Managing Customer and Customer Representative’s information

1. Policy The management of FPA are committed to protecting the privacy of the Customers within our organisation. Information collected is kept strictly confidential and used only for the services of Customers.

2. Purpose

To ensure Customers who receive services from FPA are comfortable in entrusting their information. This policy provides information to Customers as to how their personal information is collected and used within FPA and the circumstances in which we may disclose it to third parties.

3. Scope
This policy applies to all representatives, Customers and Customer representative’s of FPA.

4. FPA Procedure

The FPA will:

I. Provide a copy of this policy upon request
II. Ensure FPA representative’s will deal appropriately with inquiries or concerns
III. Take such steps as are reasonable in the circumstances to implement practices, procedures and systems to ensure compliance with inquiries or complaints
IV. Collect personal information for the primary purpose of managing a Customer’s services and for financial claims and payments

5. FPA Representative’s Responsibility

The FPA representatives will take reasonable steps to ensure Customers understand:

I. What information has been and is being collected
II. Why the information is being collected and whether this is due to a legal requirement
III. How the information will be used or disclosed
IV. Why and when their consent is necessary
V. The FPA procedures for access and correction of information, and responding to complaints of information breaches, including by providing this policy
VI. Customer Consent

The FPA will only interpret and apply a Customers consent for the primary purpose for which it was provided. The FPA representative must seek additional consent from the Customer if the personal information collected may be used for any other purpose.

6. Collection, use and disclosure

FPA recognises that the information we collect is often of a highly sensitive nature and as an organisation we have adopted the privacy compliance standards relevant to FPA to ensure personal information is protected.

For administrative and billing purposes and to ensure quality and continuity of Customer services a Customer’s information is shared between the FPA representative’s.

Collected personal information will include but not limited to; Customers

I. Names, addresses and contact details
II. NDIS Number
III. Medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors.

A Customer’s personal information may be held at the FPA in various forms

I. As paper records
II. As electronic records
III. As visuals ie videos & photos
IV. As audio recordings

The FPA procedures for collecting personal information is set out below:

I. FPA representative collect Customer’s personal and demographic information via registration when Customers present to the organisation for the first time. Customers are encouraged to pay attention to the collection statement that they complete as a new client.
II. During the course of providing services the FPA representative may consequently collect further personal information.
III. Personal information may also be collected from the Customer or responsible person (where practicable and necessary) or from other involved healthcare specialists.
IV. The FPA holds all personal information securely, whether in electronic format, in protected information systems or in hard copy in a secured environment.

Personal information collected by FPA may be used or disclosed in the following instances:

I. For medical defence purposes.
II. As required by law.
III. As required during the normal operation of services provided. i.e. for reporting to the NDIS
IV. For the purpose of a confidential dispute resolution process

Some disclosure may occur to third parties engaged by or for the FPA for business or for the provision of information technology. These third parties are required to comply with this policy.

The FPA will not disclose personal information to any third party other than in the course of providing services, without full disclosure to the Customer, the reason for the information transfer and full consent from the Customer.

The FPA will not disclose personal information to anyone outside Australia without need and without Customer consent.

The FPA will not use any personal information in relation to direct marketing to a Customer without that Customer’s express consent.

The FPA evaluates all unsolicited information it receives to decide if it should be kept, acted upon or destroyed.

FPA will employ all reasonable endeavours to ensure that a Customer’s personal information is not disclosed without their prior consent.

7. Data Quality
Customer information collected and retained in our records for the purpose of providing quality services will be complete, accurate, and up to date at the time of collection.

8. Data Security
All due care will be taken to ensure the protection of Customer privacy during the transfer, storage and use of personal information.

Retention of records is for a minimum of 6 months from the date of last entry into the Customer record.

9. Access to Customer information and correction
The following will apply with regard to accessing personal and private information by a Customer:

A Customer has the right to request access their own personal information and request a copy or part of the whole record;

Customers have the right to obtain their personal information in accordance with the Federal Privacy Act from 20 December 2001 onwards. Requests must be made in writing and an acknowledgement letter will be sent to the Customer within 14 days confirming the request and detailing whether the request can be complied with and an indication of any costs associated with providing the information. Time spent and photocopying costs when processing a request can be passed on to the requesting Customer. Information can be expected to be provided within 30 days.

Whilst the Customer is not required to give a reason for obtaining the information, a Customer may be asked to clarify the scope of the request;

In some instances the request to obtain information may be denied, in these instances the Customer will be advised;

The FPA will take reasonable steps to correct personal information where it is satisfied they are not accurate or up to date. From time to time the FPA will ask Customers to verify the personal information held by the FPA is correct and up to date.

Customers and Customer representative’s may also request the FPA corrects or updates their information and Customers should make such requests in writing.

Upon request by the Customer, the information held by this service will be made available to another health provider.

10. Parents/Guardians and Children
To protect the rights of a child’s privacy, access to a child’s information may at times be restricted for parents and guardians. Release of information may be referred back to the FPA where there professional judgement and the law will be applied.

11. Complaints
The management of FPA understands the importance of confidentiality and discretion with the way we manage and maintain the personal information of our Customers. The FPA takes complaints and concerns about the privacy of Customer’s personal information seriously. Customers should express any privacy concerns in writing. The FPA will then attempt to resolve it in accordance with its complaint resolution process.

All representatives of FPA are required to observe the obligations of confidentiality and are required to sign Confidentiality Agreements.

In the instance where you are dissatisfied with the level of service provided within the FPA we encourage you to discuss any concerns relating to the privacy of your information with the FPA Manager.

If the complaint has not been resolved to your level of satisfaction all complaints should be directed to:

The Federal Privacy Commissioner
Level 8 Piccadilly Tower
133 Castlereagh Street
Sydney NSW 2000
Privacy Hotline: 1300 363 992