Privacy Policy

Purpose

To communicate how IGNITE CAREERS:

a)      Manages records about its staff, customers, clients and business operations;

b)      Protects the privacy of the health and personal information collected about its clients;

c)      Protects the privacy of the personal information collected about its customers; and

d)      Protects the privacy of the personal information collected about its staff.

1.      Scope and application

This policy applies to service delivery and business activities undertaken in each of the personal injury schemes within which IGNITE CAREERS operates.

It concerns the services and business activities of

a)      The management and employees of IGNITE CAREERS;

b)      Any sub-contractor engaged by IGNITE CAREERS; and

c)      Any third party service provider engaged by IGNITE CAREERS.

2.      Related legislation, guidelines, policies and procedures

i.            Privacy Act (Commonwealth) 1988 – Section 14 and Schedule 3;

ii.            Health Records & Information Privacy Act (NSW) 2002 – Schedule 1;

iii.            NSW Statutory Guidelines on the management of health services [disclosure of health information for the purposes of managing a health service], 2004;

iv.            NSW Statutory Guidelines on training [disclosure of health information for training purposes], 2004;

v.            NSW Statutory Guidelines on notifying a person when you have collected health information from someone else, 2004;

vi.            IGNITE CAREERS Complaints Management System.

3.      Policy statement

The secure, responsible and ethical management of health records and personal information, in all its forms, is fundamental to good governance.

Our secure records and information management system, combined with the adherence to professional codes of practice and ethics, enables us to:

a)      Comply with Commonwealth and State privacy and health records management legislation and statutory guidelines;

b)      Navigate complex privacy and confidentiality matters; and

c)      Control risks to individuals, their employers, relevant agencies, our customers and our business.

IGNITE CAREERS recognises that its need for information must be balanced with an individual’s right to privacy. The principles that guide IGNITE CAREERS towards achieving that balance are contained within Commonwealth and State legislation governing privacy, including:

  • Privacy Act (Commonwealth) 1988 – Section 14 and Schedule 3;
  • Health Records & Information Privacy Act (NSW) 2002 – Schedule 1.

Those Acts co-exist and the principles contained within the applicable schedules are complementary.

Privacy Principle How IGNITE CAREERS   applies the principle in practice

1

 IGNITE CAREERS shall not collect health and personal information unless it is necessary, lawful and directly related to the   services it provides.

2

 IGNITE CAREERS shall take all reasonable steps to inform   clients, customers and its staff about:

  • The purpose of collecting any health and personal information;
  • Any legislative requirements for collecting health and personal information; and
  • Any third person, body or agency to whom we are required, by law, to disclose health and/or personal information.

IGNITE CAREERS shall not use information except for a   purpose to which the information is relevant.

3

 IGNITE CAREERS shall ensure that health and personal information is up to date and complete.IGNITE CAREERS shall ensure that the collection of information does not unreasonably intrude upon   the personal affairs of any clients, customer or staff member.

4

 IGNITE CAREERS shall ensure that health and personal information records are protected against (i) loss, (ii) unauthorised access, use, modification or disclosure, and (ii) misuseIGNITE CAREERS shall prevent unauthorised use or disclosure of information when receiving or transferring health and/or personal records to authorised persons, bodies or agencies.

5

 IGNITE CAREERS maintains privacy policy and procedures that specify:

  •   the nature, scope and purposes of the health and personal information recorded;
  •   the persons about whom records are kept;
  •   the period for which our records are kept;
  •   the persons who are entitled to access the health and personal information contained in our records;
  •   the conditions under which those persons are entitled to have that access;
  •   the steps that should be taken by persons wishing to access the information; and
  •   the steps that should be taken by persons wishing to make a complaint about how we manage the privacy of their health and personal information.

IGNITE CAREERS shall take reasonable steps to inform its clients, customer and staff   about its privacy policy and procedures.

6

 IGNITE CAREERS shall provide its clients, customer and staff with access to their health and personal records on request, except to the extent that IGNITE CAREERS is required or authorised to refuse access to those records under provisions of applicable Commonwealth law.

7

 IGNITE CAREERS shall make appropriate corrections, deletions and additions as are to ensure that health and personal records are   accurate, up to date, complete and not misleading.

8

 IGNITE CAREERS shall not use any health or personal information unless it is accurate, up to date, complete and not misleading.

9

 IGNITE CAREERS shall not use the health and personal information except for the purposes for which the information was collected and is relevant.

10

 IGNITE CAREERS will not use health or personal information for purposes other than those for which it was collected unless:

  •   The client, customer or staff member has given consent to do so; or
  •   It is necessary to prevent or lessen a serious and imminent threat to the life or health of the individual concerned or another person; or
  •   It is required or authorised by or under law; or
  •   IGNITE CAREERS is authorised to do so in the interest of public safety and security.

