Collection of personal information
We understand, as a service provider, we will have access to and be responsible for a significant amount of information and, therefore, in line with the Privacy Act 1988 (Commonwealth), must have appropriate security controls in place to protect this information from unauthorised use, accidental modification, loss, or release.
As a part of Somerset Health’s services, we receive and store personal information entered onto our website, provided to us directly or give to us in other forms. Somerset Health understands the need to be reliable, cautious and thorough in the way information about clients, stakeholders, staff, volunteers, or students is recorded, stored, and managed.
Somerset Health collects personal information from people to facilitate the safe and appropriate delivery of agreed services. Staff and volunteers should note that privacy and confidentiality apply:
- in the workplace
- at home and in the community
- when talking with other staff
- when dealing with people of other agencies
- in social environments
- when dealing with other clients.
You may provide information such as your name, phone number, address, email address, and other medical information or health reports. We may also collect any other information you provide while interacting with us.
How we collect your personal information
Somerset Health collects personal information from you in a variety of ways, including when you interact with us electronically or in person, when you access the website and when we provide our services to you. We may receive personal information from third parties. If we do, we will protect it as set out in Somerset Health’s Privacy Policy.
Somerset Health’s Privacy Policy will be provided to all candidates / employees / contractors / clients, to ensure they understand what information will be captured about them, how it will be stored and their rights for disclosure, access, and complaints.
Specific security control measures that we have in place for employees, contractors, and clients include:
- this Privacy Policy – outlining the responsibility of employees to maintain confidentiality of clients and employee information
- password protection and permission management on electronic content management systems and company files
- physical security of our office and equipment – our office can be accessed only by our Senior Management team and all physical files are stored in a locked, security cabinet
- adherence to legal and legislative requirements regarding data usage, privacy policy and information sharing regarding clients.
Use of your personal information
In the collection, storage and sharing of personal, client information, we will follow these key principles:
- consent is obtained from clients for the collection, storage and sharing of their personal information, generally this is written consent, but if verbal, this is recorded in the client file
- client files, whether hard or electronic files, are kept in a secure location with authorised access only
- clients have the right to access their information at any time
- clients are encouraged to provide updated information if their circumstances change
- Somerset Health staff will update information when they become aware of changes to client circumstances, and/or when a review is carried out, to ensure that the information is current and accurate
- all information relating to clients is confidential and will not be disclosed to any other person or organisation without the client’s consent
- only information necessary for delivering effective services will be collected
- photographs or electronic recordings will not be taken without permission
- each client will be offered the right to choose whether to participate in any research or auditing process
- all staff will receive training regarding confidentiality and privacy.
Somerset Health may also use personal information to provide you with information, updates, and our services. We may also make you aware of new and additional services and opportunities available to you. We may use your personal information to improve our services and better understand your needs.
Somerset Health may contact you or your advocate by a variety of measures including, but not limited to telephone, email, SMS, or mail.
Disclosure of your personal information
Somerset Health maintains electronic files for secure storage and distribution of documents and correspondence which includes but is not limited to:
- incoming and outgoing correspondence including electronic mail.
- meeting minutes
- legal documents, Funding Agreements, acquittals, and reports and funding applications
- participant information.
- staff/personnel files.
We may disclose your personal information to any of Somerset Health employees, support coordinators, insurers, professional advisers, disability advocates, agents, suppliers, or subcontractors as reasonably necessary for the purposes set out in this Policy. Personal information is only supplied to a third party when it is required for the delivery of our services.
We may from time to time need to disclose personal information to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, in the course of a legal proceeding or in response to a law enforcement agency request.
By providing us with personal information, you consent to the terms of Somerset Health’s Privacy Policy and the types of disclosure covered by this Policy. Where we disclose your personal information to third parties, we will request client consent first and request that the third party follow this Policy regarding handling your personal information.
Security of your personal information
Somerset Health will utilise and access an appropriately secure platform, to manage individual client bookings, referrals, and payments. Access will be restricted.
Additional personal information held about clients may include:
- file notes
- assessment
- care plan and consent
- emergency contacts
- change in circumstances of the consumer
- complaints
- reports, referrals or information from other agencies
- requests from the consumer for any change in service.
Hardcopy files will be kept secure during travel and visits to remote communities.
Somerset Health will seek advice regarding their obligations under relevant privacy legislation when they receive a request for personal information from an external body, authority or organisation, or overseas authority, where the client has not given consent for transfer of information.
Access to your personal information
In the collection, storage and sharing of personal, client information, we will follow these key principles:
- consent is obtained from clients for the collection, storage and sharing of their personal information, generally this is written consent, but if verbal, this is recorded in the client file
- participant files, whether hard or electronic files, are kept in a secure location with authorised access only
- participants have the right to access their information at any time
- participants are encouraged to provide updated information if their circumstances change
- Somerset Health staff will update information when they become aware of changes to client circumstances, and/or when a review is carried out, to ensure that the information is current and accurate
- all information relating to clients is confidential and will not be disclosed to any other person or organisation without the client’s consent
- only information necessary for delivering effective services will be collected
- photographs or electronic recordings will not be taken without permission
- each client will be offered the right to choose whether to participate in any research or auditing process
- all staff will receive training regarding confidentiality and privacy.
Complaints about privacy
If you have any complaints about our privacy practices, please send in details of your complaints to admin@somersethealth.com.au. We take complaints very seriously and will respond shortly after receiving written notice of your complaint.
Changes to Somerset Health’s Privacy Policy
Please be aware that we may change this Privacy Policy in the future. We may modify this Policy at any time, in our sole discretion and all modifications will be effective immediately upon our posting of the modifications on our website or email notice. Please check back from time to time to review our Privacy Policy.