The Asthma Foundation of WA (trading as Asthma WA) is bound by the Australian Privacy Principles as set out in the Privacy Act 1988 and the Privacy Amendment (Private Sector) Act 2000 as well as other laws and Department of Health contractual obligations that impose specific obligations in regard to handling personal and health information that directly or indirectly identifies a person.
The policy supports Asthma WA’s need to collect information and the right of the individual to privacy. It ensures that Asthma WA can collect personal and health information necessary for its services and functions, while recognising the right of individuals to have their information handled in ways that they would reasonably expect and in ways that protect the privacy of their personal and health information.
1. Policy Objectives
1.1 The overarching objectives of this Policy are to:
- Outline how Asthma WA is compliant with, applies and monitors the implementation of the Australian Privacy Principles as set out in the Privacy Act 1988 and the Privacy Amendment (Private Sector) Act 2013 as well as other laws and contractual obligations that impose specific obligations in regard to handling personal and health information that directly or indirectly identifies a person; and
- Give confidence to service users; clients; sub-contractors and suppliers; researchers partners and participants; and other stakeholders that personal and health information is managed in a manner consistent with our legislative and other obligations.
2.1 Information Collection
Personal and health information is collected and used by Asthma WA for the following purposes:
- to provide services or to carry out Asthma WA functions;
- to assist Asthma WA and its employees, volunteers and subcontractors to fulfill its duty of care to our service users;
- to plan, fund, monitor and evaluate services and functions including research programs;
- to comply with Department of Health and other funding bodies reporting requirements; and
- to investigate incidents with relation to service users and/or defend any legal claims against the service, or its employees.
2.2 Asthma WA’s Minimum Standards for handling personal and health information
2.2.1 Government funded and self funded services
Asthma WA has adopted the ten information privacy principals (IPPs) as minimum standards in relation to handling personal and health information.
In broad terms, this means that Asthma WA:
- will collect only information which is required for a specified primary purpose;
- ensure that the person supplying the information knows why the information is collected and how it will be handled;
- use and disclose it only for the primary or a directly related purpose, or for another purpose with the person’s consent (unless otherwise required, permitted or authorised by law);
- store personal and health securely, protecting it from unauthorised access retain it for the period authorised by relevant legislation in Commonwealth, State and Territory jurisdictions and take reasonable steps to permanently de-identify personal or health information when it is no longer needed; and
- provide people with access to their own personal information and permit people to seek corrections if necessary
2.2.2 Research and Evaluation
Asthma WA will usually only use or disclose an individual’s personal or health information for research or the compilation of statistics with the individual’s consent for funded programs.
When research or the compilation of statistics which is in the public interest cannot be undertaken with de-identified information, and where it is impractical to seek the individual’s consent, the research or compilation of statistics will be carried out in accordance with the ‘National Statement on Ethical Conduct in Research Involving Humans’ issued by the National Health and Medical Research Council (1999) and in accordance with the relevant State or Territory Privacy Commissioner guidelines.
2.3.1 In order to give effect to the policy statement in section 2, the principles to which Asthma WA are to adhere to this policy include the key Information Privacy Principles (IPPs) and Health Privacy Principles (HPPs) Principles.
- Note: only the key principles have been selected and are provided in summary. The full exceptions qualifying many of the principles are not included.
- Collection: Asthma WA must collect only personal and health information that is necessary for performance or functions. Individuals should be told why this information is required, what it will be used for and that they can gain access to their personal and health information.
- Use and disclosure: Asthma WA must only use or disclose personal and health information: for the primary purpose for which it was collected; for a related secondary purpose (which must be a directly related purpose in the case of health or sensitive information) that the person would reasonably expect with the consent of the person i.e. evaluation of a service; and unless otherwise required, permitted or authorised by law principles.
- Data quality: Asthma WA must make sure personal and health information is accurate, complete and up-to-date.
- Data security: Asthma WA must take reasonable steps to protect personal and health information from misuse, loss, unauthorised access, modification and disclosure.
- Openness: Asthma WA must document clearly expressed policies on management of personal and health information and make these policies available to anyone who asks for them.
- Access and correction: Individuals have a right to seek access to their personal and health information and make corrections.
- Unique identifiers: A unique identifier is usually a number assigned to an individual in order to identify the person for the purposes of an organisation’s operations. Tax File Numbers and Medicare numbers are examples. Unique identifiers can facilitate data matching. Data matching can diminish privacy. Privacy laws limit the adoption and sharing of unique numbers. Asthma WA will limit the use of unique identifiers as required by this policy.
- Anonymity: When lawful and practicable, individuals should be able to remain anonymous in transactions with services.
- Trans-border data flows: Transfer of personal and health information outside Australia and cross border within Australia is restricted by privacy laws. Personal and health information may be transferred only if the recipient protects privacy under standards similar to these IPPs/HPPs.
- Sensitive information: The Information Privacy Act 2000 restricts collection of sensitive information about an individual’s racial or ethnic origin, political views, religious beliefs, sexual preferences, membership of groups or criminal record. Asthma WA will apply IPP10 when collecting and handling sensitive information.
3. Protocol: Policy and Principles in Practice
Asthma WA will:
- Audit the policy and its implementation by staff and sub-contractors on an annual basis.
- A complaint about information privacy is an expression of dissatisfaction with Asthma WA procedures, staff, subcontractors or quality of service associated with the collection or handling of personal or health information; and
- Asthma WA will be efficient and fair when investigating and responding to information privacy complaints.
4. Policy Review
This Policy will be reviewed and, if appropriate, updated by the Board every two years.
5. Information on this website
All information found on this web site is intended for use as general reference material only and is not intended to give or replace any medical advice. Any questions regarding a medical diagnosis or treatment should be directed to a medical practitioner. The information provided on this website is intended only for residents of Australia.
To the extent permitted by law, Asthma WA will not be held responsible, nor accept any liability (whether arising out of negligence or otherwise), for any injury, damages, costs, expenses and losses suffered or incurred by a person where such a person has used the information on it as medical advice.