Privacy Policy
a. Introduction
We are committed to protecting the privacy of client’, employee and other stakeholder information, and to handling all personal information in a responsible manner in accordance with the Privacy Act 1988 (Cth), the Privacy Amendment (Enhancing Privacy Protection) Act 2012, the Australian Privacy Principles, the National Disability Insurance Scheme Code of Conduct, and relevant State and Territory privacy legislation (referred to collectively as privacy legislation).
b. Collection of information
KEO collects client data that is or may be necessary and relevant to provide the client with comprehensive high-quality service. Client information may include demographics, medical information, and any other information necessary for the provision of comprehensive and quality service. Other information such as photos and videos of conditions or exercise programs may also be collected and must be handled within the same guidelines as other personal information, as outlined in this Privacy Policy and related procedures.
Team member information includes demographics and other personal information required for business operations at any given time. Such information may include contact details, tax file number, bank details and any other information necessary for the performance of business operations and execution of employer responsibilities.
Information collection is limited to that data reasonably required for KEO to provide client care and conduct business operations.
Wherever practicable, KEO only collects personal information from the individual themselves. However, in the course of business and service provision we may also need to collect information from other sources, such as family members or carers, other health professionals, Case Managers and Support Coordinators. We may also seek assistance in the collection of data from a 3rd party, such as a translator, where applicable and reasonably required.
Collection of information wherever possible will occur in written form, which may include documents or email. Where written collection is not possible, information may be collected verbally, such as over the phone or in person.
Where information is collected which was not specifically requested, this will be retained only where relevant to provision of client care or business operations, and will be subject to the same guidelines outlined in this Privacy Policy as other personal information. If such information is not relevant to the provision of client care or business operations, it will be confidentially destroyed or de-identified.
c. Storage of information
Storage of personal information occurs predominantly within secure digital frameworks. At times it can be necessary for this data to be collected in hard copy format, in which case the information is readily transferred to a digital system and the hard copy confidentially destroyed.
Digital frameworks are protected at all times through the use of privacy legislation-compliant software and password control, in line with the KEO Password Control Procedure.
d. Use and disclosure
Personal information is treated as strictly private and confidential. KEO only uses or discloses client information of this nature for purposes directly related to client care and treatment. Team member personal information is similarly strictly managed, including withholding personal information from external stakeholders, such as personal phone numbers, physical whereabouts and working hours.
Where required by law or the public interest, KEO may disclose some or all of the aforementioned personal information with regard to a specific individual. Such occurrences are very rare, and provision will only be undertaken under the direction and counsel of a lawyer nominated by KEO, unless the circumstances are deemed to be urgent. The recipients of personal information under these circumstances could include Medicare, the National Disability Insurance Scheme, Police, insurers or the courts of law.
In the course of treatment provision there may be times when KEO needs to share client information with other healthcare providers. Wherever practicable KEO will seek consent prior to disclosure of any information.
Through the course of business KEO may disclose limited personal information to external contractors such as IT service providers and debt collection agents. KEO imposes strict security and confidentiality requirements on said contractors, including that they are not permitted to use personal information for any purpose except those activities which KEO has explicitly instructed them to perform.
e. Access and information accuracy
Unless otherwise permitted by law we are required to provide individuals with access to their personal information upon request. Any such request should be made in writing. It is the responsibility of the individual concerned and/or their caregiver/s to ensure that should they believe the information KEO has about them is incorrect, they convey their updated details in writing at the earliest opportunity. It is the responsibility of the team member who receives the updated details to ensure that these are conveyed to KEO administration, and the collection and storage policy components are adhered to.
f. Feedback and complaints
If a client, their representative or another stakeholder has a complaint about the privacy of personal information or treatments, they should contact KEO in writing. Our feedback form can be found on our website, or by contacting our office.
Upon receipt of a complaint regarding privacy the Feedback Manager will review the details and seek resolution in accordance with the KEO Feedback and Complaints Procedure. Information as to the steps for clients, their representatives or other stakeholders to take in accordance with this procedure is made available at the time of service commencement. This information can also be accessed by contacting the office, requesting it from a team member or on the KEO website.
If the client, their representative or another stakeholder is dissatisfied with the handling or outcome of a privacy complaint, they can make an application to the Australian Information Commissioner or the Privacy Commissioner in Victoria.
If a team member has a complaint about the privacy of their or another’s personal information they should discuss this with their team leader. If the team member remains dissatisfied with the outcome, they should
seek the advice of a KEO director or make an application to the Australian Information Commissioner or the Privacy Commissioner in Victoria.
g. Overseas transfer of data
We only transfer personal information to overseas recipients with the individual’s written consent, or if we are required to do so by law.
h. Privacy and dignity of the treatment environment and service provision
Clients maintain the right to refuse treatment and to have their privacy and dignity maintained during treatments. Privacy and dignity during treatment may differ in meaning for different clients and as such, open conversations and awareness of communications are necessary at all times. Examples of situations in which a client may appreciate the maintenance of privacy and dignity include measures required when changing clothing, having the door closed so that they cannot be observed while receiving treatments, and receiving treatment in separate spaces from other clients.
In the provision of client care there are instances in which procedures are required which involve physical touch or the invasion of personal space. In such circumstances the procedures will be explained, and the client’s permission requested. Attention will also be given to provision of services, taking into account the client’s personal needs and comfort.
i. Privacy in relation to direct marketing
In accordance with Australian Privacy Principal 7, KEO may only use or disclose personal information for direct marketing purposes if the individual understands that this is the purpose for which the information has been collected.