This policy applies to all employees, Councillors and contractors of the City of Greater Geelong, specifically those persons responsible for public registers and the receipt and management of Personal and Health Information.
We will comply with the Information Privacy Principles as set out in the Privacy and Data Protection Act 2014 and Health Records Act 2001 in regards to the management and handling of Personal and Health Information.
Definitions within our Policy
Information or an opinion (including information or an opinion forming part of a database) that is recorded in any form and whether true or not, about an individual whose identity is apparent, or can be reasonably ascertained, from the information or opinion.
Are documents that:
- are open to inspection by members of the public and
- contain information required or permitted by legislation.
An identifier (usually a number) assigned by an organisation to an individual to identify that individual for the purposes of the operations of the organisation, but does not include an identifier that consists only of the individual’s name.
Information or an opinion about:
- the physical, mental or psychological health of an individual
- a disability of an individual
- an individual’s expressed wishes about the future provision of health services to him or her
- a health service provided, or to be provided, to an individual that is also personal information or
Other personal information, including personal information:
- collected to provide, or in providing, a health service
- about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances or
- that is genetic information about an individual in a form which is, or could be, predictive of the health (at any time) of the individual, or of any of his or her descendants.
An activity performed in relation to an individual that is intended or claimed (expressly or otherwise) by the individual or the organisation performing it:
- to assess, maintain or improve the individual’s health
- to diagnose the individual’s illness, injury or disability
- to treat the individual’s illness, injury or disability or suspected illness, injury or disability
- a disability service, palliative care service or aged care service
- the dispensing of a prescribed drug or medicinal preparation by a pharmacist or
- a service, or class of service, provided in conjunction with an activity or service referred to in the above dot points that are prescribed as a health service.
But does not include a health service, or class of health service, which is exempt for the purpose of the Health Records Act.
Personal information or an opinion about an individual’s:
- racial or ethnic origin
- political opinions
- membership of a political association
- religious beliefs or affiliations
- philosophical beliefs
- membership of a professional trade association
- membership of a trade union
- sexual preferences or practices or
- criminal record.
We believe that the responsible handling of personal information is a key aspect of democratic governance, and we are committed to protecting an individual’s right to privacy.
The following general Privacy and Health Records Statement will be published, where appropriate, confirming our commitment:
The City of Greater Geelong considers that the responsible handling of Personal and Health Information is a key aspect of democratic governance and health service provision and we are committed to protecting an individual’s right to privacy.
Council will comply with the Information Privacy and Health Privacy Principles as set out in the Privacy and Data Protection Act 2014 and Health Records Act 2001.
Council has in place a policy that sets out the requirements for the management and handling of Personal and Health Information.
We will comply with the Information and Health Privacy Principles as set out in the Acts when managing information, including:
Collection of information
Personal Information will only be collected where necessary for the function or activity of Council, and will only be collected by lawful and fair means. We will only collect information about an individual from that person and not in an unreasonably intrusive way.
The onus is placed on the collector of the information to justify why the information is required, and to determine who will have access to this information.
Sensitive information will only be collected where permitted under the Act, or where the individual has provided consent.
Storage, security and data quality issues
Council has measures in place to ensure that there will be no unauthorised access to information. Council will endeavour to ensure that all data is up to date and accurate.
Individuals have a right to access any Personal Information held about them and they may update any incorrect information.
Information which is no longer required, will be destroyed in accordance with relevant legislation.
Use and disclosure of personal information
Council will use personal information only for the purpose for which it was collected, unless required by legislation, or where there is a reasonable assumption that the original information will be used for this secondary purpose.
In any other circumstances, Council will contact the individual to obtain consent.
Council will only assign a Unique Identifier to identify a person if the assignment is reasonably necessary to carry out its functions.
Where lawful and practical, Council will give individuals the option of not identifying themselves when communicating with Council.
Closure of the Practice of a Health Service Provider
If Council discontinues the delivery of a health service, it will provide notice to past service users directly, and by way of public notice in the local newspaper.
Making information available to another Health Service Provider
Council will make an individual’s Health Information available to another health service provider where requested to do so by the individual.
Where an external contractor deals with Personal Information on behalf of Council, they will be required to comply with the Information Privacy Act or the Health Records Act, whichever is applicable.
Role of Privacy Officer
The Privacy Officer will also be the Health Records Officer, and will handle enquiries, complaints or adjustments regarding Personal or Health Information. Written requests for information will be responded to in writing within 10 working days of receipt, unless the request is covered by the Freedom of Information Act.
- Complaints will be directed to Council’s Privacy Officer in the first instance.
However, should any person still feel aggrieved, they may approach the Government’s Privacy and Data Protection Commissioner or Health Services Commissioner for resolution.
Where practical, a statement outlining Council’s policy regarding the handling of Personal and Health Information will be used at all points of collection, and for all outgoing correspondence that may request Personal Information.
This applies to both hardcopy and electronic communication.
Need to know more ...