To ensure the Principal Therapist, employees and contractors (team members) of Functional Assessments WA, and participants, their family members and/or nominees are aware of how we collect, use, store, protect and disclose personal information.
This Code of Conduct applies to all Functional Assessments WA team members.
This document is aligned with the Privacy Act 1988 and other relevant laws. This document will:
- describe the types of personal information we collect, store, use and disclose
- outline our procedures for handling personal information
- explain what personal information we collect, why it is held by us, how it is used and how it is protected
- outline when and how we may disclose personal information
- provide information about how you can access, and correct if necessary, your personal information
- explain how you can lodge a complaint if you believe your personal information has been wrongly collected or inappropriately handled
The Principal Therapist must:
- ensure team members have access to adequate training and upskilling in order to understand the principals and procedures outlined in this policy and take the necessary action when these are not upheld
- ensure appropriate systems and processes are in place to protect the personal information collected and stored by Functional Assessments WA
- take appropriate steps to address any complaints or concerns about Functional Assessments WA’s compliance with this policy
- be aware of, have access to and comply with the Privacy and Information Management Policy
- report any actual or suspected breach of the policy to the Principal Therapist as soon as is practicable
- ensure they outline this policy in an appropriate way to participants, their family and/or nominee prior to requesting personal information
- ensure participants, their family and/or nominee are aware of their rights under this policy
‘Personal information’ means information (or an opinion) we hold (whether written or not) from which a person’s identity is either clear or can be reasonably determined.
‘Sensitive information’ is a particular type of personal information – such as health, race, sexual orientation or religious information.
Collection of personal information
Personal information may be collected by a team member of Functional Assessments WA or by a contractor acting on our behalf. It may be collected directly from the participant, their nominee or from other people authorised by the participant, which may include service providers, medical professionals, family, friends etc.
Functional Assessments WA may also obtain information collected from the NDIS, other government agencies, third parties or from publicly available sources. This will only occur where the participant or their nominee has given consent or where Functional Assessments WA is required or authorised to do so by law.
Functional Assessments WA will only collect personal information for the purposes directly related to the delivery of our services to NDIS participants. By signing the ‘Privacy Statement and Consent Form’ and/or ‘Service Agreement’ the participant or their nominee is consenting to the collection, storing, use and disclosure of any personal information provided to Functional Assessments WA required to deliver the contracted services.
Types and purposes of information collected by Functional Assessments WA
We collect and store a broad range of personal information relating to:
- employment and management of personnel matters for our team members and contractors
- performance of our legislative and administrative functions
- participants accessing our services
- management of audits (both internal and external)
- correspondence from participants, their family members, nominees, service providers and other authorised sources
- complaints (including privacy complaints) made and feedback provided to us
- requests made to us to amend or update personal information
- policy development
- quality assurance and service improvement processes
The information collected may include, but is not limited to:
- the name, address and contact details, eg phone and email address, of participants, their family members and/or nominees
- information about the participant’s personal circumstances e.g. marital status, age, gender, occupation, accommodation and relevant information about a partner or children
- information about the participant’s identity e.g. date of birth, country of birth, driver’s licence
- information about cultural, gender or spiritual requirements of the participant, their family members and/or nominee
- NDIS participant number
- the nature of their eligible impairment/disability
- information about assistance provided to the participant under their NDIS plan, including stated supports and funding amounts
- information about payments and subsidies received by the participant eg Disability Support Pension, Taxi User’s Subsidy Scheme
Functional Assessments WA will use and disclose personal information for the purposes for which it is collected. Information about the purpose of the collection of information will be given at the time it is collected.
Functional Assessments WA will only use personal information for secondary purposes where we are able to do so in accordance with the Privacy Act. This may include situations where the secondary purpose has been consented to by the participant, their family and/or nominee, where the secondary purpose is directly related to the primary purpose and it would be reasonably expected that we would use or disclose the information, where we are required or authorised by law, or where the information needs to be used or disclosed to prevent a serious threat to safety.
How Functional Assessments WA collects personal information
Functional Assessments WA collects personal information in many ways including over the telephone (including text messages), via email, from our website, from correspondence posted to us, during face to face meetings (whether formal or informal), from the NDIS portal and from surveys administered by us.
Information collected by contractors
Under the Privacy Act, Functional Assessments WA is required to take contractual measures to ensure that contracted service providers (including subcontractors) comply with the same privacy requirements applicable to all team members. When Functional Assessments WA enters into an agreement with a contracted service provider, we will impose contractual obligations on the contractor to ensure they comply with relevant privacy obligations when collecting, using, disclosing and holding personal information relating to NDIS participants.
