1. Purpose

To protect the privacy of personal, sensitive, and health information collected, stored, and used by

Care 4 The 1. This policy ensures confidentiality is maintained in compliance with the Privacy Act 1988,

My Aged Care requirements, and professional standards.

​

2. Scope

This policy applies to all employees, contractors, and third-party service providers. All information

collected from clients, carers, staff and volunteers. All forms of information including electronic, paper,

verba and visual data.

​

3. Policy Statement

Care 4 The 1 is committed to:

• Collecting, handling and storing personal information lawfully, and ethically.

• Respecting client and staff rights to privacy and confidentiality.

• Using personal information only for legitimate organisational purposes.

• Protecting formation from unauthorised access, disclosure, alteration, or loss.

• Ensuring transparency about information practices and clients’ rights.

​

4. Policy Principles

​

4.1 Lawful Collection

Only collect information necessary for care delivery, administration or legal obligations.

​

4.2 Consent

Obtain informed consent before collecting, using, or sharing personal information, except where

legally permitted otherwise.

​

4.3 Use and Disclosure

Use personal information solely for the purpose it was collected, unless additional consent is obtained

or required by law.

​

4.4 Accuracy

Keep information accurate, complete and up to date.

​

4.5 Security

Implement physical, technical and administrative safeguards to protect information.

​

4.6 Access and Correction

Provide clients and staff with access to their information and a process to request corrections.4.7 Retention and Disposal

Retain information only as long as necessary and dispose of it securely.

​

5. Policy Procedures

​

5.1 Collection and Consent

• Inform clients/staff about the purpose of data collection and their rights.

• Use clear consent forms and document consent appropriately.

• Minimise collection of sensitive information unless essential.

​

5.2 Use, Storage and Disclosure

• Limit access to personal information to authorised personnel only.

• Store records securely (locked cabinets, password-protected systems).

• Share information internally on a need-to-know basis.

• Disclose information externally only with consent or as legally required.

​

5.3 Client and Staff Access

• Respond promptly to requests for access to personal information.

• Verify identity before providing access.

• Correct or update records a requested, documenting changes.

​

5.4 Breach Management

• Immediately report any suspected or actual privacy breaches to the Privacy Officer.

• Investigate breaches promptly and take corrective actions.

• Notify affected individuals and regulators where required.

​

6. Roles and Responsibilities

All staff: Protect confidentiality, follow this policy, report breaches.

Privacy officer: Oversee privacy compliance, manage complaints and breaches, provide training.

Managers: Ensure staff compliance and support privacy practices.

IT Staff: Maintain data security systems and protocols.

​

7. Training and Awareness

Provide privacy and confidentiality training to all staff during induction and regularly thereafter.

Promote awareness or privacy obligations and best practices.

​

8. Review

This policy will be reviewed annually or earlier if required due to changes in legislation, organisational

practices, or consumer feedback.

 

9. Related Documents

This policy should be read in conjunction with:

• Aged Care Quality Standards (Standard 1 – Consumer Dignity and Choice)

• Privacy Act 1998