Privacy Policy

Privacy and Records Management Policy and Procedures

​1. PURPOSE OF POLICY

In accordance with the Privacy Act 1998, the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (including the Australian Privacy Principles (APPs), in conjunction with all relevant state and territory privacy legislation, the Altius Group has established standards for the management of personal and health information. The Altius Group consists of Altius Group Holdings Pty Ltd, and its subsidiaries: Rehabilitation Services Pty Ltd, OccHealth Network Pty Ltd, CIM Group Holdings Pty Ltd, PeopleSense Pty Ltd, Risk Consulting by Altius Pty Ltd, Altius Group Services Pty Limited and Altius Group Pty Limited

These standards set out our obligations in relation to the collection, retention, security, access, use and disclosure of personal and health information.

In the course of providing our services, there is certain personal information we may require. 

Who is responsible for privacy?

It is the responsibility of all Altius Group employees and contractors to protect the privacy of any individuals by managing personal and health information in accordance with this policy.​

What is personal information?

Personal information is any information or opinion about an identifiable person ("an individual"). This includes records containing an individual's name, address, telephone number and gender.

What is health information?

Health information is a specific type of personal information, which includes information or an opinion about the physical or mental health of an individual, or the disability of an individual.​

2. PRIVACY STANDARDS

2.1 Collection

  • ​Lawful – Altius Group will only collect personal and health information directly related to their business.

  • Relevant – Altius Group will ensure that the health information collected is relevant, accurate, complete and up to date.

  • Direct – Altius Group will collect personal and health information unless it is unreasonable or impracticable to do so.

  • Open – Altius Group will take reasonable steps to inform individuals why we are collecting information, what we will do with it and who will see it. ​

​2.2 Storage and Protection

  • Storage – Altius Group records of individuals information are kept in both hard copy and electronic form. When not required for clinical care, hard copy medical records are kept securely within the Altius Group offices in locked drawers/cabinets. Altius Group is required by law to retain medical records for a period of seven years. 
    • Protection – Electronic information kept on computers is password protected and is available only to Altius employees and contractors who are involved in managing an individual, in the course of the Altius business.

    • Disposal – Information or documents that are no longer required are disposed of appropriately using shredding machines into secure bins. Electronic data is securely deleted so it is no longer accessible

2.3 Access and Accuracy

  • Transparent, Accessible and Accurate – Altius Group will take all reasonable steps to explain what personal and health information we are storing and how an individual is able to access this information without unreasonable delay or expense. Altius Group will endeavour to ensure that the information is relevant, up to date, complete and accurate before using it.

2.4 Use and Disclosure

  • ​​Limited – Altius Group will only use and disclose an individuals’ health information for the purpose for which it was collected, or a directly related purpose that you would expect. Altius Group does not expect to disclose personal information to any overseas recipients. Altius Group does not use or disclose personal information for the purpose of direct marketing. However, the organisation may use personal or health information without consent in order to deal with a serious and imminent threat to any person's health or safety, where illegal activity is suspected or where requested by law enforcement authorities.

2.5 Identifiers

  • Identification – Altius Group allocates unique case numbers to all clients for internal use only, in order to effectively manage case records including file notes, reports and case records.

2.6 Information Collected

The amount and type of personal information Altius Group’ collects and holds about an individual referred to us may, but not be limited to include:

  • ​Personal details such as name, address, date of birth, and contact details including telephone numbers and address.

  • Information about a medical condition, and the nature of the condition and the manner in which any injury or condition arose.

  • Functional and psychological status in relation to the compensable injury or condition (compensable under a government or private insurance scheme) and any other medical factors that may be disclosed that may impact on functional or psychological capacity, recovery and/or return to work.

  • Information regarding employment, wage histories and compensation benefits where relevant.

  • Information regarding social and work relationships as and when applicable to the purpose for which we are engaged.

2.7 How is the information collected? 

  • Via telephone, correspondence and liaison.

  • Face to face during assessments or meetings.

  • Through medical case conferences.

  • At the workplace through assessment or meetings.

  • Through the reports of third parties including treatment providers.

  • ​Through medical reports and investigations that are provided by other parties as required for eligibility of benefits within the Workers Compensation Scheme.

2.8 Purpose of collecting and holding information? 

  • To ensure the most efficient and useful direction of services.

2.9 Anonymity and Pseudonymity

Individuals have the option of not identifying themselves or of using a pseudonym unless the Altius Group is required or authorised under Australian law or a court/tribunal to identify the individual or it is impracticable to deal with the individual anonymously or by a pseudonym.

2.10 Overseas recipients

No personal data is provided to overseas recipients.

3. CONSENT

Consent is provided by one or more of the following means.

  • By signing relevant medical certificates that explicitly outline how an individual consents to information release and exchange by relevant participants in the relevant scheme.

  • By completing the Altius Group or related body corporate consent form. This includes via online platforms and applications.

  • By obtaining verbal approval from the individual for the release and exchange of information to relevant scheme participants. In this instance a clear file note is documented.

Where an interpreter is involved, ensure that the interpreter co-signs any information release agreement.

In relation to the Altius Group service provision, information may be exchanged between the nominated treating doctor, the employer, the insurer or agent, other treating practitioners, injury management consultants and any other authorised scheme authority or administrator.​

Third Parties

Where reasonable and practicable to do so, we will collect your personal Information only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.

