The privacy of our clients and other individuals who we deal with is valued at My Care Solution, and we are dedicated to safeguarding it. My Care Solution is committed to complying with all regulatory and legislative instruments in the way it collects, uses, discloses, stores, corrects, and provides access to personal information.
My Care Solution will only collect personal information by lawful and fair means and will only collect personal information that is necessary for one or more of the organisation’s functions or activities.
When it comes to meeting obligations to client privacy, the organisation recognises that people with vision or hearing impairments, as well as people from culturally and linguistically diverse backgrounds, may require special consideration.
Personal information refers to information or an opinion, whether true or not and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Sensitive information refers to information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record, biometric information, biometric templates, health information about an individual, and genetic information.
Health information refers to information or an opinion about the health or disability of an individual, an individual’s expressed wishes about the future provision of health services, a health service provided, or to be provided, to an individual that is also personal information, other personal information collected to provide a health service, other personal information about an individual collected in connection with the donation, or intended donation, by the individual of their body parts, organs, or body substances, and/or genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual.
Unsolicited information refers to all personal information received from an individual that My Care Solution did not actively seek to collect.
My Care Solution commits to privacy and confidentiality of client information. To achieve this:
- My Care Solution obtains consent to collect and hold client information
- The client or their representative are informed about the records My Care Solution keeps and are provided access to their personal information if requested
- Any manual or electronic client and relevant individual’s information is securely stored with access restricted according to roles so that only those staff required to access information as part of their usual duties are able to do so
Collection of Information
My Care Solution will only collect personal information that is necessary to deliver services and conduct the business activities that support this.
The type of information that My Care Solution collects includes, but is not limited to:
- Name, address, and contact details (e.g., phone and email)
- Emergency contact details and/or next of kin contact details
- Payment details (e.g., credit card or bank account details)
- Client’s current medical history, past history and relevant health information
- Advance Care Directive
Personal information, health information, and financial information may be collected by an authorised My Care Solution employee to facilitate appropriate care for the client. Financial information is collected to enable fees and charges where required.
Personal information and health information may be collected directly from the client, his or her relatives, other authorised personnel such as a Power of Attorney, General Practitioner, an Aged Care Assessment Service, or hospital through observations and assessments.
Some people may be hesitant to share information with My Care Solution. My Care Solution requests information that is necessary to provide clients with the care and services they require. My Care Solution may be unable to provide the client with the care and services they require if they refuse to provide some or all of the information requested.
My Care Solution collects information through a variety of ways including:
- Electronic or face-to-face interactions
- Through the My Care Solution website
- Requests for information
- From third party referral services
- Through provision of services
Use and Disclosure of Information
Unless we have the individual’s express or implied consent to use or disclose Personal Information for a different purpose, My Care Solution will only use and disclose Personal Information for purposes consistent with the reason this information was collected or for a directly related purpose.
Communication and Marketing
My Care Solution may use personal information to communicate with individuals through emails, newsletters or direct marketing, in accordance with Privacy legislation and the Privacy Act, unless the individual has previously requested that we do not do so. All such communication will provide the option to opt out or unsubscribe. A request to opt out or unsubscribe can be sent to firstname.lastname@example.org.
If you are of the view that we have breached the APPs, the Privacy Act or any related privacy code in dealing with your personal information, you may make a complaint verbally or in writing to your Client Care Coordinator.
When we receive a complaint, we will endeavour to provide you with confirmation as to how we propose to deal with the complaint as soon as reasonably practicable.
Disclosure to Third Party Service Providers
My Care Solution may share Personal, debt collectors, couriers, accountants, solicitors, business advisors, and referral services (including to allow the referral service to verify whether a client was referred by us). Information with third-party contractors and service providers who assist us in running our business and providing services to clients, such as IT service providers, Allied Health providers, payment system operators, financial institutions
When My Care Solution provides Personal Information to companies who perform services on our behalf, we require those companies to protect Personal Information as diligently as we do. Strict contractual and other quality assurance measures are used to ensure Personal Information is protected.
