Whilst it is standard practice for Aged Care Providers (Providers) to collect information about their residents in order to provide them with care, Providers should be mindful of the manner in which they collect and disclose any personal, sensitive or health information of their residents.
What Types of Information Can Be Collected?
Currently, Providers collect the following categories of information:
- Personal – information or opinion about a reasonably identifiable individual.
- Sensitive – includes information relating to specific and personal characteristics about an identifiable individual, such as ethnicity, opinions, beliefs, preferences and health information.
- Health – includes information or opinion about the health or disability of an individual, or health services provided to an individual, or personal information collected to provide, or in providing, a health service.
Proper Collection of Resident Information
When collecting information from residents, Providers must ensure that they have made residents aware of the purpose for which the information is being collected. Additionally, Providers need to ensure that they do not collect any personal information unless it is necessary for the Provider to perform one or more of its usual functions or activities.
Importantly, Providers must ensure that residents give their necessary consent before any sensitive information about them is collected.
Practically, at the time of collection, Providers should provide a ‘Privacy Collection Statement’ to all residents which details, amongst other things, the Provider’s obligations in maintaining resident privacy and detailing the reasons for which the information is being collected.
Use and Disclosure of Resident Information
Providers may only disclose the personal, sensitive and/or health information of residents in the following circumstances: 2
Privacy Act 1988 (Cth):
- Providers may disclose a resident’s personal or sensitive information in the event that Principle 6 of the Australian Privacy Principles is applicable; or
- Providers may disclose a resident’s personal or sensitive information to a “responsible person” as defined the Privacy Act.
Aged Care Act 1997 (Cth):
- Providers may disclose a resident’s personal or sensitive information for a purpose connected with the provision of aged care services to that resident; or
- Providers may disclose a resident’s personal or sensitive information with the relevant consent, or to comply with any other obligation under the Aged Care Act.
BBW Lawyers have provided assistance and advice to many clients regarding the collection, use and disclosure of resident information.
To assist Providers in understand the rules of privacy in the Aged Care sector, we can provide you with bespoke advice and documentation for your organisation, including such things as Provider Information Collection Checklists or Privacy Collection Statements for distribution to residents.
For further information or advice, please contact John Fairgray, jfairgray@bbwlaw.com.au, Balveen Saini, bsaini@bbwlaw.com.au, or Josh Mizzi, jmizzi@bbwlaw.com.au.