2.1. Open Arms collects, holds and manages sensitive personal information of its clients in the provision of counselling and support services for veterans and their families. Generally, Open Arms collects personal information directly from its clients, or individuals in connection with its clients, to fulfil its functions as a counselling and support service for veterans and their families. Open Arms also uses this information for the purposes of auditing, research, evaluation and improvement of services.
2.2. Open Arms is part of the Department of Veterans’ Affairs (DVA), and Open Arms business records are kept in the same way as other DVA departmental records (see Business Records Management Procedure (101-05)). However, Open Arms client information is stored separately from other DVA records to ensure client confidentiality. Open Arms may provide aggregated and de-identified information to DVA to meet reporting requirements (for example, in the DVA annual report). Open Arms client records may also be provided to DVA in order for DVA to assist with various administrative tasks – for example, managing freedom of information (FOI) requests and assisting with privacy investigations.
2.3. The period of retention of records of Open Arms clients, and arrangements for the disposal of records, is addressed in the Client Information and Records Management Procedure (101-01).
3.1. Client information is managed in an secure and sensitive manner.
3.2. Only information necessary for Open Arms to fulfil its mental health care functions is collected. Open Arms only collects sensitive information with the consent of the person to whom the information relates.
3.3. Information is only to be used and disclosed for the purpose(s) for which it was collected unless a secondary use or disclosure of the information is for a lawful purpose.
3.4. Any lawful disclosure of information to a third party only occurs where the third party is subject to the same privacy requirements as Open Arms, or where Open Arms is required by law to disclose the information.
3.5. Open Arms ensures, as far as possible, that data it collects or holds that is related to individuals is accurate, up to date and complete.
3.6. Open Arms ensures that personal information it holds is kept securely and protected from misuse, disclosure or unauthorised modification.
3.7. Open Arms provides, as far as possible, individuals with access to the information it holds about them if requested.
4. Privacy and confidentiality
4.1. All Open Arms workers have legal and ethical obligations pertaining to the privacy and confidentiality of our clients’ personal and sensitive information. Our privacy and confidentiality responsibilities relate to all aspects of our interactions with clients and their personal and sensitive information, including the collection, use and disclosure of that personal information.
4.2. With respect to issues of privacy, Open Arms and its workers must ensure that they act in accordance with the Privacy Act and the Australian Privacy Principles. Open Arms’ commitment to this requirement and the steps taken to ensure that all Open Arms workers and outreach clinicians comply with the Privacy Act are articulated in this policy and its related procedures and instructions.
4.3. Additionally, Open Arms takes the maintenance and protection of the confidentiality of our clients’ records seriously. The concept of confidentiality is strongly articulated in the respective codes of conduct for all mental health professions. Open Arms workers are required to safeguard the confidentiality of clients’ information obtained during the provision of mental health services or other interactions with Open Arms.
4.4. In the context of these policy documents, Open Arms refers to both confidentiality and privacy obligations to describe our legal and ethical responsibilities relating to the collection, use and disclosure of our clients' sensitive personal information.
5. Use of client information
5.1. Any information obtained during contact with a client is confidential within professional, legal and ethical limits. Confidentiality is part of the legal and ethical framework of the counselling process, and the responsibility for confidentiality applies to both the organisation and the individual clinician. Clients are to be advised routinely of their rights and responsibilities including their right to, and the limits of, confidentiality and the privacy obligations of the Department of Veterans’ Affairs (DVA).
5.2. Open Arms takes all necessary steps to ensure that client information is protected from misuse, interference, loss, unauthorised access, modification and disclosure. Electronic client information is managed using a secure client management system (CMS), referred to as VERA, which is separate from the DVA ICT system. While Open Arms client records are the property of the Commonwealth and managed by Open Arms, client information remains the property of the client.
5.3. In addition to normal clinical access for service provision, identified data may be accessed by authorised Open Arms personnel for clinical incident review and audit purposes. De-identified client information may be securely accessed by authorised Open Arms personnel to plan services, for evaluation and audit purposes, for clinical supervision and summary analysis, and for reporting for service improvement and organisational accountability.
5.4. With consent, Open Arms shares relevant client information with DVA to monitor progress, improve client wellbeing and facilitate access to other services where required. If Open Arms reasonably believes that the client or another person is at risk, then disclosure of relevant information may occur in accordance with jurisdictional confidentiality and privacy laws.
6. Rights and responsibilities
6.1. Clients of Open Arms services are entitled to recognition and protection of their rights as consumers of a service and to information on their right to comment and complain about services.
6.2. Open Arms has a responsibility to ensure fair and reasonable procedures for the resolution of complaints and disputes raised by clients.
6.3. Clients of Open Arms also have a responsibility to conduct themselves responsibly and respectfully on Open Arms property, with staff, contracted providers and other clients.
7.1. The National Manager:
- Ensures compliance with the requirements of the Privacy Act.
- Reviews and responds to the findings of any investigation related to a potential breach of privacy.
- Ensures systems are in place to allow access for internal clinical audits of personal client information held by Open Arms.
- Reports to the Chief Health Officer and the National Advisory Committee regarding any issues or concerns related to privacy and confidentiality within Open Arms.
- Establishes effective communication with DVA to manage privacy where Open Arms and DVA need to interact regarding individuals.
7.2. The Assistant National Manager:
- Ensures that orientation of new regional personnel includes their responsibilities in relation to Open Arms’ client information.
- Ensures routine audits of clinical records are undertaken.
- Supports the Regional Leadership Teams to effectively promote the importance of privacy and ensure regional personnel are aware of their responsibilities.
- Considers and reports on trends identified during routine audits.
- Oversees the operation of systems to manage privacy when interacting with DVA.
7.3. The Assistant National Manager National Operations (roles now within the Mental Health and Wellbeing Services Division):
- Ensures that information and appropriate processes are in place for the national service in relation to the management of client information.
- Oversees all investigations related to complaints about privacy and confidentiality.
- Oversees the routine audit of client records and record management systems.
- Supports the National Management Team to promote the importance of privacy and ensure personnel are aware of their responsibilities.
7.4. The National Management Team (roles now within the Mental Health and Wellbeing Services Division):
- Identifies and responds to opportunities to promote the importance of privacy.
- Ensures all personnel are aware of their responsibilities in relation to privacy and confidentiality.
7.5. Regional Leadership Teams:
- Implement routine audits of clinical records.
- Maintain systems for ensuring all personnel are aware of their obligations under the Privacy Act and relevant codes of conduct.
- Ensure their staff maintain full and proper records.
- Ensure complaints related to privacy, or potential breaches of privacy, are reported to the Deputy National Manager and that steps are taken to limit risk and to initiate an investigation.
7.6. All staff and contractors:
- Make themselves aware of their obligations related to privacy and confidentiality.
- Seek advice from their immediate manager should they be unsure of their obligations in any situation.
- Ensure they maintain the security, accuracy and completeness of the records for which they are responsible.
8. Parent Policy
9. Subordinate Procedures
9.1. 101-01 Client Information and Records Management Procedure
9.2. 101-02 Privacy and Confidentiality Procedure
9.3. 101-03 Client Rights and Responsibilities Procedure
9.4. 101-04 Reporting Child Abuse and Neglect Procedure
9.5. 101-05 Business Records Management Procedure