4. INFORMATION AND DOCUMENT ACCESS

All requests for personal information must be sent in writing to Altius Group by emailing [email protected]. Altius Group endeavours to respond within a reasonable period after the request is made and provide access to the information in the manner requested where reasonable and practicable to do so. ​

Any request for the release of an individuals’ information is to be forwarded to the quality management team via the continuous improvement email. 

Altius Group will provide an individual with copies of all assessments, plans or progress reports prepared for them, unless it is deemed that information contained within those reports may be detrimental to the health and welfare of the individual. This may be particularly relevant for individuals with psychological injuries. Further, note that there may be other grounds on which information may not be disclosed including where it is unlawful to give access to the information or to the extent that giving access would have an unreasonable impact on the privacy of other individuals. If access to personal information is refused, or access in the manner requested is refused, Altius Group will write to the individual to inform them of the reasons why (unless unreasonable to give reasons having regard to the grounds of refusal) and the complaints process. 

Altius Group will not provide an individual’s or any other party, reports received from third parties. The individual will be advised that requests for such information need to be forwarded to the relevant author of the report or the third party in question.

​​​Altius Group may also provide information to other parties in the case where:

  • We reasonably believe it is necessary to assist an enforcement body to perform its functions.

  • We suspect that an unlawful activity has been, is being or may be engaged in and the personal information is a necessary part of our investigation or reporting of the matter.

  • We reasonably believe it is necessary to prevent a threat to life, health or safety.

  • We are authorised or required by law to do so, (e.g. where information is required by bodies regulating us or in response to subpoenas or warrants).

  • We have contracted an external organisation to provide support services and that organisation has agreed to conform to our privacy standards.​

5. FILE AND INFORMATION CONSISTENCY

To ensure correct information and data collected from individuals is consistent across the board, Altius Group employees and contractors are trained and mentored as to keeping accurate file notes, effective individual interview techniques and observing individual behaviour and body language.

File reviews with the Line Manager will provide feedback to Altius Group employees and contractors as to how to effectively obtain and update important information from an individual and records this in a consistent manner whilst maintaining respect and confidentiality at all times.

Where Altius Group is satisfied personal information held is inaccurate, out of date, incomplete, irrelevant or misleading, or where an individual requests that Altius Group correct information, we will take reasonable steps to ensure that the information is accurate, up to date, complete, relevant and not misleading having regard to the purpose for which the information is held. Where, an individual requests that other entities using that information are notified of any correction of information, Altius Group will take reasonable steps to do so unless it is unlawful or impracticable to do so.

Where Altius Group refuses to correct the information, Altius Group will write to the individual to inform them of the reasons why to the extent reasonable to do so and the complaints process. Where an individual requests that a statement is associated with the information that the individual considers that the information is inaccurate, out of date, incomplete, irrelevant or misleading to make their view apparent to users of that information, Altius Group will take reasonable steps to do so.​

6. PRIVACY ON OUR WEBSITES AND APPLICATIONS

This policy also applies to any personal information Altius Group collects via its websites, and applications, including mobile applications, in addition to personal information individuals provide to Altius Group directly, through completing request forms or registration forms.

Use of cookies

Cookies are pieces of information that a website transfers to a computer's hard disk for record-keeping purposes. Most web browsers are set to accept cookies. Cookies, of themselves, do not personally identify users, although they do identify a user's browser and where a site visitor has voluntarily provided personal information about themselves subsequent visits can be tied to this information. Cookies allow Altius Group to record how many people are using different parts of the website. It is possible to set the browser to refuse Cookies, however this may limit the services provided by the Altius Group website.

Communication

Altius Group may contact an individual using the personal information provided in order to:

  • Keep the individual informed of latest trends within the workplace wellbeing sector and provide relevant workplace health information.

  • Provide information about upcoming events and other matters that may be of interest.

  • Send newsletters and updates on services and changes including relevant legislative requirements.

If an individual receives any communications from Altius Group which they no longer wish to receive, they may request removal of their personal information from the mailing list by emailing [email protected], allowing 14 days for this request to be processed.​

7. PRIVACY COMPLAINTS​​

Grievances concerning team member or individual privacy (including concerning potential breach of the Australian Privacy Principles) should be raised in the first instance with the team members' Line Manager. If this Line Manager is unable to resolve the matter, it may be referred to the National Quality Manager by emailing [email protected]

Should the individual feel their complaint has not been resolved at this level, or after 30 days of making the initial complaint, they may then complain to the Office of the Australian Information Commissioner. ​

8. DATA BREACH RESPONSE​

As per the Privacy Act 1998, Altius Group have an obligation to report privacy breaches. As a result of an amendment to the Privacy Act: Privacy Amendment (Notifiable Data Breaches) Act 2017, notification to the Office of the Australian Information Commissioner (OAIC) will be mandatory when a data breach could give rise to a 'real risk of serious harm' to the affected individuals. (Effective from 22 February 2018).

Please refer to the Altius Group - Data Breach Policy and Procedures for a step by step guide to follow for reporting serious / notifiable data breaches to the OAIC and Altius Group.

Further information on this can be found at:

https://www.oaic.gov.au/privacy-law/rights-and-responsibilities

http://www.oaic.gov.au/privacy/making-a-privacy-complaint.

Information about the Australian Privacy Principles can be found at: http://www.oaic.gov.au/privacy/privacy-act/australian-privacy-principles.