As an aged care service, this organisation is bound to collect a range of personal information according to the Aged Care Act 1997. The organisation is also bound by the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) and various state laws relating to our dealing with health records. The laws set out the requirements for ensuring systems and processes are in place to appropriately manage personal information.
What personal information do we collect?
Personal details such as;
Sensitive information including;
Other sensitive information such as;
(Please note you have a right not to provide the last three types of sensitive information listed above if you do not wish to).
We may also collect any other personal information you or a person ostensibly authorised by you submits to us, as well as any other information that we consider is necessary to perform our functions and activities.
How we collect information?
We may collect personal information:
How do we store and secure personal information?
A unique number referred to as a Unit Record (UR) number is assigned to your health records to enable your information to be appropriately filed and stored and is not used for any other purpose. Processes are in place to ensure your personal and health information is safeguarded against loss, unauthorised access, modification or disclosure. For example; record storage areas are secured at all times with limited access and computer records are password secured with levels of access according to staff role and responsibility.
The building has security cameras located at all entries and exits, the car park and the common areas such as; corridors and lounge areas for safety and security. These cameras record images that are kept for 1 week for review should an incident occur. Staff also monitor the images throughout each shift to identify potential or actual incidents related to resident safety and or security. The cameras and images are not used for any other purpose
Although we take all reasonable measures, we are not responsible for third party circumvention of security measures on our electronic databases or at any of our premises. Please note that third party recipients of personal information may have their own privacy policies and we are not responsible for their actions, including their handling of personal information. We cannot control the actions of other people with whom you share your information. Further, we cannot guarantee that only authorised persons will access your personal information and we cannot guarantee that information you share with us on our website will not become publically available. Please notify us immediately if you believe there has been any unauthorised access to your information.
Purposes for which we collect, hold, use and disclose personal/health information?
We may collect, use and disclose personal information for the primary purpose of conducting our business, which includes:
In conducting our operations, your personal and health information is used by nursing and care staff and visiting health professionals involved in your care such as; medical practitioner/s, physiotherapist, pharmacist, podiatrist to enable them to provide you with care and services appropriate to your needs and preferences. In an emergency, information is provided to health professionals for example ambulance officers and locum doctors.
Personal information is also provided on a need to know basis to service departments such as; catering, cleaning, laundry and maintenance and specialist suppliers like continence aid supplier. As required by the Aged Care Act the police and the Department of Social Services are informed where a resident is unexplainably missing or if physical elder abuse has occurred. As required by the Department of Health, there is a requirement to report certain illnesses such as; gastroenteritis or influenza outbreak.
As an aged care service provider, we are required by law to communicate some personal information to the Department of Social Services (DSS) to enable the organisation to receive the correct level of funding for the care required and the appropriate running of the service. This information includes personal details about your identity e.g. name, date of birth and health information such as; medical conditions, the level of assistance required for activities of daily living and specialised care needs. The organisation is also bound by law to provide access to your personal and health information to the Aged Care Quality Assessors. The DSS and Aged Care Quality Assessors are also bound by the Australian Privacy Principles.
It is unlikely that your personal information will be disclosed to an overseas recipient unless required by law or if requested or consented by yourself for a particularly purpose.
If you are a security holder in Estia Health, the Australian taxation legislation and the Corporations Act require personal information about you, including your name, address and details about your Shares, to be included on the share register. Your personal information held on the share register must be accessible to the public under the Corporations Act and will continue to be included on the share register where you cease to be a security holder. Your personal information may also be used from time to time and disclosed for purposes relating to your investment to our agents and service providers we may engage with in connection with the ordinary conduct of its operations, persons inspecting the register, bidders for your securities in the context of takeovers, regulatory bodies, including the Australian Taxation Office, the Australian Stock Exchange, authorised securities brokers, legal and accounting firms, auditors and other advisers for the purpose of advising on the Shares, print service providers, mail houses, the Share Registry or as otherwise required under the Privacy Act 1988 (Cth).
We will only disclose sensitive information where you would reasonably expect us to do so for a secondary purpose, and where the secondary purpose is directly related to our primary purpose of collecting that information, or disclosure is otherwise authorised or required by law. In circumstances where we are considering an application for employment, we may require you to provide a police check. We will only use this information for the purpose of assessing your application and meeting our legal requirements.
When you provide your personal details to us, you consent to us using your personal information for direct marketing purposes (for an indefinite period). From time to time, we may contact you with information about products and services offered by us and other companies which we think may be of interest to you. This includes sending newsletters to you. When we contact you it may be by mail, telephone, email or SMS.
How can you access and or correct your information?
When you access the Website from a computer, mobile phone, or other device, we may make a record of your visit and logs for statistical and business purposes and we may collect information including: the user’s server address, the user’s domain name, IP address, the date and time of visit, the pages accessed and documents downloaded, the previous site visited, the operating system used and the type of browser used. We may also track some of the actions you take on the Website such as when you provide information or content to us.
We use "cookies" (small pieces of data we store for an extended period of time on your computer, mobile phone, or other device) to make the Website easier to use. We also use them to know when you are interacting on the Website. You can remove or block cookies using the settings in your browser, but in some cases that may impact your ability to use some areas on the Website. If you use an external source to publish information on the Website (such as a mobile application or a Connect site), you should check the privacy setting for that post, as it is set by that external source.
Where the Website contain links to other websites, we do not control those websites, and we are not responsible for the privacy practices of the content of such websites. We do not take responsibility for the content in, or currency of, any externally linked sites. The inclusion of any link within the Website does not imply endorsement by us of the linked site, nor does it suggest any relationship with the organisation linked.
How to make a complaint?
If you wish to make a complaint about a situation where you believe your personal information has been inappropriately handled or there has been a breach of privacy please write or speak to the Privacy Officer. The Privacy Officer will follow the organisation’s Complaints Procedure which involves a response as soon as practicable and action taken based on a risk assessment and within 30 days. A copy of the procedure is available upon request. If you are dissatisfied with the response and or the handling of your complaint you may contact the following:
Health Services Commissioner (Vic)
Office of the Australian Information Commissioner
Call: 1300 363 992
Address: GPO Box 5218 Sydney NSW 2001
Contact – Privacy Officer
The contact details of Estia Health's Privacy Officer are as follows:
Name: Kate Sellick
Changes to this Policy