The practice and principles that govern and guide privacy and confidentiality as applied to the services and business practices of SMRC are based upon and fulfil the obligations set forth in the following Acts of Parliament.
1. Privacy Act 1998 – Commonwealth.
2. Information Privacy Act 2000 – Victoria
3. Health Records Act 2001 – Victoria
SMRC manage privacy issues based upon the 11 Health Privacy Principles (HPP’s) laid down in the Health Records Act 2001 – Victoria, the 10 Information Privacy Principles (IPP’s) laid down in the Information Privacy Act 2000 – Victoria and the 10 National Privacy Principles (NPP’s) as laid down in the Privacy Act 1998 – Commonwealth.
This policy sets forward a guide to these principles.
Collect only personal information (including health information) that is necessary for performance of functions and advise individuals that they can gain access to that information, under the conditions laid down in the Acts.
2. Use and Disclosure.
Personal information (including health information) is only used for the primary purpose for which it was collected or a secondary purpose the person would reasonably expect. Any other secondary purposes require consent.
3. Data Quality.
Personal information (including health information) is kept accurate, complete and up to date.
4. Data Security and Retention.
Reasonable steps are taken to ensure personal information (including health information) is protected from misuse, loss, unauthorised access, disclosure or modification. Health information can only be destroyed or deleted according to process laid down in the Health Records Act.
6. Access and Correction.
Individuals have the right to seek access to personal information (including health information) that is held about them and to correct information that is incorrect, misleading , incomplete or not up-to-date. Access is provided and correction is undertaken in accordance with the provisions in the Acts.
A number, or other unique identifier will only be assigned to a person if the assignment is reasonably necessary to carry out the function efficiently. The agency recognises that data matching diminishes privacy and the adoption and sharing of unique identifiers shall only be allowed under the limits and purposes prescribed in the Acts.
Where it is lawful and practicable individuals will be given the option of not identifying themselves.
9. Transborder Data Flows.
The agency will take reasonable steps to ensure that personal information (including health information) is only transferred across state and national borders in accordance with the Acts. A key consideration being to take reasonable steps to ensure a person’s privacy is not diminished by such transborder data flows.
10. Sensitive Information.
Sensitive information such as an individual’s racial or ethnic origin, political views, religious beliefs, sexual preferences, membership of groups or criminal record, shall not be collected except where absolutely necessary and allowable under provisions set out in the Acts.
11. Transfer or Closure of SMRC.
Where Health Information is concerned, in the event the agency is closed or transferred, notice will be given of the closure or transfer to past service users.
12. Making Information Available to Another Health Provider.
In accordance with the Acts, Health Information shall be made available to another health provider if requested by the individual.