Easec Pty Ltd (‘Easec’) is committed to protecting your privacy and health information. In accordance with the Privacy Act 1998 (Cth) (including the harmonised Australian Privacy Principles) and Health Records and Information Privacy Act 2002, we have established standards for the management of personal and health information. These standards set out our obligations in relation to the collection, retention, security, access, use and disclosure of personal and health information.
In the course of providing our services, there is certain personal information we may require. Easec ’s primary purpose in collecting personal information is for the provision of return to work and rehabilitation assistance to the client and to otherwise fulfil our obligations as an approved workplace / occupational rehabilitation provider.
When we are appointed by your employer, a state or commonwealth government agency or authority or an insurer, our primary purpose may also include the provision of reports about your rehabilitation and your ability to return to work, as specified in the Consent Form which we will ask you to sign at the commencement of our appointment.
Who is responsible for privacy?
It is the responsibility of all Easec employees and contractors to protect the privacy of our clients by managing personal and health information in accordance with this policy.
What is personal information?
Personal information is any information or opinion about an identifiable person. This includes records containing a person’s name, address, telephone number and gender.
What is health information?
Health information is a specific type of personal information, which includes information or an opinion about the physical or mental health of a person, or the disability of an individual.
- Privacy Standards
- 1.1 Collection
- Lawful – Easec will only collect personal and health information directly related to their business of providing comprehensive rehabilitation, occupational health and safety, consultancy and return to work services and the associated reporting to your employer, a state or commonwealth government agency or authority or an insurer about your rehabilitation and your ability to return to work.
- Relevant – Easec will ensure that the health information collected is relevant, accurate, complete and up to date. The collection should not unreasonably intrude into your personal affairs.
- Direct – Easec will collect personal and health information directly from you, unless it is unreasonable or impracticable to do so
- Open – Easec will take reasonable steps to inform clients why we are collecting information, what we will do with it and who will see it.
- 1.2 Storage & Protection
- Storage – Easec ’s records of worker information are kept in both hard copy and electronic form. When not required for worker’s clinical care, hard copy medical records are kept securely within the Easec offices in locked drawers/cabinets. Easec is required by law to retain medical records for certain periods of time depending on the type of record (usually seven years).
- Protection – Electronic information kept on computers is password protected and is available only to rehabilitation consultants who are involved in managing the workers case.
- Disposal – Information or documents that are no longer required are disposed of appropriately using shredding machines into secure bins.
- 1.3 Access and Accuracy
- Transparent, Accessible and Accurate – Easec will take all reasonable steps to explain what personal and health information we are storing and how you are able to access this information without unreasonable delay or expense. Easec will endeavour to ensure that the information is relevant, up to date, complete and accurate before using it
- Use and Disclosure
Limited – Easec will only use and disclose clients’ health information for the purpose for which it was collected, or a directly related purpose that you would expect. Easec does not expect to disclose personal information to any overseas recipients. Easec does not use or disclose personal information for the purpose of direct marketing. However, the organization may use personal or health information without consent in order to deal with a serious and imminent threat to any person’s health or safety, where illegal activity is suspected or where requested by law enforcement authorities.
Identification – Easec allocates unique case numbers to all clients for internal use only, in order to effectively manage case records including file notes, reports and case records.
- Information Collected
- 4.1 The amount and type of personal information Easec collects and holds about a client includes:
- Personal details such as name, address, date of birth, and contact details including telephone numbers and address
- Information about the injury, the nature of the condition and the manner in which the injury or condition occurred
- Functional and psychological status in relation to the compensable injury and any other medical factors that may be disclosed that may impact on functional or psychological capacity and return to work
- Information regarding pre-injury and current wages and or compensation benefits.
- Information regarding the work role and relationships at work.
- 4.2 How is the information collected?
- Via telephone correspondence and liaison
- Face to face during assessments or meetings
- Through medical case conferences.
- At the workplace through assessment or meetings.
- Through the reports of third parties including treatment providers
- Through medical reports and investigations that are provided by other parties as required for eligibility of benefits within the Workers Compensation Scheme
- Purpose of collecting and holding information?
- To ensure accuracy of rehabilitation intervention.
- To ensure the most efficient and useful direction of services in the management of injuries.
- To facilitate the most timely, safe and efficient intervention focused on an early return to work for the worker and achieving a sustainable long term goal.
- To report to your employer, a state or commonwealth government agency or authority or an insurer about your rehabilitation and your ability to return to work, as specified in the Consent Form which we will ask you to sign at the commencement of our appointment.
