PRIVACY POLICY

Introduction

Homecare Physio is committed to safeguarding the confidentiality of personal and sensitive information collected about our service users and their carers, families, advocates, donors, staff and volunteers. This policy explains how Homecare Physio complies with the Privacy Act 1988 (Cth) including the Australian Privacy Principles (APPs). It sets out how we collect, use, disclose, secure and store personal information, and how individuals can access and correct their information.

Legislative context

• Privacy Act 1988 (Cth) & Australian Privacy Principles (APPs)
• Privacy Amendment (Private Sector) Act 2000
• National Security Legislation Amendment Act (No. 1) 2014
• Privacy and Personal Information Protection Act 1988 (NSW)
• Workplace Surveillance Act 2005 (NSW)
• Surveillance Devices Act 2007 (NSW)
• Aged Care Act 1997 (Cth)
• Disability Service Standards (Commonwealth & NSW)

Objective

• Ensure our operations comply with the APPs, the Aged Care Act and relevant Disability Service Standards.
• Apply privacy protections to all people we hold information about—service users, families/advocates, staff, volunteers and donors.
• Require all employees, contractors and volunteers to handle personal information in line with this policy and maintain confidentiality.

Personal information we collect

We only collect information that is directly relevant to the services we provide or when required by law.

• Identity and contact details (e.g. name, address, email, phone).
• Health information and clinical notes relevant to care.
• Information that may include: racial or ethnic origin, religious beliefs, sexual orientation or practices, criminal record (where legally permitted and relevant).
• Website usage data (analytics and cookies).

How we collect information

• Primarily from you or your authorised representative (in writing, by phone or electronically).
• From our staff/contractors and service providers involved in your care.
• From other parties with your express (written or verbal) consent to enable appropriate services or as part of a referral.

How we use information

• To deliver physiotherapy and allied health services you request.
• To communicate about appointments, care plans and service updates.
• To meet legal and regulatory obligations and improve our services.

We will only use personal information for the purpose for which it was given or for a directly related purpose that you reasonably expect.

Disclosure of information

We do not disclose identifying information without consent unless required by law or to manage an incident or claim.

• Our staff, employees and related bodies corporate.
• Authorised third-party service providers and contractors (with prior consent for referrals).
• Your authorised representative (e.g. next of kin or family).
• Your GP or other treating health providers.
• Government agencies such as the National Disability Insurance Agency (NDIA) and My Aged Care.
• Other persons as authorised by you.

Reporting to program funding bodies is done using de-identified information.

Access and correction

• On request, service users and staff can access the information we keep about them.
• You may request updates or corrections if information is inaccurate, out-of-date or incomplete.

Feedback, complaints and marketing

• We may invite feedback through calls/surveys; participation is optional and does not affect services.
• We seek written consent before using comments or images for our site or publications (e.g. testimonials). Names are not published unless you consent (e.g. first name or initials).
• You can change your direct-marketing preferences at any time by contacting our office on (02) 8103 2037.

Data protection and retention

• We protect information against loss, unauthorised access, use, modification, disclosure and other misuse through:
  • Access controls and need-to-know restrictions;
  • Locked storage for physical records;
  • Password protection and restricted access to electronic files;
  • Secure handling and disposal procedures.
• Information is retained and disposed of in line with legal/clinical requirements and Health Privacy Principle (HPP) 5.
• When health information is deleted/disposed, we keep a record noting:
  • Name of the individual;
  • Period covered; and
  • Date the information was deleted or disposed of.

Data breach response

A data breach is unauthorised access, disclosure or loss of personal information we hold. If a breach is suspected or known, we will:

1. Contain the breach to limit further access or distribution.
2. Assess whether the breach is likely to result in serious harm.
   • If we have reasonable grounds to believe serious harm is likely, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as required.
   • If we suspect serious harm may occur, we will conduct an assessment using a three-step process:
     1. Initiate – plan the assessment and notify relevant service providers involved in client care with details, next steps and mitigation strategies.
     2. Investigate – gather information to determine what occurred.
     3. Evaluate – decide, based on evidence, whether serious harm is likely.
3. Notify – if serious harm is likely, prepare a statement for the OAIC and inform affected individuals of its contents.
4. Review – if serious harm is unlikely, review the incident and implement measures to prevent future breaches.

Changes to this policy

We may update this Privacy Policy from time to time. Any changes will be communicated via our website or other appropriate channels.

Contact us

• Phone: (02) 8103 2037
• Email: homecarephysio@outlook.com

Links to other sites

Our site may contain links to external websites. Homecare Physio is not responsible for the privacy practices of those sites. We encourage you to read the privacy statements on any site you visit.