Purpose
The Rev. Bill Crews Foundation (BCF) acknowledges and respects the privacy of individuals and complies with the principles of the Australian Privacy Act in our collection and use of sensitive and private information. All Australian based staff and programs must abide by this policy. Internationally, BCF applies this policy as best practice when collecting, storing and using such information. However, in instances where this policy conflicts with the laws another country in which we work – their law prevails.
This policy applies to any individual from whom personal, sensitive or health information has been collected by BCF and its implementing partners.
Definitions
Personal Information: Any material or opinion about an individual or group, or any information that could be used to identify an individual.
Sensitive Information: A subset of personal information that has stricter requirements and generally refers to information about criminal, sexual and health records and/or activity, religion, ethnic origin, race. Such details generally require stricter collection, use, storage and disclosure.
Policy
The Rev. Bill Crews Foundation regularly asks for information that helps us to engage with our stakeholders. We collect information about supporters, volunteers, contractors, workers and clients. We may regularly collect and/ or update personal information from you face to face, via phone, email or online. We only collect information legally. By providing your information through any of these platforms, you acknowledge that your personal information is being collected, stored and utilised (unless constrained by legal instruments) as set out in this policy.
Supporters: Information about supporters and stakeholders may be used to facilitate and support BCF programs including:
- Processing of donations and provision of receipts.
- Communication about and promotion of our work (such as sharing BCF blogs)
- Providing supporting evidence when seeking grant and/or government funding.
Medical:
Personal information may be stored at our practice in various forms, including:
- Paper based records including archived records and incoming paper correspondence,
- Electronic healthcare records,
- Visual records such as x-rays, CT scans, videos and photos,
- Audio recordings.
Our practice stores all personal information securely. All practice team members are required to sign a confidentiality agreement upon commencement with our clinic, which is binding even after they leave our team. All paper correspondence is scanned into our electronic records, then shredded and confidentially destroyed. Our electronic systems are protected by stringent firewalls and antivirus software, and health records are inaccessible without individual password access. Other purposes for which BCF may use personal (deidentified) information:
- Advocacy and/or funding submissions
- Complying with legal obligations
- Developing or evaluating activities, including through third parties.
Client information: We sometimes share client’s personal information:
- with third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with Australian Privacy Principles (APPs) and this policy.
- with other healthcare providers
- when it is required or authorised by law (e.g. court subpoenas)
- when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent.
- to assist in locating a missing person
- to establish, exercise or defend an equitable claim.
- for the purpose of confidential dispute resolution process
- when there is a statutory requirement to share certain personal information (e.g. some diseases require mandatory notification)
- during the course of providing medical services, through eTP, My Health Record (e.g. via Shared Health Summary, Event Summary).
Only people who need to access client’s information will be able to do so. Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without client’s consent.
We will not share client’s personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without client’s consent.
Our practice will not use client’s personal information for marketing any of our goods or services directly to clients without clients express consent. If clients do consent, clients may opt out of direct marketing at any time by notifying our practice in writing.
Our practice may use client’s personal information to improve the quality of the services we offer to our patients through research and analysis of our patient data.
We may provide de-identified data to other organisations to improve population health outcomes. The information is secure, patients cannot be identified, and the information is stored within Australia. Clients can let our reception staff know if clients do not want client’s information included.
Human Resources: For prospective employees, information may be sought such as CVs, background checks and references from previous employers. This information may be stored with HR for a period of time in our ‘talent pool’. For employees, we collect and hold personal information such as name, address, records of qualifications, employment and professional development history, tax and salary information, banking details. This information can only be used in the scope of the employment relationship.
Security: All information pertaining to employees, contractors a is stored on secure cloud-based servers. Hard copy information is limited and generally secured in relevant offices. Where personal information is held and no longer required – we will take all reasonable steps to ensure information is safety destroyed or de identified.
Across BCF programs, information is categorised in accordance with data security standards, with varying measures including but not limited to restricted access to buildings, virus scanning tools protected databases, email protocols, cloud based storage and security measures for third party providers.
Internet: BCFs public website is hosted in Australia and does not use cookies. However, we may still collect your personal information through the website if you submit an enquiry form or subscribe to our newsletter.
Anonymity: We do not require personal information for you to gain access to our website. However, you will not be able to use certain features of our websites that require registration, enter trade promotions, or receive materials such as marketing communications unless such information is provided. Further, our ability to meet our obligations to you, to provide services or process any request, complaint, or application by you may be adversely affected if you do not give us the requested personal information, or if the information you give us is incomplete or inaccurate.
Children: Use of a child’s personal information can only be used with reference to the associated legislative tools. BCF is bound to the privacy policy of any partner organisation, as well as our own. Personal information relating to children used for research or academic purposes, or in reports – will be deidentified.
Procedures
Freedom of Information: Clients have the right to request access to, and correction of, their personal information. Our practice acknowledges patients may request access to their medical records. We require clients to put this request in writing via email or letter and our practice will respond within 30 days. If a cost of providing this information to clients applies, such as registered post or printing costs; this will be paid for by the Foundation.
Our practice will take reasonable steps to correct client’s personal information where the information is not accurate or up to date. From time to time, we will ask clients to verify that clients personal information held by our practice is correct and current. Clients may also request that we correct or update clients information, and clients should make such requests in writing to our practice coordinator at clinic@billcrews.org
For non-client information, please email info@billcrews.org.
Please note that in accessing any information you may need to provide additional proof of identity documentation before information is provided.
Medical Complaints: We take complaints and concerns regarding privacy seriously. Clients should express any privacy concerns clients may have in writing. We will then attempt to resolve it in accordance with our resolution procedure. We will endeavour to resolve the situation within 30 days, and complaints should be directed to our practice coordinator at clinic@billcrews.org or in writing to 180 Liverpool Road Ashfield NSW 2131, or via telephone to (02) 8752 4602.
Clients may also contact the Office of the Australian Information Commissioner (OAIC). Generally, the OAIC will require clients to give them time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992.
Opting out: We often send marketing material via email and post, however we provide the opportunity to opt out of this at any time. If you wish to unsubscribe from our mailing lists please email info@billcrews.org or reply STOP to any marketing material received via email.
Related documents
Other organisational policies and documents that should be read in conjunction with this Policy include but are not limited to:
- The Rev. Bill Crews Foundation’s Code of Conduct
- Fraud Control and Anti-Corruption Policy
- Feedback & Complaints Policy
- Children & Vulnerable People Policy
As well as compliance with the below legislation:
- Privacy Act 1988
- Freedom of Information Act 1982
- Health Records and Information Privacy Act 2002
- State based Privacy Laws and Principles; State based Health Privacy Laws
- Data Provision Requirements 2010 (Cth)
- All legislation related to the care and protection of children.
Data Breach: In the event of a data breach, we follow procedures in line with requirements under the Privacy Act as well as our Business Continuity Manual for notifying the breach and managing accordingly.
Appendix:
NIL