top of page

Privacy Policy

COLLECTION OF PERSONAL INFORMATION
 

Personal Information

  • Personal information may include: name, date of birth, gender, addresses, residency status, contact details, bank account details, tax file number, driver's licence number, Centrelink information, photographs, medical history or other health related history, and other information about a person.

  • DMI collects client information for the purposes of, but not limited to, onboard a client to our services, administer and manage those services, evaluate and improve those services, carry out clinical assessments and interventions for clients using the information, and meet our obligations under the NDIS, AHPRA, and other relevant regulatory bodies.

  • Information about clients can be collected directly from them orally or in writing, from third parties (e.g., medical practitioners, government agencies, representatives, carers and workers, health professionals, teachers, work managers, and other people whose input is of clinical benefit to the participant's assessment or intervention.
     

Informed Consent

  • All staff must follow the Informed Consent Policy

  • In collecting personal information, DMI will inform the client:

    • That information is being collected

    • What the information is being used for

    • How the information will be stored and protected

    • Their right to request access to, and to correct, any information provided

  • Clients will be made aware of the limits to confidentiality, the conditions under which DMI may need to breach client confidentiality, and the steps DMI will take should this need arise.

  • Informed consent is explained during the initial service phases, and understanding and sign off is obtained from participants or their representative in the Service Agreement.

 

Release of Information

  • All staff must follow the Informed Consent Policy

  • Release of Information (ROI) will be requested from participants or their representatives, before any communication is made to speak to someone about a participant.

  • When a third party requests for information about a participant, DMI will ensure that a signed ROI is obtained before any communication commences.

  • Where release of information is mandated by a court of law (subpoenaed), DMI will take all reasonable steps to notify the client and advise them of actions taken.

  • Where release of information without consent is indicated, associated with imminent risk or safety, DMI will take all reasonable steps to notify the participant and advise them of actions taken.

 

Storage of Personal Information

  • DMI will take all reasonable steps to protect personal information against loss, interferences, misuse, and any other unauthorised access, modification or disclosure.

  • Hardcopy documentation are stored in cardboard boxes in the office, and sealed off annually labelled with the date. Boxes are kept in locked storage until the date that they can be destroyed, or if the client returns for service.

  • Electronic files are securely protected on DMI's internal NAS drive, and backed up at set intervals that are frequent to prevent any risk to client files or disruption to service.

  • All client information is kept for seven (7) years from the last date of service if they are 18-years or above at that time. For children under the age of 18-years at time of last service, all files are kept until the person turns 25-years.

 

Accessing Personal Information

  • Clients can request and be granted access to their personal information at any time

  • Clients must make requests for access to personal information in writing

  • DMI will provide access to personal information in a timely manner and within 30-days of receiving the request in writing.

  • Requests for access will always be granted unless there is a reason under the Privacy Act or any other law not to give access to the information. These reasons may include:

    • a serious threat to the life, health or safety of any individual, or to public health/safety

    • it would impact on the privacy of other individuals

    • the request is frivolous or vexatious

    • the information relates to existing or anticipated legal proceedings

    • it would prejudice negotiations with the individual

    • it would be unlawful

    • denying access is authorised by law

  • In circumstances where access cannot be granted, DMI will inform the client in writing of the reasons for denying access, and the mechanisms available to complain or appeal.

 

Privacy Complaints or Concerns

  • Complaints or concerns in relation to privacy should be submitted via the Feedback & Complaints Form available on the DMI website, and via email, or telephone

  • DMI will respond to all complaints, concerns or feedback in accordance with the Feedback & Complaints Policy and procedures.

 

Breaches of Privacy

  • DMI is required to disclose any data breach to the Office of Australian Information Commissioner, if the data contains personal information that is likely to result in serious harm, which includes physical, psychological, financial or reputational harm. Personal information about an identified individual, or an individual who is reasonably identifiable.

  • Any staff who identify a potential breach must immediately inform the Principal Psychologist for further action.

 

STAFF EXPECATIONS AND RESPONSIBILITIES

  • Staff can only access client information if they have been allocated the case or are assisting in providing services to the client.

  • Under no circumstances, are staff to access client information that they have not been assigned or asked to by their Team Leader or Principal.

  • Staff must obtain informed consent and ROI before sharing information about a client to any external party. This includes when they have been approached by a third party to exchange information.

  • Breaches of client privacy and confidentiality are considered serious breaches and misconduct.

bottom of page