YOUR RIGHT TO PRIVACY AND CONFIDENTIALITY

Under the NDIS Code of Conduct, the second principle notes that providers and workers who are delivering NDIS supports and services must ‘Respect the privacy of people with disability’.

The Code points out that privacy is a human right. This right applies to privacy around the gathering, use and disclosure of information about people receiving NDIS services, as well as the services they receive.

NDIS providers must comply with rights related to privacy as set out in the Commonwealth Privacy Act 1988 and relevant State or Territory privacy laws. This includes:

  • Ensuring no personal information about individuals receiving your services is disclosed to others without the individual’s informed consent. Personal information is ‘information or an opinion about a person whose identity can be determined from that information or opinion’, such as an individual’s name, address, or details about their disability.

  • Respecting and protecting the privacy of everyone who receives supports and services from your organisation.

  • Ensuring you manage your clients’ health information in accordance with relevant privacy laws.

  • Implementing policies and procedures to ensure you manage people’s information in accordance with privacy laws and making sure your workers understand those policies and procedures.

  • Clearly explaining to the people you’re supporting (and your workers) important details about the information you’re collecting, such as what type of personal information will be gathered, why, how it will be used and secured, and how to make a complaint should they feel you have breached privacy obligations, among others.

It’s important to note that there are some circumstances under which NDIS providers should disclose personal information without consent from the individual involved, such as mandatory reporting requirements relating to child protection and incidences of violence, exploitation, neglect and abuse, and sexual misconduct.

YOUR PRIVACY MATTERS

People seeking support and healthcare services through the NDIS are entering a vulnerable situation. For example, they typically need to disclose highly personal details about their health, disability and family circumstances. They are allowing people they don’t know personally to enter their homes and may have a support worker undressing, showering, or toileting them. Situations like these require a high level of trust.

NDIS participants and their families should have peace of mind that the workers supporting them have their dignity and privacy front of mind. 

WHAT WE DO TO PROTECT YOUR PRIVACY

To limit the risk of breaching client privacy, aim to:

  • Conduct handovers and other meetings where private information is being discussed in a  private place, such as the client’s home or your office.

  • Be mindful of who else might be able to hear your conversation. For example, a contractor conducting a job in your workplace could potentially overhear personal details being discussed in a meeting or phone call.

  • For on-the-road conversations, avoid crowded cafes and similar places. It can be lovely for support workers to share a coffee while talking about client care, but a takeaway at a quiet park could be a better option than a busy food court.

  • Mobile phones are the go-to for communicating these days. Be careful about the details you share when using your phone in public.

  • Any paper files are securely stored, such as in locked cabinets in your office.

  • For online document storage (in applications such as Dropbox, Google Drive, and Microsoft OneDrive, for example), consider using electronic encryption as well as strong password protection.

  • You use a secure system to share any documents containing personal information with people outside your organisation (such as sending reports to NDIS care coordinators or plan managers).

To view our Privacy and Confidentiality Policy, click here