- Anonymity and Pseudonymity
You have the option of not identifying yourself or of using a pseudonym unless we are required or authorised under Australian law or a court/tribunal to identify you or it is impracticable to deal with you anonymously or by a pseudonym, or we are required for the purpose of reporting to your employer, a state or commonwealth government agency or authority or an insurer to identify you.
- 7.1 Consent is provided by one or more of the following means.
- By signing Section F of a WorkCover Queensland Claim Form, OR by signing the Employees Authority and Declaration on a Comcare Claim form, OR by signing Section 35 of a DVA Rehabilitation and Compensation Claim Form, OR by signing Disability Claim Statements from a variety of Income Protection / Life Insurers, A client consents to information release and exchange by relevant participants in that insurance scheme.
- By signing the Easec Information Consent form.
- By obtaining verbal approval from the worker for the release and exchange of information to relevant scheme participants. In this instance a clear file note is documented.
- 7.2 Where an interpreter is involved, ensure that the interpreter co-signs any information release agreement.
- 7.3 Information may be exchanged between the nominated treating doctor, the employer, the insurer or agent, other treating practitioners, injury management consultants and WorkCover NSW and WorkCover ACT.
- Information & Document Access
- 8.1 All requests for personal information must be sent in writing to Easec’s General Manager for consideration. Easec endeavours to respond within a reasonable period after the request is made and provide access to the information in the manner requested where reasonable and practicable to do so.
- 8.2 Easec will provide a worker with copies of all assessments, plans or progress reports prepared for them, unless it is deemed that information contained within those reports may be detrimental to the health and welfare of the worker. This may be particularly relevant for workers with psychological injuries. Further, note that there may be other grounds on which information may not be disclosed including where it is unlawful to give access to the information or to the extent that giving access would have an unreasonable impact on the privacy of other individuals. If access to personal information is refused, or access in the manner requested is refused, Easec will write to the client to inform them of the reasons why (unless unreasonable to give reasons having regard to the grounds of refusal) and the complaints process.
- 8.3 Easec will not provide a worker or any other party, reports received from third parties without the written consent of the third party in question. Requests for such information will be referred to the relevant author of the report or the third party in question
- 8.4 Easec may also provide information to other parties in the case where:
- We reasonably believe it is necessary to assist an enforcement body to perform its functions.
- We suspect that an unlawful activity has been, is being or may be engaged in and the personal information is a necessary part of our investigation or reporting of the matter.
- We reasonably believe it is necessary to prevent a threat to life, health or safety.
- We are authorized or required by law to do so, (e.g. where information is required by bodies regulating us or in response to subpoenas or warrants).
- We have contracted an external organisation to provide support services and that organisation has agreed to conform to our privacy standards.
- File and Information Consistency
- 9.1 To ensure correct information and data collected from clients is consistent across the board; team members are trained and mentored as to keeping accurate file notes, effective worker interview techniques and observing worker behaviour and body language. Training as to completing different tests and translating results into SMART goals is also be undertaken. Additional training on clinical topics can be provided as required.
- 9.2 File reviews with the Principal Consultant/Team Leader will provide feedback to consultants as to how to effectively obtain and update important information from workers and records this in a consistent manner whilst maintaining respect and confidentiality at all times.
- 9.3 Where Easec is satisfied personal information held is inaccurate, out of date, incomplete, irrelevant or misleading, or where a worker requests that Easec correct information, we will take reasonable steps to ensure that the information is accurate, up to date, complete, relevant and not misleading having regard to the purpose for which the information is held. Where, a worker requests that other entities using that information are notified of any correction of information, Easec will take reasonable steps to do so unless it is unlawful or impracticable to do so.
- 9.4 Where Easec refuses to correct the information, Easec will write to the worker to inform them of the reasons why to the extent reasonable to do so and the complaints process. Where a worker requests that a statement is associated with the information that the worker considers that the information is inaccurate, out of date, incomplete, irrelevant or misleading to make their view apparent to users of that information, Easec will take reasonable steps to do so.
- Privacy Complaints
Grievances concerning team member or worker privacy (including concerning potential breach of the Australian Privacy Principles) should be raised in the first instance with the team members’ Principal Consultant or Team Leader. If this manager is unable to resolve the matter, it may be referred to the General Manager. Should the worker of team member feel their complaint has not been resolved at this level, or after 30 days of making the initial complaint, they may then complain to the Office of the Australian Information Commissioner. Further information on this can be found at: http://www.oaic.gov.au/privacy/making-a-privacy-complaint. Information about the Australian Privacy Principles can be found at: http://www.oaic.gov.au/privacy/privacy-act/australian-privacyprinciples.