Storage and security
Functional Assessments WA takes all reasonable steps to protect the personal information held in our records against loss, unauthorised access, use, modification or misuse. Functional Assessments WA stores personal information in both paper-based and electronic, including records that may be stored in the cloud. The following outlines the procedures related to storage and security of personal information.
- Participant information collected is kept in an individual participant record.
- A participant record may include personal information, notes, investigations, emails, reports, correspondence, photographs, video footage.
- A firewall is used within Functional Assessments WA’s computer system, as a means of protecting information stored on the computer. Other security related procedures, such as user access passwords and multi-factorial authentication to assist with the protection of information.
- Paper records are kept in locked cabinets and access to keys is restricted
- Participant information is stored for seven years post the date of last discharge. In the case of participants aged under 18 years, information is kept until their 25th birthday and 7 years post discharge.
- Participant related information or any papers identifying a participant are destroyed by a medical grade shredder and deleted from the computer and all databases.
- User access to all computers and mobile devices holding participant information is managed by passwords and automatic inactive logouts.
- Access to personal information held by Functional Assessments WA is restricted to authorised team members or contractors on a need to know basis.
Functional Assessments WA takes all reasonable steps to ensure that personal information collected is accurate, up to date, complete, relevant and not misleading. Functional Assessments WA responds to requests to correct personal information as soon as it is reasonable and appropriate to do so. Internal audits may be conducted from time to time to determine the accuracy and integrity of information which will ensure any quality issues are identified and resolved in a timely manner.
Links to external websites and social networking services
Functional Assessments WA’s website may contain links to other websites or social networking services. Participant’s, their family and/or nominee, as well as team members, will be informed that Functional Assessments WA is not responsible for the content and privacy practices of these websites and services. It is recommended that the full terms and conditions of any external websites or social networking services are read and understood before proceeding to access them.
There are risks associated with sharing or providing personal information in any form, but particularly over the internet, including email. Functional Assessments WA will inform participants, their family and/or nominees of these risks at the initial planning meeting. To mitigate these risks, participants, their family and/or nominee will be advised they can choose to communicate face to face, by post, phone or text to minimise the risks.
Gaining and using consent provided
Functional Assessments WA will follow these procedures when gaining and using consent to liaise with third parties.
- Prospective participants contacting Functional Assessments WA with an enquiry are not required to disclose any personal information at the time, however, once a decision has been made to utilise Functional Assessments WA’s services, personal and sensitive information will need to be collected to ensure the best outcomes are possible.
- Functional Assessments WA provides all participants, their family and/or nominee with verbal and written information regarding our ‘Privacy and Information Management Policy’ at the initial planning meeting, prior to the Service Agreement being signed. Written information is provided in the ‘Privacy Statement and Consent Form.’ The opportunity to ask questions in relation to privacy is provided.
- During the initial planning meeting, the participant, their family and/or nominee will be asked to provide consent for direct liaison with specific third parties. Details of these organisations and individuals will be documented on the ‘Privacy Statement and Consent Form.’ A completed and signed copy of this form will be provided.
- Additional consent can be sort at any time and will be documented in the participant file.
- Consent to liaise can be withdrawn by the participant, their family and/or nominee at any time and this will be documented in the participant file.
Unauthorised access, use or disclosure of personal information
Functional Assessments WA takes seriously any unauthorised access, use or disclosure of personal information. If a team member becomes aware of a breach, the Principal Therapist must be notified immediately. The Principal Therapist will inform the individuals affected, as soon as is practicable, and inform them of the steps taken to resolve the breach and limit the potential for any future breaches.
Access to and correction of personal information
Under the Privacy Act, all participants, their family and/or nominees have the right to access the personal information about them we hold on file. Information regarding their rights and access to their personal information is provided in the ‘Privacy Statement and Consent Form’ at the initial planning meeting.
Managing a complaint about a breach of privacy
If a participant, their family and/or nominee has a complaint regarding the way in which their personal information is being handled by Functional Assessments WA, in the first instance they are to contact the Principal Therapist. The complaint will be dealt with as per Functional Assessments WA’s ‘Feedback and Complaints Management Policy’. If the parties are unable to reach a satisfactory solution through negotiation, the person may request an independent mediator, such as the Office of the Australian Privacy Commissioner or the NDIS Quality and Safeguards Commission to investigate the complaint. Functional Assessments WA will provide every cooperation with this process.
Training and upskilling of team members
All team members will undergo training related to privacy and confidentiality requirements at the time of induction and then annually as per the Annual Training Plan.
Related Policies and Documents
For additional information refer to the following policies:
- Feedback, Complaints and Incident Management Policy
- Privacy Statement and Consent Form
- Your Rights Information Sheet
- Risk Management Register
- Annual Training Plan (part of Human resources Register)