Privacy and confidentiality
Participating in our peer support service
The Nurse Midwife Health Program Australia (Nurse Midwife HPA) will ensure that all personal information, no matter how or where it is obtained, is handled sensitively, securely and in accordance with relevant legislation and regulations.
The Nurse Midwife HPA complies with the Australian Privacy Principles for the Fair Handling of Personal Information. The privacy principles set the minimum standards for collecting, storing, using, disclosing, managing, accessing, correcting and disposing of personal information.
We are committed to taking all appropriate measures to ensure that the personal information of participants is protected from unauthorised access, loss, misuse, disclosure or alteration.
The program is committed to protecting all participants' privacy, confidentiality and personal information. We comply with the:
- Privacy Act 1988 and the Privacy Amendment Act 2012 (C’wealth)
- Privacy and Data Protection Act 2014, which is detailed in the Australian Privacy Principles (C’wealth)
- various State and Territory privacy legislation and regulations.
Note: This policy only refers to the privacy of participants.
Staff access and responsibilities
Our staff must:
- seek or give only information about an individual that is relevant to the service provided or requested
- gain signed consent from a participant when personal information is being disclosed to others outside the program
- ensure all records are stored in a manner that maintains confidentiality
- respect the privacy of all participants, including both written and verbal information, except where legal or ethical issues deem otherwise.
Only staff with direct involvement in a matter will have access to a participant’s file. Staff must not access a participant's personal information that does not pertain directly to their position or hold relevance to their work.
Unauthorised disclosure of information and breaches of confidentiality by staff will result in disciplinary procedures and possible dismissal.
Collection and access to information
Information must be collected directly from participants or from their authorised representative. Representatives include guardians, lawyers under enduring powers of attorney, agents under the Medical Treatment Act 1988, administrators under the Guardianship and Administration Act 1986, and/or a person otherwise empowered to act or make decisions in the best interests of participants.
Information remains the property of participants, and the program will ensure they are aware of:
- details of what is being collected
- purpose for which the information is being collected
- access – rights and how to access
- correction – rights and how to amend incorrect information
Information about individuals will be treated as confidential except when:
- harm risk - there is significant cause to believe a participant is at risk of harming themselves or someone else
- health or safety issue is apparent
- legal process applies and there is a requirement under legislative obligations.
Storage and security of personal information
Nurse Midwife HPA will maintain control and be responsible for the security of personal information it holds. We will take reasonable steps to protect personal information from misuse, loss and from unauthorised access, modification and/or disclosure
We will mitigate risk by:
- storing or saving participant information only on Nurse Midwife HPA’s network systems, within a prescribed database or document management system
- never storing participant information on a staff’s personal device or document management system
- locking hard copy documents containing personal and sensitive information in cabinets when not in use
- encrypting and password-protecting when sharing electronic documents containing personal or sensitive information.
Privacy breaches
Nurse Midwife HPA is required to notify participants when there are reasonable grounds to believe that an eligible data breach has occurred.
The Nurse Midwife HPA Privacy and Data Breach Policy outlines how to manage a privacy or data breach, which is available on request.
Complaints about privacy breaches
Participants can complain or raise a concern if they believe Nurse Midwife HPA has breached their privacy regarding their information. To find out more, refer to the Nurse Midwife HPA Feedback and Complaints Policy.
Nurse Midwife HPA takes complaints about privacy seriously. We will ensure investigations are thorough and a response is given within an appropriate timeframe.
Access information held by us Nurse Midwife HPA
Nurse Midwife HPA participants can access their personal information held by the program.
To access information held by the program, you must:
- request access in writing
- confirm your identity with a photo ID
- provide proof you are authorised if acting as an authorised representative (such as a copy of the Enduring Power of Attorney, etc)
- provide details so we can identify what personal information is being requested
- nominate the preferred format of the information (for example, a copy of the information or a request to view the information contained in our records)
Sometimes, the Nurse Midwife HPA cannot grant access to personal information we hold. For example, we may need to refuse access if granting access would:
- interfere with the privacy of others
- result in a breach of confidentiality
- pose a serious and imminent threat to the health and/or safety of any person
- threaten public health or public safety.
If that happens, Nurse Midwife HPA will provide written reasons for the refusal.