Privacy and Confidentiality of Information

Policy Purpose:

To establish the principles by which Northern Health Foundation manages personal information, including health information, to ensure the privacy and confidentiality of that information.

Definitions:
Personal information is information which directly or indirectly identifies a person. Health information is information or an opinion about:
a) the physical, mental or psychological health (at any time) of an individual; or
b)  a disability (at any time) of an individual; or
c) an individual’s expressed wishes about the future provision of health services to him or her; or
d)  health service provided, or to be provided, to an individual, that is also personal information.

Sensitive information is information or an opinion about an individual’s:
• racial or ethnic origin;
• political opinions;
• membership of a political association;
• religious beliefs or affiliations;
• philosophical beliefs;
• membership of a professional or trade association;
• membership of a trade union;
• sexual preferences or practices;
• criminal records; or
• health information and genetic information about an individual that is not otherwise health information. 

Policy Principles:   

1.  General Principles:
1.1 Northern Health Foundation collects and administers a range of personal information for the purposes of providing services, raising funds and promoting the work of the organisation.
1.2 Northern Health Foundation is bound by the relevant Commonwealth and State privacy legislation only in relation to specific services it is contracted to provide by a government agency or body, but aims to operate in accordance with the Australian Privacy Principles in all its activities.
1.3 Northern Health Foundation recognises the right of individuals to have their personal information administered in a manner that meets their reasonable expectation to privacy in accordance with both legislation where applicable and the core values and principles of the organisation.
1.4 Northern Health Foundation will take all reasonable steps to inform people of our privacy policy including making a copy available on request, providing links on all websites managed by the organisation and including information in any relevant publications.
1.5 Northern Health Foundation will nominate a staff member to be the Privacy Officer.

2. Collection of Personal Information:
2.1 Northern Health Foundation will only collect information necessary for the performance of its functions.
2.2 Northern Health Foundation will advise those from whom it is collecting information the reason for collection of that information and how it will be administered.
2.3 Consent will be sought from any individual from whom health information is required by Northern Health Foundation to provide its services
2.4 Sensitive information is collected only for the purpose of providing bereavement support.
2.5 Where personal information cannot be directly collected from the person to whom it relates and is collected from a third party, Northern Health Foundation will inform the person of its source only where it would not pose a threat to the life or health of the person providing the information, or does not constitute a breach of confidentiality.
2.6 Northern Health Foundation uses Google Analytics to analyse the audience of its websites and improve our content. No personal information is collected from Google Analytics. For further information on the privacy policy concerning Google Analytics, please go here, https://support.google.com/analytics/answer/6004245?hl=en.

3.   Use and disclosure of personal information:
3.1 Northern Health Foundation will only use or disclose information for the primary purpose for which it was collected or a directly related secondary purpose (unless otherwise authorised by law).
3.2 Consent will be obtained prior from the affected person if the information is required to be used for any other purpose.
3.3 Northern Health Foundation will not disclose health information to any party in the absence of a legal obligation, except in emergency medical circumstances or where there is a reasonable concern of risk of harm to the person themselves or others.

4. Accuracy of Personal Information:
Northern Health Foundation will take all reasonable steps to ensure information collected is accurate, complete, current and relevant to the functions of the organisation.

5. Security of Personal Information
Northern Health Foundation will take all reasonable steps to safeguard information collected against misuse, loss, unauthorised access and modification.

6. Access to Personal Information
Northern Health Foundation will provide an individual with reasonable access to their personal information for the purpose of ensuring it is and correct it if it is inaccurate, incomplete, misleading or not up to date.

7. Requests for Anonymity Northern Health Foundation will:
7.1 respect and respond positively to any requests for anonymity;
7.2 provide those providing personal information the option of not identifying themselves when completing evaluation forms and/or opinion surveys; and
7.3 not use any identifiers to retain information without a person’s consent.

8. Provision of Information to other Service Providers
Northern Health Foundation will only release personal information:
8.1 with that person’s permission in writing; or
8.2 if requested by the person concerned to provide that information to a third party. 

9. Protected Disclosure Legislation
Where Protected Disclosure and/or Whistle-blower legislation is applicable to Northern Health Foundation as a contracted service provider to government, the organisation will comply with, and be bound by, the provisions of the relevant legislation.

10. Confidential Information
10.1 Any confidential information divulged by a client during any provision of service shall be bound by the provisions of this policy.
10.2 Any confidential information provided that implicates a person, either as a perpetrator or victim, in a crime may be subject to mandatory reporting or other legislative requirements. Where the organisation is not obliged to report such disclosures it will make a judgement whether to do so based on the ethics and values of the organisation.