Thirdslide

Information Privacy and Health Records Policy

This policy applies to all employees, Councillors and contractors of the City of Greater Geelong, specifically those persons responsible for public registers and the receipt and management of Personal and Health Information.

Privacy standards

We will comply with the Information Privacy Principles as set out in the Privacy and Data Protection Act 2014 and Health Records Act 2001 in regards to the management and handling of Personal and Health Information.


Definitions within our Policy

Personal information

Information or an opinion (including information or an opinion forming part of a database) that is recorded in any form and whether true or not, about an individual whose identity is apparent, or can be reasonably ascertained, from the information or opinion.


Public Registers

Are documents that:

  • are open to inspection by members of the public and 

  • contain information required or permitted by legislation.


Unique identifier

An identifier (usually a number) assigned by an organisation to an individual to identify that individual for the purposes of the operations of the organisation, but does not include an identifier that consists only of the individual’s name.


Health information

Information or an opinion about:

  • the physical, mental or psychological health of an individual

  • a disability of an individual

  • an individual’s expressed wishes about the future provision of health services to him or her

  • a health service provided, or to be provided, to an individual that is also personal information or

Other personal information, including:

  • personal information collected to provide, or in providing, a health service

  • personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances or

  • personal information that is genetic information about an individual in a form which is, or could be, predictive of the health (at any time) of the individual, or of any of his or her descendants.


Health Service

An activity performed in relation to an individual that is intended or claimed (expressly or otherwise) by the individual or the organisation performing it:

  • to assess, maintain or improve the individual’s health

  • to diagnose the individual’s illness, injury or disability

  • to treat the individual’s illness, injury or disability or suspected illness, injury or disability

  • a disability service, palliative care service or aged care service

  • the dispensing of a prescribed drug or medicinal preparation by a pharmacist or

  • a service, or class of service, provided in conjunction with an activity or service referred to in the above dot points that are prescribed as a health service.

But does not include a health service, or class of health service, which is exempt for the purpose of the Health Records Act.


Sensitive information

Personal information or an opinion about an individual’s:

  • racial or ethnic origin

  • political opinions

  • membership of a political association

  • religious beliefs or affiliations

  • philosophical beliefs  

  • membership of a professional trade association

  • membership of a trade union

  • sexual preferences or practices or

  • criminal record.


Our Policy

We believe that the responsible handling of personal information is a key aspect of democratic governance, and we are committed to protecting an individual’s right to privacy.

The following general Privacy and Health Records Statement will be published, where appropriate, confirming our commitment:

The City of Greater Geelong considers that the responsible handling of Personal and Health Information is a key aspect of democratic governance and health service provision and we are committed to protecting an individual’s right to privacy.

Council will comply with the Information Privacy and Health Privacy Principles as set out in the Privacy and Data Protection Act 2014 and Health Records Act 2001.

Council has in place a policy that sets out the requirements for the management and handling of Personal and Health Information.


We will comply with the Information and Health Privacy Principles as set out in the Acts when managing information, including:


Collection of information

Personal Information will only be collected where necessary for the function or activity of Council, and will only be collected by lawful and fair means. We will only collect information about an individual from that person and not in an unreasonably intrusive way.

The onus is placed on the collector of the information to justify why the information is required, and to determine who will have access to this information.

Sensitive information will only be collected where permitted under the Act, or where the individual has provided consent.


Storage, security and data quality issues

Council has measures in place to ensure that there will be no unauthorised access to information. Council will endeavour to ensure that all data is up to date and accurate.

Individuals have a right to access any Personal Information held about them and they may update any incorrect information.

Information which is no longer required, will be destroyed in accordance with relevant legislation.


Use and disclosure of personal information

Council will use personal information only for the purpose for which it was collected, unless required by legislation, or where there is a reasonable assumption that the original information will be used for this secondary purpose.

In any other circumstances, Council will contact the individual to obtain consent.


Identifiers

Council will only assign a Unique Identifier to identify a person if the assignment is reasonably necessary to carry out its functions.


Anonymity

Where lawful and practical, Council will give individuals the option of not identifying themselves when communicating with Council.


Closure of the Practice of a Health Service Provider

If Council discontinues the delivery of a health service, it will provide notice to past service users directly, and by way of public notice in the local newspaper.


Making information available to another Health Service Provider

Council will make an individual’s Health Information available to another health service provider where requested to do so by the individual.


External contractors

Where an external contractor deals with Personal Information on behalf of Council, they will be required to comply with the Information Privacy Act or the Health Records Act, whichever is applicable.


Role of Privacy Officer

The Privacy Officer will also be the Health Records Officer, and will handle enquiries, complaints or adjustments regarding Personal or Health Information. Written requests for information will be responded to in writing within 10 working days of receipt, unless the request is covered by the Freedom of Information Act.

  • Complaints will be directed to Council’s Privacy Officer in the first instance.

However, should any person still feel aggrieved, they may approach the Government’s Privacy and Dat Protection Commissioner or Health Services Commissioner for resolution.


Privacy Statement

Where practical, a statement outlining Council’s policy regarding the handling of Personal and Health Information will be used at all points of collection, and for all outgoing correspondence that may request Personal Information.

This applies to both hardcopy and electronic communication.


Need to know more ...

If you have any queries regarding this Privacy Policy, please contact our Information Privacy Officer by phone on 03 5272 5272.



Page last updated: Monday, 17 July 2017
Print