The policy’s purpose is to define the procedures and limits for disclosing individual records in the Department of Developmental Disability.
Person Affected
All the employees and staff engaged in the Department of Developmental Disability.
Policy
- The departments are committed to protecting the confidentiality and privacy of individual records in how the information is collected, stored, and shared.
- All individuals hold legalized rights to privacy of their persona; information.
- All the employees should have a high level of understanding of how they should meet the requirements of the Organization’s ethical and legal obligations to ensure confidentiality and privacy of individual information.
- The records and information should be used in a responsible and consensual manner.
Definitions
- Privacy provisions provided by the Privacy Act 1988 are responsible for governing the collection, storage, and sharing of individual records information that the patient provides.
- Confidentiality ensures that only those who are authorized can access the information, not the public domain.
- Consent means the permission to access the confidential information
- An individual is a person to whom the information belongs to
- Individual records include name, address, account details, individual health condition, and the intervention procedures.
Procedures
- All Board of Directors and staff are supposed to be made aware of the policy during their time of orientation.
- All the staff should be provided with ongoing information and support to help them maintain confidentiality and privacy.
- The legislation of HIPAA 1996 defines individual records privacy, and the Organization should act following the legal requirements that it entails.
- The Organization is responsible for respecting individual records and the sensitivity of the information it holds.
Collection of Information
- The information collected will only be used for a purpose that is related to the activities and functions of the Organization directly, such as My Health record system, providing support and treatment to individuals and referral to programs.
- When the information is being collected, the Organization should provide information to the individual regarding the collection purpose, how the information will be used, to whom information can be transferred, limits to confidentiality, and how individuals can access and complain about their information.
Disclosure and Use
- The Organization will only use personal information for the objectives directly related and permission given to use.
- Records information should only be shared with government agencies or other organizations if the individual has consented; it is required or authorized by law or lessen or prevent a threat to someone’s health or life.
Data Quality
The Organization takes steps to ensure that the individual data collected is up-to-date and accurate. Updating and maintaining these individual recasts is part of the steps when an individual state that the information has changed and the process to check that information provided by someone other than them is accurate.
Data Security
The Organization is responsible for ensuring the individual records are protected against unauthorized access, loss, misuse, modification or disclosure. This security includes any technical, physical, and administrative safeguards for hard copy or electronic records.
Storage and Handling of Records
- All the individual records must be stored in locked files
- Records must not be taken out of the Organization except with written consent provided by a Privacy Officer.
- Physical records must be stored in a safe area where they cannot be destroyed.
- There should be a presence of safeguard by security with the access being determined by a system ID or electric card recognition to prevent access of individuals that are not cleared.
- During transportation, records must be transported safely and in a confidential manner and ensure that access is only given to authorized staff.
- Passwords and their frequent change to restrict computer access
- Installation of firewalls and virus protection
Access to the Records
Individuals may request access to their personal information, and access should be granted to them unless there is a sound reason to withhold access under the Privacy Act 1988.
Withholding cases include:
- The threat to the health or life of the individual
- Access creates an unreasonable impact on the privacy of other individuals
- Existence of legal dispute resolution proceedings
- Denial has been requested by law or legislation agencies.
Cases of the Disclosure without Consent
Information should not be disclosed to a third party unless:
- In case of an emergency or information is required for medical treatment.
- In cases of threat such as homicide or suicide
- The law has required the information to be disclosed
- The disclosure is related directly to the primary purpose of collecting the information.
Breach of Confidentiality
- If staff is not satisfied with the conduct of a colleague regarding confidentiality and privacy of the information, they should raise the matter with the staff members’ direct line Manger. The staff member who is found with a problem of confidentiality breach may be subject to disciplinary actions.
- An individual not satisfied with staff conduct should rise compliant directly to another staff member or through a telephone call.
Notable Data Bleaches and Disciplinary Measures
The notable data breach is likely to cause serious harm to the individual to home the records relate. Data Breach occurs when the Organization’s records are lost or subjected to unauthorized disclosure or access.
Examples of a data breach are:
- The device holding an individual’s records is stolen or lost
- Personal information mistakenly provided to the wrong person
- The database contains the individual records is hacked.
The Organization will utilize the disciplinary procedure outlined by the Personnel Standards when violation of these policies and procedures occurs.