Privacy and Information Storage Policy
Bloom Healthcare is committed to protecting the privacy and personal information of its employees, clients, and stakeholders. This Privacy and Information Storage Policy is designed to ensure that personal information is collected, stored, and used in a manner consistent with the Privacy Act 1988 and the relevant Privacy principles.
Bloom Healthcare is governed by the guiding principles of the Privacy Act 1988. Our commitment to Privacy is taken seriously and we have systems and processes in place to ensure that privacy is maintained at all times.
- In order to provide a quality service, personal information will be required to be maintained and stored. Personal information is obtained so that we can.
- Best tailor the service to your needs.
- Evaluate and monitor program outcomes.
- Facilitate resolutions of complaints with stakeholders.
This policy applies to all employees and contractors of Bloom Healthcare who have access to personal information as part of their work. It covers all personal information collected, stored, or used by Bloom Healthcare in the course of providing services to its clients.
The intent of this policy is to reaffirm our commitment to providing a safe and private service so that it complies both legislatively and morally.
The purpose of this policy is to:
• Ensure that all personal information is collected, stored, and used in a lawful and ethical manner.
• Protect the privacy of individuals whose personal information is collected and used by Bloom Healthcare.
• Comply with the Privacy Act 1988 and the relevant Privacy principles.
• Promote a culture of privacy and information security within Bloom Healthcare.
Roles and Responsibilities
The Director/s and management team of Bloom Healthcare are responsible for ensuring that this policy is implemented effectively and that all employees and contractors are aware of their responsibilities under this policy.
Employees and contractors are responsible for:
• Ensuring that they are familiar with and comply with this policy and the relevant Privacy principles.
• Reporting any privacy breaches or incidents to their supervisor or manager.
• Participating in training on privacy and information security as required.
Collection, Use and Disclosure of Personal Information
Bloom Healthcare collects, uses, and discloses personal information only for purposes that are relevant to our services, and that have been consented to by the individuals concerned. We obtain consent through a detailed consent form that outlines the purposes for which personal information will be collected, used, and disclosed. Consent is able to be provided verbally or in writing. However for the purposes of Bloom Healthcare, in order for information to be disclosed to a third party, for governance purposes, written consent shall be required by either yourself, guardian or nominee.
Bloom Healthcare limits the collection of personal information to what is necessary for the intended purpose and ensures that any personal information that we collect is accurate, complete, and up-to-date.
We use and disclose personal information only for the purpose for which it was collected, unless we obtain consent or are required by law to do so. We collect information to best inform us of what treatment may be the most appropriate and to identify and protect the individual.
Information may be disclosed to:
• Other treating professionals
• Your family
• Persons at direct or immediate risk
• Law authorities including the police
• Referring company
• A legal practitioner
• Community service providers
Please note that unless required by law, contact with the above stakeholders will only be made with written consent
Bloom Healthcare does not sell, trade, or rent personal information to third parties. We only disclose personal information to third parties when it is necessary to provide our services, or when we are required by law to do so.
Information Storage and Security
Bloom Healthcare stores personal information in a secure manner to prevent unauthorised access, use, or disclosure. We use a case management system that is designed to ensure the security of personal information. Only appropriate people have access to the case and its details, and all activity and communication related to the case are completed through the system to minimise the risk of privacy breaches.
Any personal information that we collect as part of assessments or attendance at appointments is transferred onto the case management system in electronic form, and hard copies are then destroyed to further minimise the risk of unauthorised access.
Bloom Healthcare uses appropriate physical, technical, and administrative safeguards to protect personal information against loss, theft, unauthorised access, use, or disclosure. We regularly review and update our security measures to ensure that they remain effective and up to date.
Access and Correction
Bloom Healthcare recognises the right of individuals to access and correct the personal information that we hold. We provide individuals with access to their personal information upon request, and we allow them to correct any errors or omissions that they identify.
Data Access and Protection
Access to personal information must be granted on a need-to-know basis, and employees are prohibited from sharing or disclosing any personal information with unauthorised individuals.
All Bloom Healthcare employees are required to use a strong password to protect access to Bloom Healthcare’s information systems. All Bloom Healthcare data is backed up regularly and securely.
Personal information is deleted or destroyed in accordance with the Privacy Act 1988 when it is no longer required, and Bloom Healthcare ensures that all hard copies of personal information are securely destroyed.
Bloom Healthcare provides ongoing training to all employees and contractors on privacy and confidentiality requirements and processes. We ensure that they understand and follow these requirements and processes to protect personal information.
Bloom Healthcare management is accountable for compliance with privacy and confidentiality requirements. We complete a privacy and confidentiality accountability self-assessment on an annual basis to ensure that effective measures are in place and to consider continuous improvement initiatives for ongoing compliance with privacy laws and best practices.
Complaints and Enquiries
Bloom Healthcare takes privacy complaints and enquiries seriously. We have procedures in place to receive and respond to complaints and enquiries about our privacy practices. We investigate all complaints and take appropriate measures to address any privacy concerns that are raised.
Bloom Healthcare has developed an Incident Response Procedure to respond promptly to any suspected or confirmed data breaches. The Incident Response Plan outlines the steps to be taken in the event of a breach, including notification of affected individuals, regulatory bodies, and other relevant stakeholders.
Monitoring and Evaluation
Bloom Healthcare will monitor and evaluate the effectiveness of this policy on an ongoing basis, using feedback from employees, clients, and customers, as well as data on incidents of privacy or information breaches.
The Director/s and management team will be responsible for ensuring that the policy is implemented effectively, and that progress is tracked and reported to relevant stakeholders.
Employees and contractors are encouraged to provide feedback and suggestions for improving the policy and related procedures.
This policy will be reviewed annually to assess its effectiveness and compliance with legal and regulatory requirements. Any necessary revisions or updates will be made in a timely manner and recorded on the Policy and Procedure Register.