Disclosure to Relatives and Guardians
My Care Solution may be required to share or disclose Personal Information about an individual to a person who is responsible for the individual (e.g., a guardian or power of attorney). We may do so if the following conditions are met:
- The individual is incapable of giving consent or communicating consent
- My Care Solution management is satisfied that the disclosure is necessary to provide appropriate care or treatment, is made for compassionate reasons or for the purposes of undertaking a quality review of My Care Solution services; or
- The disclosure is not contrary to any wish previously expressed by the individual which the organisation is aware of, or of which the organisation could reasonably be expected to be aware, and the disclosure is limited to the extent reasonable and necessary for providing care or treatment
Disclosure Required or Permitted by Law
In some circumstances, we are authorised or required by law to disclose certain personal information. For example:
- Disclosure to various government departments and agencies such as the Australian Taxation Office, Centrelink, Child Support Agency, or disclosure to courts under subpoena; or
- My Care Solution reasonably believes that disclosure is necessary to prevent or lessen a serious and imminent threat to an individual’s life, health, or safety, or a serious threat to public health or public safety; and/or
- My Care Solution has reason to suspect unlawful activity and uses or discloses the Personal Information as part of its investigation of the matter or in reporting concerns to relevant authorities; and/or
- My Care Solution reasonably believes that the use or disclosure is reasonably necessary to allow an enforcement body to enforce laws, prevent seriously improper conduct, or prepare or conduct legal proceedings.
My Care Solution does not store any of your private information outside of Australia.
My Care Solution will take reasonable steps to protect Personal Information held by us from unauthorised access, disclosure, or misuse.
Client electronic records are stored in a password-protected secure database. Any paper files are securely stored in a locked cabinet and scanned to the computer. Documents are either shredded or placed in a locked confidential waste bin and destroyed by an authorised business once they have been processed.
We will keep records of information for seven years after the last time the client received a service.
As part of a client’s health care record, personal and health information may be kept in their home. While My Care Solution will make every effort to ensure that this information is only accessed by employees in order to provide appropriate care, it is acknowledged that access by others is possible and beyond My Care Solution’s control.
Access to Personal Information
Individuals can ask My Care Solution for access to their own Personal Information. My Care Solution will provide access to an individual’s personal information when it is reasonable and practical to do so, and in accordance with the provisions of the Privacy Act.
There may be times when we are unable to provide clients with access to Personal Information or Health Information. We will, for example, deny access if granting it would infringe on the privacy of others or result in a breach of confidentiality. If this occurs, we will provide the client with written reasons for any denial.
Clients have the right to request that any personal information we hold about them be corrected if they believe it is incorrect, incomplete, or inaccurate. We will consider if the information needs to be updated. If we don’t agree that there are grounds for amendment, we’ll add a note to the personal data stating that the client does not agree.
My Care Solution may charge a reasonable administration fee to cover these costs if access to the records necessitates a significant allocation of resources. Corrections and updates to information provided by clients or their representatives will be addressed as quickly as possible.
In all cases, My Care Solution must be satisfied access to/or changes to information are authorised by the individual in question.
Disclosure of Personal Information Overseas
My Care Solution does not disclose personal information overseas unless the client’s relative or guardian resides overseas, and consent is provided by the client.
My Care Solution is required to notify affected individuals and the Office of the Australian Information Commissioner (OAIC) about an ‘eligible data breach’ that is likely to cause serious harm to any of the individuals to whom the information relates under the Notifiable Data Breaches Scheme (Part IIIC of the Privacy Act 1988).
An ‘eligible data breach’ occurs if all three of the below criteria are met:
- There is unauthorised access to, or unauthorised disclosure of, personal information, or loss of personal information that My Care Solution holds; and
- This is likely to result in ‘serious harm’ to one or more individuals (‘serious harm’ may include serious physical, psychological, emotional, financial, or reputational harm); and
- My Care Solution has not been able to prevent the likely risk of serious harm with remedial action.
In the event of a data breach, My Care Solution will:
- Identify if an eligible data breach has occurred
- Investigate suspected security incidents to determine if an eligible data breach has occurred so that it can be reported
- Assess the risk of serious harm to affected individuals if personal information is disclosed or lost
- Notify affected individuals and the OAIC
- Review any contracts with third parties who hold personal information on behalf of the entity and ensure that adequate contractual provisions are in place to manage compliance with the notification regime
- Log the incident as soon as practicable to ensure a record is maintained of how the breach or suspected breach was managed
Data Breach Notification Obligations
In the event of an eligible data breach, My Care Solution is required to notify the Office of the Australian Information Commissioner (OAIC) using the online Notifiable Data Breach Statement Form and affected individuals as soon as practicable after becoming aware that there are reasonable grounds to believe that there has been an eligible data breach.
If My Care Solution has taken remedial actions and steps to address any potential harm to individuals to whom the information relates before any serious harm is caused, there is no mandatory obligation to report the data breach. The incident should still be recorded in Risk Wizard as documented evidence of the remedial actions and steps taken to mitigate any serious harm.
Variation of policy
Government of South Australia, 2022, South Australian Legislation, ‘Privacy’.
Australian Government, 2022, Office of the Australian Information Commissioner, ‘Notifiable Data Breaches’.
Australian Government, 2019, Office of the Australian Information Commissioner, ‘Use or Disclosure of Personal Information’.