In accordance with the Privacy Act 1988, the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (including the Australian Privacy Principles (APPs), in conjunction with all relevant state and territory privacy legislation, the Altius Group has established standards for the management of personal and health information. The Altius Group consists of Altius Group Holdings Pty Ltd, and its subsidiaries: Rehabilitation Services Pty Ltd, OccHealth Network Pty Ltd, CIM Group Holdings Pty Ltd, PeopleSense Pty Ltd, Risk Consulting by Altius Pty Ltd, Altius Group Services Pty Limited and Altius Group Pty Limited (including NDIS Services).
These standards set out our obligations in relation to the collection, retention, security, access, use and disclosure of personal and health information.
In the course of providing our services, there is certain personal information we may require.
Who is responsible for privacy?
It is the responsibility of all Altius Group employees and contractors to protect the privacy of any individuals by managing personal and health information in accordance with this policy.
What is personal information?
Personal information is any information or opinion about an identifiable person (“an individual”). This includes records containing an individual’s name, address, telephone number and gender.
What is health information?
Health information is a specific type of personal information, which includes information or an opinion about the physical or mental health of an individual, or the disability of an individual.
Lawful – Altius Group will only collect personal and health information directly related to a function or activity related to the function or activity being offered.
Relevant – Altius Group will ensure that the health information collected is necessary, relevant, accurate, complete and up to date.
Direct – Altius Group will collect personal and health information directly for an individual whom the information relates to unless; the individual has authorised collection of the information from someone else, or in the case of information relating to a person under the age of 16 years, the information has been provided by a parent or guardian of the person, or other authorised representative of an NDIS participant.
Open – Altius Group will take reasonable steps to inform individuals (and their representatives) why we are collecting information, what we will do with it and who will see it.
Transparent, Accessible and Accurate – Altius Group will take all reasonable steps to explain what personal and health information we are storing and how an individual is able to access this information without unreasonable delay or expense. Altius Group will endeavour to ensure that the information is relevant, up to date, complete and accurate before using it.
Limited – Altius Group will only use and disclose an individuals’ health information for the purpose for which it was collected, where the individual concerned is aware of through explicit consent and it is a directly related purpose that you would expect. Altius Group does not expect to disclose personal information to any overseas recipients. Altius Group does not use or disclose personal information for the purpose of direct marketing. However, the organisation may use personal or health information without consent in order to deal with a serious and imminent threat to any person's health or safety, where illegal activity is suspected or where requested by law enforcement authorities.
Identification – Altius Group allocates unique case numbers to all clients for internal use only, in order to effectively manage case records including file notes, reports and case records.
The amount and type of personal information Altius Group’ collects and holds about an individual referred to us may, but not be limited to include:
Via telephone, correspondence and liaison.
Face to face during assessments or meetings.
Through medical case conferences.
At the workplace through assessment or meetings.
Through the reports of third parties including treatment providers.
Through medical reports and investigations that are provided by other parties as required for eligibility of benefits within the Workers Compensation Scheme.
To ensure the most efficient and useful direction of services.
Individuals have the option of not identifying themselves or of using a pseudonym unless the Altius Group is required or authorised under Australian law or a court/tribunal to identify the individual or it is impracticable to deal with the individual anonymously or by a pseudonym.
No personal data is provided to overseas recipients.
Consent is provided by one or more of the following means.
By signing relevant medical certificates that explicitly outline how an individual consents to information release and exchange by relevant participants in the relevant scheme.
By completing and signing the Altius Group or related Subsidiary consent form. This includes during direct face to face contact or through Telehealth platforms and electronic applications.
By obtaining verbal approval from the individual for the release and exchange of information to relevant scheme participants. In this instance a clear file note is documented.
Where an interpreter is involved, Altius ensures that the interpreter co-signs any information release agreement.
In relation to the Altius Group service provision, information may be exchanged between the nominated treating doctor, the employer, the insurer or agent, other treating practitioners, injury management consultants and any other authorised scheme authority or administrator.
For the purposes of Altius Group NDIS service provision, information may be exchanged between the participant’s treating doctor and allied health professionals, the support coordinator or other referring party and any other person nominated by the participant in writing on the Service Agreement.