11

 IGNITE CAREERS will not disclose health or personal information  to a person, body or agency other than the individual concerned unless:

  •   S/he has been made aware and has given consent to do so, or
  •   Disclosure is necessary to prevent or lessen a serious and imminent threat to the life or health of the individual concerned or another   person;  or
  •   Disclosure is required or authorised by or under law; or
  •   Disclosure is authorised in the interest of public safety and   security.

4.      Procedures

4.1   Responsibilities

The overall responsibility for the implementation, evaluation and review of the IGNITE CAREERS privacy policy and procedure is held by the Managing Director.

All IGNITE CAREERS personnel, including sub-contractors, are signatories to The IGNITE CAREERS Collective Agreement in which they declare the commitment to the privacy policy and associated procedures. This declaration compels our personnel to comply with the provisions of our policy and those of the applicable privacy and health records management legislation.

4.2  Why do we need to collect, store and disclose health and personal information?

In order to deliver the best possible services that are safe and without risk to public health and productivity, IGNITE CAREERS collects, uses, stores and discloses relevant information about our clients, our customers and our staff. We do so for the following purposes.

About our clients:
  1.            i.              To accurately assess client needs;
  2.          ii.              To select and provide services that best meet those needs;
  3.         iii.              To evaluate the effectiveness of those services; and
  4.        iv.              To continuously improve the services delivered.
About our customers:
  1.            i.                                                                                                                                                                                                                                                                                                     To accurately determine customer requirements, including the level of   service they value and expect;
  2.          ii.                                                                                                                                                                                                                                                                                                     To ensure that services are delivered in a manner that meets expected   service levels;
  3.         iii.                                                                                                                                                                                                                                                                                                     To determine customer perceptions about the value of our services; and
  4.        iv.                                                                                                                                                                                                                                                                                                     To make essential adjustments to our services to attain and retain   customer satisfaction.
About our staff:
  1.            i.                                                                                                                                                                                                                                                                                                     To verify the possession of essential qualifications and other   relevant credentials;
  2.          ii.                                                                                                                                                                                                                                                                                                     To verify participation in continuous professional development   activities;
  3.         iii.                                                                                                                                                                                                                                                                                                     To establish an individual’s capability to perform the inherent   requirements and demands of the role;
  4.        iv.                                                                                                                                                                                                                                                                                                     To establish an individual’s capability to return to the role   following injury or illness;  and to   assist with returning that individual to productive employment;
  5.          v.                                                                                                                                                                                                                                                                                                     To support staff with achieving learning and development goals; and
  6.        vi.                                                                                                                                                                                                                                                                                                     To support any staff member with managing any health and/or personal   matters that may affect his/her ability to deliver services to our clients   and customers.

4.3  What type of information do we need to collect?

IGNITE CAREERS needs to collect and store health and/or personal information that are necessary and directly relevant to the services we provide.

In doing so, we inform our clients, customers and staff about:

a)      The purpose of collecting the information;

b)      Any legal requirements for collecting information from the individual and any third person, organisation or agency; and

c)      Any third person, organisation or agency to which the individual is required to disclose information.

4.4  How do we store your health and personal information?

IGNITE CAREERS establishes and maintains private and confidential records in both physical and electronic form.

Records are protected against (i) loss, (ii) unauthorised access, use, modification or disclosure, and (iii) misuse.

Protection is ensured through the use of our:

  • Secure filing and archiving facilities; and
  • Password encrypted and firewall secured information management system.

4.4.1        Key processes for all records

IGNITE CAREERS accommodates the unique security needs for specific customers, clients
and staff in accordance with any specialised security classifications applied to certain information.

Access to all records – electronic and physical – is strictly limited to designated IGNITE CAREERS personnel with the need and authority to manage those records, including the relevant consultant and the Directors.

4.4.2    Key processes for electronic records

Administrators assign and control access permissions to each system user. Those access permissions are role-specific and, therefore, limited to the responsibilities held by each user.

Each system user is required to set up an account with a password and username that are distinct from those used to log-in to IGNITE CAREERS’s network. Passwords must be changed every 30 days.

Secure “back-up” of all records occurs daily through a secure parallel server that is located off-site. Overnight “back-up” occurs on the on-site server.

Management of our primary and parallel servers is subject to closed access and strictly limited to authorised administrators.

As a minimum, all electronic reports exchanged with our customers (or to be transferred to another authorised person/agency or body) are:

a)      produced in Adobe pdf format with secure settings; or

b)      uploaded onto the customer’s secure online portal so as to control access and prohibit unauthorised editing or alteration.

All emails containing health and personal information are password encrypted.

4.4.3    Key processes for physical records

Physical records in the possession of our qualified personnel are stored in closed access security cabinets within the lockable consulting/examination rooms. They are only removed when worked upon.

