Contact Us

Phone
0423 707 726

Email
info@WholisticCareServices.com.au

Address
PO BOX 7272, Toowoomba South Q 4350

Online Enquiry

* Required fields

Privacy Policy

1.1 Communication of Privacy Policy

To ensure Clients understand the subject matter of this Privacy in a manner that is responsive to their needs and in the language, mode of communication and terms that the Client is most likely to understand, Wholistic Care Services will:

(a) use respectful, open, clear, and honest communication in all professional interactions (e.g., spoken, written, and social media).

(b) consistently respect the Client’s privacy and confidentiality in how they communicate and interact with them.

(c) communicate effectively with Clients to promote their understanding of the subject matter of this Privacy (e.g., active listening, use of plain language, encouraging questions).

(d) identify potential barriers to effective communication and make a reasonable effort to address these barriers, including by providing information and materials on how to access interpreter services, and legal and advocacy services.

(e) work with bilingual assessment staff, interpreters (linguistic and/or sign), communication specialists and relevant advocacy agencies/services that can assist Client participation, inclusion, informed choice and control.

(f) encourage Clients to engage with their family, friends and chosen community if Wholistic Care Services has been directed to do so.

1.2 The personal information that Wholistic Care Services collects

The personal information that Wholistic Care Services collects from a client includes their:

(a) name, address, telephone and email contact details.

(b) gender, date of birth and marital status, information about their disability and support needs.

(c) health and medical information.

(d) numbers and other identifiers used by Government Agencies or other organisations to identify individuals.

(e) financial information and billing details, including information about the services individuals are funded to receive, whether under the NDIS or otherwise.

(f) records of interactions with individuals such as system notes and records of conversations individuals have had with Wholistic Care Services’ Workers; and

(g) information about the services Wholistic Care Services provides to individuals and the way in which Wholistic Care Services will deliver those to individuals.

Typically, Wholistic Care Services does not collect personal information in the form of recorded material in audio and/or visual format.

1.3 Sensitive information and protection of dignity

Wholistic Care Services only collects sensitive information where it is reasonably necessary for Wholistic Care Services’ functions or activities and either:

(a) the individual has consented; or

(b) Wholistic Care Services is required or authorised by or under law (including applicable privacy legislation) to do so.

For example, in order to provide Wholistic Care Services’ services to a client or to respond to a potential Client’s inquiries about services, Wholistic Care Services may be required to collect and hold their sensitive information, including health and medical information and information relating to their disability and support requirements.

Wholistic Care Services will treat Clients with dignity and respect and, as far as reasonably practicable, protect the privacy and dignity of each Participant and, in particular, their sensitive information.

1.4 How Wholistic Care Services collects personal information

Wholistic Care Services collects personal information in a number of ways, including:

(a) when individuals correspond with Wholistic Care Services Pty Ltd (for example, by letter, fax, email or telephone);

(b) on hard copy forms.

(c) in person.

(d) from referring third parties (for example, the National Disability Insurance Scheme or a support coordinator);

(e) at events and forums; and

(f) from third-party funding and Government Agencies.

1.5 Why does Wholistic Care Services collect personal information?

The main purposes for which Wholistic Care Services collects, holds, uses and discloses personal information are:

(a) providing individuals with information about Wholistic Care Services’ services and supports.

(b) answering their inquiries and delivering service to Clients.

(c) administering Wholistic Care Services’ services and supports and processing payments.

(d) conducting quality assurance activities, including surveys, research and analysis and resolving complaints.

(e) complying with laws and regulations and reporting to funding and Government Agencies.

(f) promoting Wholistic Care Services and its activities, including through events and forums.

(g) conducting research and statistical analysis relevant to Wholistic Care Services’ activities (including inviting individuals to participate in research projects and activities).

(h) reporting to funding providers.

(i) recruiting employees, contractors and volunteers.

(j) processing payments.

(k) answering queries and resolving complaints.

(l) evaluating Wholistic Care Services’ work and reporting externally.

(m) carrying out internal functions, including administration, training, accounting, audit and information technology.

(n) other purposes which are explained at the time of collection or which are required or authorised by or under the law (including, without limitation, privacy legislation).

(o) purposes for which an individual has provided their consent.

(p) for research, evaluation of services, quality assurance activities, and education in a manner that does not identify individuals. If individuals do not wish for their de-identified data to be used this way, they should contact Wholistic Care Services.

(q) to keep individuals informed and up to date about Wholistic Care Services’ work, for example, changes to the National Disability Insurance Scheme or information about disability supports, either where Wholistic Care Services has their express or implied consent or where Wholistic Care Services is otherwise permitted by law to do so. Wholistic Care Services may send this information in a variety of ways, including by mail, email, SMS, telephone, or social media.

(r) where an individual has consented to receive marketing communications from Wholistic Care Services, that consent will remain current until they advise Wholistic Care Services otherwise. However, individuals can opt-out at any time.

1.6 What third parties does Wholistic Care Services disclose personal information to?

Wholistic Care Services may disclose personal information to third parties where appropriate for the purposes set out above, including disclosure to:

(a) Wholistic Care Services’ funding providers.

(b) government and regulatory bodies, including the National Disability Insurance Agency, Medicare, the Department of Social Services, the Department of Health & Human Services, and the Australian Taxation office.

