Privacy Policy

STEPS Neurological Therapy Services is committed to the transparent management of personal and health information about its clients and staff.

This commitment includes protecting the privacy of personal information, in accordance with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cwlth) amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cwlth) and in accordance with the Privacy Policy, Department of Human Services, endorsed June 2002 (amended August 2005) (Vic), the Health Records Act 2001 (Vic), the Information Privacy Act (2000) (Vic),and the Freedom of Information Act 1982 (Cwlth).

STEPS Neurological Therapy Services’ Privacy and Confidentiality Policy and Procedure is made publicly available.

Personal Information

Personal information may include:

name,
date of birth,
gender,
current and previous addresses,
residency status,
telephone numbers and e-mail addresses,
photographs,
race or ethnicity, and
medical history or information provided by a health service.

In collecting personal information, STEPS Neurological Therapy Services will inform the client:

that information is being collected;
the purposes for collection;
who will have access to the information;
the right to seek access to, and/or correct, the information; and
the right to make complaint or appeal decisions about the handling of their information.

Client information is used to:

assess and provide services;
administer and manage those services;
evaluate and improve those services;
contribute to research;
contact family, carers, or other third parties if required; and
meet our obligations under the NDIS and other funding bodies including the Transport Accident Commission, WorkCover and DVA.

Client Consent

Clients are asked to review and acknowledge Steps Therapy Privacy Policy at the time of commencing service with STEPS Neurological Therapy Services. The relevant form is then:

signed and placed in the client’s file;
held securely with access limited to staff members in the performance of their role.
Where an individual chooses not to provide requested information, we will advise that individual of what consequences this non-disclosure may have. For example, withholding certain information may limit our ability to provide relevant offers or services to individuals.

Collection and Storage of Personal Information

STEPS Neurological Therapy Services collects information:

directly from clients orally or in writing;
from third parties, such as medical practitioners, government agencies, client representatives, carer/s, and other health service providers;
from client referrals; and
from publicly available sources of information.

STEPS Neurological Therapy Services will collect sensitive information:

only with client consent, unless an exemption applies: e.g. the collection is required by law, court/tribunal order or is necessary to prevent or lessen a serious and imminent threat to life or health;
fairly, lawfully, and non-intrusively;
directly from client, if doing so is reasonable and practicable;
only where deemed necessary to support:
- service delivery to clients;
- staff activities and functions; and
- giving the client the option of interacting anonymity, if lawful and practicable.

STEPS Neurological Therapy Services takes all reasonable steps to protect personal information against loss, interference, misuse, unauthorised access, modification, or disclosure. STEPS Neurological Therapy Services will destroy, or permanently de-identify personal information that is

no longer needed;
unsolicited and could not have been obtained directly; or
not required to be retained by, or under, an Australian law or a court/tribunal order.

STEPS Neurological Therapy Services staff will only access a client’s file if this is required for direct therapy interventions, client care and/or safety. This includes therapy staff as well as administration staff.

STEPS Neurological Therapy Services has appropriate security measures in place to protect stored electronic and hard-copy materials. STEPS Neurological Therapy Services has an archiving process for client files which ensures files are securely and confidentially stored and destroyed in due course.

Should a breach in privacy occur, potentially exposing client information (e.g. computer system hacked, laptop stolen etc.) the Directors will immediately act to rectify the breach in accordance with organisational policy and processes.

Updating Your Personal Information

To ensure that client information is accurate, complete, current, relevant and not misleading, STEPS Neurological Therapy Services checks personal details and updates client files accordingly:

whenever reviewing a client’s service; and / or
upon being informed of changes or inaccuracies by clients or other stakeholders

There will be no charge for any correction of personal information.

Where STEPS Neurological Therapy Services has previously disclosed client personal information to other parties, should the client request us to notify these parties of any change to their details, we must take reasonable steps to do so.

Disclosing Your Personal Information

STEPS Neurological Therapy Services respects the right to privacy and confidentiality, and will not disclose personal information except:

where disclosure would protect the client and / or others;
where necessary for best service practice; or
where obligated by law.

For these purposes, STEPS Neurological Therapy Services may disclose clients’ personal information to other people, organisations or service providers, including:

medical and allied health service providers who assist with the services we provide to clients;
a ‘person responsible’ if the client is unable to give or communicate consent e.g. next of kin, carer, or guardian;
the client’s authorised representative/s e.g. legal adviser;
our professional advisers, e.g. lawyers, accountants, auditors;
government and regulatory authorities, e.g. Centrelink, government departments, and the Australian Taxation Office;
organisations undertaking research where information is relevant to public health or public safety; and
when required or authorised by law.

Any information released for evaluation or research purposes will be de-identified.

Accessing Your Personal Information

Clients can request and be granted access to their personal information, subject to exceptions allowed by law.

Requests to access personal information must state:

the information to be accessed
the preferred means of accessing the information,
and should be forwarded to the Directors either verbally, or in writing to:

450 Waverley Rd
Malvern East VIC 3145

[email protected]

Phone: 03 9568 5611

The Directors will assess the request to access information, taking into consideration current issues that may exist with the client, and whether these issues relate to any lawful exceptions to granting access to personal information.

Should the Directors decide that access to personal information will be denied, they must, within 30 days of receipt of the request, inform the client in writing of:

the reasons for denying access and
the mechanisms available to complain or appeal.

Should access be granted, the Directors will contact the client within 30 days of receipt of the request to arrange access to their personal information.

Our practice may occasionally need to deny access to information in accordance with the exemptions contained in the Privacy Act 1988.

Should STEPS Neurological Therapy Services be unable to provide the information in the means requested, the Directors will discuss with the client alternative means of accessing their personal information.

Reasonable charges and fees, incurred by STEPS Neurological Therapy Services in providing the data as requested, may be passed on to the client.

Video or audio recording:

Consent must be gained from the therapist prior to any video or audio recording of any part of a therapy session.

Consent must be gained from the therapist and any other persons being recorded prior to posting the recording on any social media platform.

Breaches of Privacy

STEPS Neurological Therapy Services are required to disclose a data breach to the Office of Australian Information Commissioner if the data contains personal information that is likely to result in “serious harm”, which includes any of the following: physical, psychological, financial or reputational harm. Personal information is information about an identified individual, or an individual who is reasonably identifiable.

Any staff who identify a potential breach must immediately inform their line manager, who must report to the Directors for further action.