Policy Statement 

InCare Solutions Pty Ltd trading as InPlace Care will manage the privacy of those that use our InPlace Care Platform including:

  • Supporters and their Clients (Client)
  • Independent Carers (Carer)
  • Staff of InPlace Care (Staff)

information to prevent inappropriate access, distribution and use. Collectively we will use the term Users if not referring specifically to a user group.


Purpose and Rationale 

InPlace Care is committed to protecting the privacy of information collected and handled for the purposes of Users being able to use the services and complying with statutory functions.  This policy covers collection of data related to all Users of the InPlace Care Service.

Privacy of User information complies with the Victorian privacy laws, the Information Privacy Act 2000, and the Health Record Act 2001, Commonwealth Privacy Act & Charter of Human Rights & Responsibilities Act (Vic) 2006 as well as other laws that regulate the handling of personal and health information.


Scope 

The InPlace Care site which facilitates the collection of personal and health information from Users and those who have access to health and client records within InPlace Care.


Definitions 

Health information: 

The Victorian Health Records Act 2001 (“The Act”) applies to health information, as information or opinion about:

  • The physical, mental or psychological health of a person (at any time during their life)
  • Disability of an individual (at any time during their life) 
  • A health service provided or to be provided to a person or individual 
  • A person’s expressed wishes about the future provision of health services to him or her
  • Other personal information collected to provide, or in connection with the provision of, a health service

Personal Information (User) is information that identifies the individual.  Personal information includes: -

  • Name
  • Images
  • Age or date of birth
  • Contact details
  • Credit card and or banking information
  • Details of qualifications, experience and certificates / regulatory checks
  • Drivers licence
  • Geo location data from the Carers’ mobile telephone within a window for each job

InPlace Care’ business functions and those of our service partners, require staff to handle health and personal information, which is covered by the Health Records Act 2001. This requires the organization to protect information, provide individuals the right to access their information, and provide a framework for resolution of complaints in relation to the handling of personal information.

 

Personal Information: Information Privacy Act 2000 defines personal information   “any information recorded in any form about a person whose identity is apparent or can reasonably be ascertained from the information but excludes health information”.  


Health Record 

A health record is the systematic documentation of the health care services provided over time to a single Client.  It describes the Client’s medical history and care at InPlace Care, including but not limited to information on their assessment, diagnosis, care or treatment received, tests results, medications, prognosis and future treatment plans.  The health record can consist of paper, electronic or digitalized records.

What documents and information are covered? 

  • Written documents such as files and reports
  • Books, maps, graphs and drawings
  • Photographs
  • Audiotapes
  • Video tapes
  • Information stored on computer discs
  • Diagnostic results (e.g. x-ray, pathology)
  • Emails

Identifiers 

InPlace Care assigns all Users a unique record number for the operations of the organization to accurately match the right records to the User, and improve communication and information to healthcare providers.  InPlace Care does not use the identifiers of other organizations and will not disclose any identifiers provided unless permitted by law.

 




Consent 

Consent for collection, use and disclosure of personal or health information can be implied through the Users’ use of the InPlace Care Service. InPlace Care has an ‘opt out’ approach to Users’ consent in relation to the release of personal information for the primary purpose for which it is collected and for ongoing care.  Unless the Client has indicated that they do not want their information disclosed, information is released to the Carers and other providers.  Clients or their legal representatives can change the consent of disclosure at any time.  

Consent to share information is explicitly gained on registering on the InPlace Care Site.

In most cases, InPlace Care can obtain consent for treatment of children and young persons from a parent or guardian (a person becomes an adult in Victoria on the day they turn 18). Persons under 18 years may be able to consent to their medical treatment. In deciding whether a young person has legal capacity to consent to medical treatment, the issues to be considered by the clinician are:

  • the maturity / intelligence of the young person and their ability to understand the effects of treatment, its complications and alternatives and
  • the nature of the proposed treatment, its seriousness, the level of associated risk and social consequences.





Collection  

Only collect health information that is necessary for the performance of a function related to the InPlace Care service, and collection of this information is to occur in a fair, lawful and non-intrusive manner.

For example

  • Individual health information required for a primary purpose, i.e. to deliver a service to the Client.  Using the information for this purpose would be within the reasonable expectations of the Client (this includes billing and administration purposes).
  • Information for a secondary purpose that is directly related to the primary purpose or the function for the function of the agency (e.g. Data for service planning, research etc.).  As per the Health Records Act.

Wherever possible information should be collected directly from the Client rather than third parties. Collection of information should always involve advising the provider of what is being collected and why, how it will be used and types or organizations to whom the information may be shared. Obtain consent to collect the information where possible.


Collection from Third Parties 

It is an accepted part of some health services delivery, especially community practice, that a health service provider will prepare a family medical history or social medical history from information provided by the person seeking health services, to assist in caring for that person or to provide him or her with other health, disability or aged care services. This history will ordinarily be prepared without the consent of the relatives or other third parties concerned, as it will not be practicable to obtain their consent.

Regulation 8 of the Health Records Regulations 2002 (the regulations) therefore supplements HPP 1 by allowing a health service provider to request and record health information about a third party, provided that: the information collected about that third party does not contain any more identifying information than is reasonably necessary to provide safe and effective treatment or services to the person who is being treated or receiving services from the provider;

and the information is collected from the person being treated or who is receiving the services, or if he or she unable to give the information because of an incapacity (due to age, injury, disease, senility, illness, disability, physical impairment or mental disorder), from that person's authorised representative, immediate family member or primary carer.