When in the field, consultants are required to keep physical case records secure by either carrying  them on their persons, keeping them in a secure portable storage facility (file, case or similar), and/or locking them in a concealed space within their motor vehicles.

All active physical records are stored in the lockable facility at the IGNITE CAREERS registered office. Access to records contained within that facility is limited to the Directors.

After 6 months, inactive physical records are stored in a secure off-site facility.

All physical records exchanged with our customers (or to be transferred to another authorised person/agency or body) are either distributed via registered post or secure courier service.

4.5  For how long will your information be stored?

Once they are no longer active, all records are securely stored and retained for a minimum period of seven years or as otherwise required under law.

If, during that time, records need to be handed over or transferred to another person, organisation or agency, we will ensure that:

  • The individuals      concerned have been made aware of the reasons for the handover or      transfer;
  • Unauthorised use or      disclosure of the records are prevented; and
  • The records are up to      date, accurate, complete and not misleading.

4.5.1        How do we dispose of and destroy records

The Managing Director is responsible for:

  • identifying records to be destroyed; and
  • authorising the destruction of records.

Secure destruction of physical records is undertaken by an ASIO-T4 approved provider.

Electronic records are deleted from the information management system by the Managing Director.

Preferred secure records destruction providers
National Document Shredding Service Ph:   1800 757 000

https://www.nationalshred.com.au/index.html
Shredway Ph:   1300 738 713

http://www.shredway.com.au/index.html
Northside Paper Recycling Ph:   1300 888 487

http://www.northsidepaperrecycling.com.au/security-destruction.html

4.6  How do we use and disclose your information?

IGNITE CAREERS will only use health and personal information to deliver services that meet the needs and interests of its clients, customers and staff.

This may involve disclosing information (either verbally or in printed/written form) to persons, organisations or agencies that have a legitimate and lawful need to know.

Those with a legitimate and lawful need to know may include:

  • A client’s employer;
  • Medical and health practitioners attending to a given client or      staff member;
  • Our contracted advisors and service providers;
  • Legal practitioners; and
  • Government departments and agencies.

We will only disclose personal information when:

  • The individual concerned has been made aware and have given IGNITE CAREERS consent to do so; or
  • Disclosure is required or authorised by or under law; and
  • Disclosure is necessary to prevent or lessen a serious and/or imminent threat to the individual’s life or health (or the life and health of another person).

Before using and disclosing personal information, we will ensure that it is:

a)      Up to date;

b)      Accurate;

c)      Complete; and

d)      Not misleading.

We will consult with the individual concerned to make appropriate corrections, deletions and additions to his/her records.

5.7  Withdrawing your consent to collect and disclose your information

An individual may withdraw his/her consent to collect and disclose health and/or personal information at any time.

Doing so, however, may hinder our ability to provide safe, effective and/or ethical services.

If an individual is considering the withdrawal of consent, we will consult with that person to discuss concerns and to ensure that individual rights and the effects of withdrawing consent are clearly understood.

If, thereafter, the individual chooses to withdraw consent, we may need to modify, suspend or cease the services provided.

5.7.1    For Commonwealth records

IGNITE CAREERS is cognisant of the provisions of section 24 of the Archives Act 1983, which governs the disposal, destruction and alteration of Commonwealth records. We will not dispose of, destroy or alter any electronic or physical record received and kept in our possession that is deemed to be a Commonwealth Record.

5.8  Contacting IGNITE CAREERS about your health and personal information

For information about how to:

  • Access your records; and/or
  • Make necessary corrections or additions to your records; or
  • Lodge a complaint about the privacy of your health and personal information.

Contact the Managing Director as follows:

Kylie Dearn kylie.dearn@ignitecareers.com.au

Mobile: 0425 340 584

5.9  Complaints about the privacy of your information

Complaints about privacy and confidentiality matters are managed in accordance with the IGNITE CAREERS Complaints Management Policy.

A complaint can be lodged by anyone, either verbally, in writing or by email.

First, where possible and practicable, any concern about information privacy should be (a) raised with the person or persons who are central to the matter, and (b) resolved at the point of service in consultation with those persons.

Second, if the matter cannot be resolved at the point of service between the persons concerned, a complaint should be lodged with the Managing Director, who will manage the complaint to resolution.

Third, if the complaint cannot for any reason be managed and brought to a satisfactory resolution, the complaint may be lodged with the NSW Privacy Commissioner.

The NSW Privacy Commissioner may refer the complaint to another organisation with the competent jurisdiction to manage the complaint, as listed below:

 

For complaints about private health service providers, large businesses, federal government agencies, tax file numbers, consumer credit reporting and federal spent convictions. Office of the Australian   Information Commissioner

Phone: 1300 363 992
For complaints about confidentiality of medical records and conduct of health workers in NSW. Health Care Complaints Commission

Phone: (02) 9219 7444

 

Password Reset
Please enter your e-mail address. You will receive a new password via e-mail.