(c) people acting on their behalf, including their nominated representatives, legal guardians, executors, trustees and legal representatives.

(d) the police, or to the Disability Services Commissioner, or to comply with compulsory notices from courts of law, tribunals or Government Agencies.

(e) financial institutions for payment processing.

(f) referees whose details are provided to Wholistic Care Services by job applicants; and

(g) Wholistic Care Services contracted service providers, including:

  1. information technology service providers
  2. invoice processing service providers
  3. marketing and communications service providers, including call centres
  4. freight and courier services
  5. external business advisers (recruitment advisors, auditors and lawyers).

In the case of these contracted service providers, Wholistic Care Services may disclose personal information to the service provider, and the service provider may, in turn, provide Wholistic Care Services with personal information collected from individuals in the course of providing the relevant products or services. 

1.7 How is personal information stored and used?

(a) Wholistic Care Services holds personal information in a number of ways, including in hard copy documents, electronic databases, email contact lists, and in paper files held in drawers and cabinets. Paper files may also be archived in boxes and stored offsite in secure facilities. 

(b) Wholistic Care Services must take reasonable steps to:

  1. make sure that the personal information that Wholistic Care Services collects, uses and discloses is accurate, up-to-date and complete and (in the case of use and disclosure) relevant.
  2. protect the personal information that Wholistic Care Services holds from misuse, interference and loss and unauthorised access, modification or disclosure; and
  3. destroy or permanently de-identify personal information that is no longer needed for any purpose permitted by the Australian Privacy Principles, subject to other legal obligations and retention requirements applicable to Wholistic Care Services.

(c) Wholistic Care Services Workers must only access and use personal information for a valid work purpose. When handling personal information, Workers should:

  1. confirm recipient details before sending faxes or emails.
  2. always store any hard copies of confidential information that is not being used in a secure cabinet or room.
  3. be aware of the surroundings and people nearby.
  4. limit taking hard copy information away from secure sites.
  5. secure information when travelling e.g. in a briefcase, folder etc.;
  6. dispose of unneeded copies of information securely; and
  7. ensure the information is available to people who need to access it.

(d) Wholistic Care Services Workers may only share personal information per this policy and in the circumstances permitted under law.

1.8 How is personal information kept secure?

Wholistic Care Services ensures that personal information is protected by security safeguards that are reasonable in the circumstances to take against the loss or misuse of the information.

The steps Wholistic Care Services takes to secure the personal information Wholistic Care Services holds include:

(a) online protection measures (such as encryption, firewalls and anti-virus software);

(b) security restrictions on access to Wholistic Care Services’ computer systems (such as login and password protection) and cloud-based storage (using Google Drive and OneDrive),

(c) controlled access to Wholistic Care Services’ premises

(d) personnel security (including restricting the use of personal information by Wholistic Care Services Workers to those who have a legitimate need to know the information for the purposes set out above); and

(e) training and workplace policies.

1.9 Information Retention

Unless otherwise required by law, all Client records and personal information will be retained for at least seven years after a client ceases to be a client.

1.10 Information Disposal

(a) Workers should ensure record retention requirements have been met prior to the disposal of any personal information.

(b) When disposing of personal information, Workers should:

  1. Place unneeded working documents or copies of information in secure bins or adequate shredders.
  2. Ensure any electronic media, including computers, hard drives, USB keys etc., are sanitised when no longer required.

1.11 Privacy incidents

Privacy incidents may result from unauthorised people accessing, changing or destroying personal information. Examples of situations from which incidents may arise include:

(a) the accidental download of a virus onto a Wholistic Care Services computer.

(b) discussing or sharing of personal information on a social networking website such as Facebook.

(c) loss or theft of a portable storage device containing personal information.

(d) non-secure disposal of hard copies of personal information (i.e., placing the readable paper in recycle bin or hard waste bin);

(e) documents sent to the wrong fax number or email address; and

(f) documents sent to a free web-based email account such as Yahoo!, Gmail or Hotmail.

Privacy incidents can:

(g) occur due to accidental or deliberate actions.

(h) result from human error or technical failures; and

(i) apply to information in any form, whether electronic or hard copy.

1.12 Incident reporting

It is vital all privacy incidents are reported as soon as possible so that their impact may be minimised. Employees should be aware of:

(a) how to identify potential privacy incidents

(b) the reason for reporting incidents is so their impact can be minimised - not to punish individuals

(c) the need to report all incidents to their manager as soon as they become aware of them.

Wholistic Care Services must report all Client related privacy incidents to the:

(a) Department of Health.

(b) NDIS Commission

(c) Office of the Australian Information Commissioner,

as applicable, within one business day of becoming aware of or being notified of a possible privacy incident or within one business day of an allegation being made of a potential breach.

A breach of Client privacy may have a major impact, a non-major impact, or be a near miss or an incident with no apparent impact on a client. In each case, the incident has to be reported and managed in accordance with the Incident Management and Reporting Policy.

1.13 Access and Correction

Clients have a legal right to request access or correction of their personal information held by Wholistic Care Services.

Clients may ask individuals to verify their identity before processing access or correction requests to ensure that the personal information Wholistic Care Services holds is properly protected.

1.14 Complaints

If a client has a complaint about how Wholistic Care Services has collected or handled their personal information, it will be managed in accordance with the Wholistic Care Services Feedback and Complaints Management System.