The terms "immediate family member" and "parent" are relevant to this regulation, and are defined in section 3 of the Act as follows:

immediate family member of an individual means a person who is-

  • a parent, child or sibling of the individual
  • a spouse or domestic partner of the individual
  • a member of the individual's household who is a relative of the individual
  • a person nominated to a health service provider by the individual as a person to whom health information relating to the individual may be disclosed.

parent, in relation to a child, includes-

  • a step-parent
  • an adoptive parent
  • a foster parent
  • a guardian
  • a person who has custody or daily care and control- of the child.

Regulation 8 also provides that a health service provider who collects health information under this provision is not obliged to inform the third party to whom the information relates about the collection.

Use and Disclosure 

InPlace Care Staff and Carers will only use or disclose information: -

  • For the primary purpose for which it was collected e.g. providing health care service,
  • For communicating the Client’s condition in general terms to the next of kin or near relative, unless the client has directed otherwise.
  • For secondary purposes that would reasonably be expected e.g. Invoicing, reminder notices and the provision of information concerning other services offered by InPlace Care. In case of debt collection, only the responsible person’s name, address, the amount owed and the time frame over which the debt was accrued will be shared.  Information related to a notification, claim or potential claim is provided to an insurance provider when they are funding the care under this policy.
  • When the Client has consented to the disclosure of the information 
  • Where permitted under law to prevent a serious threat to the public health, welfare or safety, 
  • Serious imminent threat to a person’s life, health or safety or serious threat to public health or safety. If the client is unable to provide informed consent, and another person legally authorised to do so, that person may consent on their behalf. The decision to release will rest with the CEO.
  • in the case of a Mental Health client (or next of kin in some situations), then disclosure must be in accordance with Section 346 for the Mental Health Act 2014  
  • Clients are to be informed that information is transferred to the GP or referring doctor on completion of the service and can request that this does not occur.

De -identified information (data where an individual’s identity cannot be ascertained) may be used and disclosed without consent for InPlace Care teaching and review.

Legally Required Disclosure 

InPlace Care is required by several State and Commonwealth acts to disclose Information to registries and databases maintained by the Department of Health and Human Services (DHHS) and other organisations.

  • Child Protection – Mandatory Reporting
  • Elder Abuse – Mandatory Reporting
  • Abuse of the disabled person – Mandatory reporting
  • Under the Coroner’s Act (2008) clients’ personal information and health record are released to the coroner as soon as practicable after the request from the Coroner’s Court.

In addition, InPlace Care has a more general responsibility to report any crime to the police it becomes aware of, such as family violence. For all legally compelled reporting, the client or their representative may not be informed, depending on the risk to the people involved. All mandatory reporting will be notified to the CEO as soon as possible after the report or request. The need to inform the CEO must not delay the report of abuse or violence.

Data Quality 

InPlace Care is committed to collect, hold and use information that is accurate, complete, up-to-date and relevant for the function and activities for which it will be used and disclosed.

Data Security and Retention 

Information collected by InPlace Care is to be protected from misuse, loss and unauthorized access, modification and disclosure. Information will be destroyed or de-identified when it is no longer needed and destruction will be in accordance with disposal schedule of the Public Record Act 1973 (Vic).

Access to both paper records and electronic records is restricted to ensure that only relevant Staff and authorized individuals have access to the information.  InPlace Care Staff are issued with individual identification passwords for access to electronic information systems.

IT Service providers/vendors are required to comply with applicable Australian laws regarding Privacy and confidentiality.

All InPlace Care Staff and Carers have a legal obligation to maintain Client confidentiality, including personal, health and sensitive information.  Confidentiality agreements are signed by all Staff 

  • Conversations with or about Clients must be conducted in private, or if at the bedside, only after consent has been verbally obtained.
  • Staff / Contractors are obliged to report any breach of client confidentiality to InPlace Care.  Deliberate breaches of Client privacy and failure to report such breaches may be considered grounds for termination.
  • No personal identifying information will be contained in any agency publicity material, talks, reports or memos unless prior informed consent has been given by the client.

Anonymity 

Clients who require care from InPlace Care and/or require multidisciplinary intervention, will for practical reasons and to ensure effective and safe treatment, be required to identify themselves. 

Clients with privacy concerns (for example those who do not want family members to be told of condition or admission), are required to raise their concerns with InPlace Care Carers, ideally at the time of entering the data within the Site.  InPlace Care will take all reasonable steps to comply with specific privacy requests.

Openness  

InPlace Care has a process and a system where the individual can obtain information of what information is collected and held by the organization, why it is collected, how it is used and managed, and the process by which the individual has the right to access information held by InPlace Care.

Confidentially Agreements 

All InPlace Care staff and independent Contractors are expected to understand their obligations under Privacy Laws

All InPlace Care staff and independent Contractors are to sign confidentiality agreements as part of their employment contract / Service Terms of Use and are subject to disciplinary action if there is a breach.

References 

Other laws that define or affect privacy and confidentially relevant to health care providers include: 

  • Aged Care Act 1997 (Cwlth) 
  • Charter of Human Rights & Responsibilities Act 2006
  • Freedom of Information Act 1982 (Vic) 
  • Information Privacy Act 2000
  • Health Act 1958 (Vic) 
  • Mental Health Act 2014 (Vic)