top of page

Privacy Policy

Care Time In Home Services is committed to protecting the privacy and confidentiality of all clients, their families, and stakeholders. This responsibility is fulfilled in full compliance with:

  • Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs)

  • National Disability Insurance Scheme (NDIS) Act 2013 and associated NDIS Quality and Safeguards Commission guidelines

  • Department of Veterans’ Affairs (DVA) Policy

  • ISO 9001:2015 requirements for documented information and risk management

This policy applies to all employees, contractors, volunteers, and subcontractors involved in service delivery. It outlines how Care Time collects, uses, stores, shares, and protects personal information, ensuring transparency, accountability, and client trust.

Purpose

The purpose of this policy is to:

  • Ensure compliance with privacy and data protection obligations under Australian law

  • Provide clear guidance on how personal information is collected, used, managed, and secured

  • Safeguard clients’ rights to privacy, confidentiality, and dignity

  • Establish procedures for responding to privacy breaches, risks, and complaints

Scope

This policy covers all forms of personal and sensitive information collected from:

  • Clients and participants (NDIS, DVA, private)

  • Family members, carers, and guardians

  • Contractors, staff, and volunteers

Information types include:

  • Personal identification details (name, address, date of birth, contact information)

  • Health and medical information (disability, care plans, medications, treatment notes)

  • Financial and billing information (payment details, funding sources)

  • Service-related information (communications, assessments, preferences)

Methods of collection include:

Intake and registration forms

Care and health assessments

Phone, email, digital platforms, and website

Direct interaction during service delivery

Privacy Principles

Collection of Personal Information

  • Consent: Explicit consent will be obtained from the client or authorised representative before collecting sensitive information.

  • Relevance: Only information necessary for safe and effective care will be collected.

  • Transparency: Clients will be informed about why information is collected, how it will be used, and who it may be shared with.

Use of Personal Information

Information will only be used for purposes directly related to service delivery, care planning, administration, and compliance.

Information may be shared with authorised third parties (e.g., healthcare providers, NDIS, DVA representatives) with client consent or where legally required.

Disclosure of Personal Information

  • Legal Compliance: Information may be disclosed without consent if required by law (e.g., subpoenas, statutory obligations, mandatory reporting).

  • Third-Party Service Providers: Where external organisations are engaged (e.g., allied health professionals, contractors), Care Time will ensure compliance with privacy obligations through contracts and due diligence

Data Storage and Security

Protection: Information will be secured against loss, misuse, and unauthorised access through:

  • Password-protected systems

  • Restricted staff access to sensitive records

  • Locked filing systems for hard-copy documents

  • Encrypted data storage where applicable

Retention: Records will be kept only for as long as legally and operationally required.

Disposal: Outdated or unnecessary information will be securely destroyed in line with Care Time’s data retention policy.

Access and Correction Rights

  • Access: Clients may request access to their personal information. Requests will be acknowledged and responded to within 30 days.

  • Correction: Clients can request correction of inaccurate or incomplete information, which will be updated promptly.

  • Limitations: Access may be denied in limited circumstances, consistent with the Privacy Act 1988 (e.g., legal restrictions, safety concerns).

Privacy Breach Management

  • Notification: In line with the Notifiable Data Breaches (NDB) scheme, affected individuals and the Office of the Australian Information Commissioner (OAIC) will be notified if a breach is likely to result in serious harm.

  • Investigation: All suspected breaches will be investigated promptly by the Privacy Officer.

  • Corrective Action: Steps will be taken to contain, assess, and prevent future breaches.

Privacy Management Plan

Privacy Officer

Care Time appoints a Privacy Officer responsible for:

  • Overseeing privacy compliance

  • Acting as a point of contact for clients, families, and regulators

  • Maintaining staff training and reviewing practices

Staff Training

All staff, contractors, and volunteers will receive privacy training during induction and regular refresher training covering:

  • Privacy obligations under the APPs, NDIS, and DVA

  • Handling sensitive information

  • Responding to and reporting breaches

Risk Assessment and Compliance

Regular audits and risk assessments will identify vulnerabilities in privacy management. Compliance checks will ensure alignment with NDIS, DVA, OAIC guidance, and ISO 9001:2015.

Incident Management

A documented Incident Management Plan will guide staff in responding to privacy breaches, including:

  • Incident reporting procedures

  • Communication with affected individuals

  • Escalation to the OAIC, NDIS Commission, or DVA as required

Continuous Improvement

Feedback from clients and staff will inform improvements. Policies will be updated in line with legislative changes and regulator recommendations.

External Agencies for Privacy Assistance

  • Office of the Australian Information Commissioner (OAIC) Role: Oversees privacy regulation, complaints, and enforcement. Contact: 1300 363 992 or via the OAIC website.

  • NDIS Quality and Safeguards Commission Role: Manages privacy-related complaints for NDIS participants. Contact: 1800 035 544 or via the NDIS Commission website.

  • Department of Veterans’ Affairs (DVA) Role: Supports veterans and families regarding privacy and personal information. Contact: 1800 555 254 or via the DVA website.

Roles and Responsibilities

  • All Staff: Protect client information, follow confidentiality protocols, and report suspected breaches.

  • Care Managers: Ensure client records are accurate, secure, and only shared when appropriate.

  • Privacy Officer: Oversee privacy compliance, handle complaints, and liaise with regulators.

  • Quality Assurance Manager: Monitor compliance through audits and corrective actions.

Review and Continuous Improvement

This policy will be reviewed annually or earlier if laws or standards change. Privacy incidents, staff feedback, and audit findings will inform revisions. Continuous improvement will be driven by aligning with OAIC, NDIS, and DVA guidelines.

Conclusion

Care Time In Home Services recognises that privacy is fundamental to trust and quality care. By implementing this policy, we ensure that personal information is collected, used, stored, and disclosed responsibly, in compliance with legal and ethical requirements.This commitment protects the rights, dignity, and wellbeing of clients, while upholding Care Time’s responsibilities under the Privacy Act 1988, NDIS Act 2013, DVA Policy, and ISO 9001:2015.

bottom of page