual, or an individual who is reasonably identifiable:

• Whether the information or opinion is true or not, and
• Whether the information or opinion is recorded in a material form or not.

Personal information or an opinion about an individual’s:

• Racial or ethnic origin
• Political opinions
• Membership of a political association
• Religious beliefs or affiliations
• Philosophical beliefs
• Membership of a professional or trade association
• Membership of a trade union
• Sexual orientation or practices
• Criminal record

That is also:

• Personal Information
• Health Information about an individual
• Genetic information that is not otherwise health information
• Biometric information used for verification or identification
• Biometric templates

Protected Information:

• About a person that is or was held in the records of the Agency, or
• To the effect that there is no information about a person held in the records of the Agency.

Queensland has privacy legislation that applies to its public sector, including public health service providers. The Information Privacy Act 2009 (Qld) regulates how personal information is handled by Queensland public sector agencies.

Health Information:
Personal information about an individual that includes:

• The individual’s health at any time
• A disability of the individual at any time
• The individual’s expressed wishes about the future provision of health services
• A health service that has been provided, or will be provided, to the individual
• Personal information collected for providing a health service or in connection with organ or tissue donation

Personal Information:
Information or an opinion, including part of a database, whether true or not and recorded in any form, about an individual whose identity is apparent or can reasonably be ascertained.

Sensitive Information:
Personal information that includes details such as:

• Racial or ethnic origin
• Political opinions or associations
• Religious or philosophical beliefs
• Membership of professional or trade associations or unions
• Sexual preferences or practices
• Criminal record
• Health information

Private sector service providers must comply with the Privacy Act 1988 (Cth) when handling health information.

Oversight Bodies:

• Queensland Office of the Information Commissioner: Receives and conciliates complaints about the privacy of health information.
• Queensland Health Ombudsman: Investigates complaints about health services and practitioners, including unregistered providers.

LME Care recognises, respects, and protects everyone’s right to privacy, including the privacy of clients and staff. All individuals (or their legal representatives) have the right to decide who has access to their personal information.

LME Care’s privacy and confidentiality practices support and are supported by its records and information management processes (see the Records and Information Management Policy and Procedure).

All staff are responsible for maintaining the privacy and confidentiality of clients, other staff, and LME Care.

The Privacy Officer is responsible for ensuring that LME Care complies with the requirements of the Privacy Act 1988 (Cth). This includes developing, implementing, and reviewing processes that address:

• Why and how LME Care collects, uses, and discloses personal information
• What information LME Care collects about individuals and its source
• Who has access to the information
• Risks related to information collection, storage, access, use, disclosure, and disposal
• How individuals can consent to personal information being collected, withdraw or change their consent, and update their personal data
• How LME Care safeguards and manages personal information, including privacy queries and complaints
• How information that needs to be updated, destroyed, or erased is managed


The Privacy Officer reviews these processes regularly through annual Privacy Audits (see LME Care’s Privacy Audit Form and Schedule 2. External Audit and Internal Review Schedule).

All staff are responsible for complying with this policy and procedure and their privacy, confidentiality, and information management obligations. Staff must keep personal information about clients, colleagues, and other stakeholders confidential, in accordance with the confidentiality provisions in their employment or engagement contract.

For information about how we manage consent and privacy related to SMS communication, please refer to:
https://www.lmecare.com.au/sms-marketing-terms-conditions/