Data Privacy

 

Privacy Policy 

Read Privacy Policy 

Read Privacy Policy (Easy Read)

1.0 Privacy and confidentiality guidelines

To support the privacy and confidentiality of individuals:

  • we are committed to complying with the privacy requirements of the Privacy Act, the Australian Privacy Principles and for Privacy Amendment (Notifiable Data Breaches) as required by organisations providing disability services
  • we are fully committed to complying with the consent requirements of the NDIS Quality and Safeguarding Framework and relevant state or territory requirements
  • we provide all individuals with access to information about the privacy of their personal information
  • each individual has the right to opt out of consenting to and providing their personal details if they wish
  • individuals have the right to request access to their personal records by requesting this with their Behaviour Support Practitioner.
  • where we are required to report to government funding bodies, the information provided is non-identifiable and related to services, age, disability, language, and nationality
    personal information will only be used by us and will not be shared outside the organisation without your permission unless required by law (e.g. reporting assault, abuse, neglect, or where a court order is issued)
  • images or video footage of participants will not be used without their consent
  • participants have the option of being involved in external NDIS audits if they wish.

2.0 How we protect personal information

We take steps to ensure that no-one outside Insight PBS can access information we hold about someone without that person’s consent, unless that access is authorised or required under law. We have systems and procedures in place to protect personal information from misuse and loss, as well as from unauthorised access, modification or disclosure. These steps include:

  • paper records are held securely in accordance with Australian government security guidelines;
  • access to personal information is on a need-to-know basis, by authorised personnel;
  • storage and data systems and protections are regularly updated and audited;
  • we ensure security for personal information includes password protection for IT systems
  • most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of 7 years;

When no longer required, personal information is destroyed in a secure manner, or archives or deleted in accordance with our obligations under federal law.

3.0 Data breaches

As part of information security responsibilities:

  • we will take reasonable steps to reduce the likelihood of a data breach occurring including storing personal information securely and accessible only by relevant workers
  • if we know or suspect your personal information has been accessed by unauthorised parties, and we think this could cause you harm, we will take reasonable steps to reduce the chance of harm and advise you of the breach, and if necessary the Office of the Australian Information Commissioner.

4.0 Breach of privacy and confidentiality

A breach of privacy and confidentiality is an incident:

  • follow the Manage incident process to resolve
  • may require an investigation
  • an intentional breach will result in disciplinary action up to and including termination of employment.

5.0 Access to Personal Information

You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions.

  • if you wish to access your Personal Information, please contact us in writing at support@insightpbs.com.au;
  • Insight PBS will not charge any fee for your access request, but may charge an administrative fee for providing a copy of your Personal Information;
  • in order to protect your Personal Information we may require identification from you before releasing the requested information;

6.0 Maintaining the Quality of your Personal Information

It is important to us that your Personal Information is up to date.

  • we will take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date.
  • if you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.

7.0 Our personal information handling practices

We collect and hold information which is reasonably necessary for us to carry out our role. The kinds of information we collect and hold includes (but is not limited to) personal information about participants and other users of our services, and about our employees, contractors and providers. Examples of personal information that we may collect includes:

  • name, contact details date of birth and age
  • gender, details about participants’ physical or mental health, including disabilities
  • information about participants’ support requirements
  • details of guardians and nominees, including names, addresses and contact details
  • details of feedback or complaints about services provided by us
  • employee records.

We may also collect some ‘health information’ as defined under the Privacy Act, such as information about your health or disability, doctors you have seen or health services you have received. Information about an individual that is or was held by the NDIA is considered ‘protected information’ for the purposes of the NDIS Act.

8.0 Employees

We collect personal information about employees and prospective employees in order to conduct employment and employment-related activities such as payroll services, recruitment and selection, performance management, reporting and work health and safety. Our collection, use and disclosure of personal information about employees and prospective employees is in accordance with the Privacy Act 1988.

9.0 How we use and disclose personal information

We collect, hold, use and disclose personal information for the purpose of providing Positive Behaviour Support and Psychology services, including conducting our operations, communicating with participants and health service providers,  and complying with our legal obligations.  If we need to disclose personal information outside our organisation, we will de-identify the information prior to disclosure, wherever it is practicable to do so.  Some examples of when we may disclose personal information include:

  • in delivering Positive Behaviour Support and Pyschology services and our other functions (for example, quality assurance purposes, training and purposes related to improving our services);
  • sharing information with support coordinators where this is required for services included in an approved NDIS plan;
  • this is required or authorised by law, including under the NDIS Act;
  • it will prevent or lessen a serious and imminent threat to someone’s life or health or a threat to public health or safety;
  • it is a necessary part of an internal investigation following a complaint; or
  • we engage a contractor to provide services and the contractor needs personal information of certain participants, providers, carers or other persons in order to perform that service for us;

We may use your information to seek feedback from you regarding your level of satisfaction with our services. arrangements. We will not sell or rent your information to anyone. We always liaise with a participant directly, unless they have a nominee appointed, or they request us to liaise with an authorised representative. In the case of child participants, we liaise with their child representatives (who are usually their parents, or legal guardians), rather than with them directly.

Skip to content