Where reasonable and practicable to do so, we will collect your personal Information only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.
All requests for personal information must be sent in writing to Altius Group by emailing [email protected] Altius Group endeavours to respond within a reasonable period after the request is made and provide access to the information in the manner requested where reasonable and practicable to do so.
Any request for the release of an individuals’ information is to be forwarded to the quality management team via the continuous improvement email.
Altius Group will provide an individual with copies of all assessments, plans or progress reports prepared for them, unless it is deemed that information contained within those reports may be detrimental to the health and welfare of the individual. This may be particularly relevant for individuals with psychological injuries. Further, note that there may be other grounds on which information may not be disclosed including where it is unlawful to give access to the information or to the extent that giving access would have an unreasonable impact on the privacy of other individuals. If access to personal information is refused, or access in the manner requested is refused, Altius Group will write to the individual to inform them of the reasons why (unless unreasonable to give reasons having regard to the grounds of refusal) and the complaints process.
Altius Group will not provide an individual’s or any other party, reports received from third parties. The individual will be advised that requests for such information need to be forwarded to the relevant author of the report or the third party in question.
Altius Group may also provide information to other parties in the case where:
To ensure correct information and data collected from individuals is consistent across the board, Altius Group employees and contractors are trained and mentored as to keeping accurate file notes, effective individual interview techniques and observing individual behaviour and body language.
File reviews with the Line Manager will provide feedback to Altius Group employees and contractors as to how to effectively obtain and update important information from an individual and record this in a consistent manner whilst maintaining respect and confidentiality at all times.
Where Altius Group is satisfied personal information held is inaccurate, out of date, incomplete, irrelevant or misleading, or where an individual requests that Altius Group correct information, we will take reasonable steps to ensure that the information is accurate, up to date, complete, relevant and not misleading having regard to the purpose for which the information is held. Where, an individual requests that other entities using that information are notified of any correction of information, Altius Group will take reasonable steps to do so unless it is unlawful or impracticable to do so.
Where Altius Group refuses to correct the information, Altius Group will write to the individual to inform them of the reasons why to the extent reasonable to do so and the complaints process. Where an individual requests that a statement is associated with the information that the individual considers that the information is inaccurate, out of date, incomplete, irrelevant or misleading to make their view apparent to users of that information, Altius Group will take reasonable steps to do so
This policy also applies to any personal information Altius Group collects via its websites, and applications, including mobile applications, in addition to personal information individuals provide to Altius Group directly, through completing request forms or registration forms.
Altius Group may contact an individual using the personal information provided in order to:
Keep the individual informed of latest trends within the workplace wellbeing sector and provide relevant workplace health information.
Provide information about upcoming events and other matters that may be of interest.
Send newsletters and updates on services and changes including relevant legislative requirements.
If an individual receives any communications from Altius Group which they no longer wish to receive, they may request removal of their personal information from the mailing list by emailing [email protected], allowing 14 days for this request to be processed.
Grievances concerning team member or individual privacy (including concerning potential breach of the Australian Privacy Principles) should be raised in the first instance with the team members' Line Manager. If this Line Manager is unable to resolve the matter, it may be referred to the National Quality Manager by emailing [email protected]
Should the individual feel their complaint has not been resolved at this level, or after 30 days of making the initial complaint, they may then complain to the Office of the Australian Information Commissioner.
As per the Privacy Act 1998, Altius Group have an obligation to report privacy breaches. As a result of an amendment to the Privacy Act: Privacy Amendment (Notifiable Data Breaches) Act 2017, notification to the Office of the Australian Information Commissioner (OAIC) will be mandatory when a data breach could give rise to a 'real risk of serious harm' to the affected individuals. (Effective from 22 February 2018).
Please refer to the Altius Group - Data Breach Policy and Procedures for a step by step guide to follow for reporting serious / notifiable data breaches to the OAIC and Altius Group.
Further information on this can be found at:
Information about the Australian Privacy Principles can be found at: https://www.oaic.gov.au/privacy/australian-privacy-principles/