top of page

Privacy & Confidentiality Policy

1. Purpose

Live Bright Occupational Therapy is committed to safeguarding the confidentiality of any personal or health or sensitive information of individuals by:

• Maintaining procedures that protect privacy with regard to the collection, use, retention and disclosure of personal information; and,

• Complying with the Australian Privacy Principles and the Privacy Act 1988 (Cth) (‘Privacy Act’).

2. Scope

This Policy applies to the Personal Information of all Live Bright Occupational Therapy members, volunteers, employees, clients and their authorised representatives, business partners and Online Users collected or held by Live Bright Occupational Therapy

3. Policy Statement

Live Bright Occupational Therapy is committed to maintaining the privacy and confidentiality of all client information. We adhere to strict data protection protocols to ensure that personal and sensitive information is secured against unauthorised access, use, or disclosure.

4. Policy Elements

4.1 Data Protection Protocols

  • Information Collection:

    • Collect only the information necessary for providing services.

    • Inform clients about the purpose and use of the information collected.

  • Data Storage:

    • Store all client information securely in both electronic and physical formats.

    • Use encryption, passwords, and other security measures to protect electronic records.

    • Secure physical records in locked cabinets and restrict access to authorised personnel.

  • Data Retention:

    • Retain client information for the period required by law and organisational policy.

    • Regularly review and securely dispose of records that are no longer needed.

4.2 Guidelines on Access to and Disclosure of Information

  • Access Control:

    • Restrict access to client information to authorised personnel only.

    • Implement role-based access controls to ensure staff access only the information necessary for their role.

  • Disclosure:

    • Do not disclose client information to third parties without the client’s explicit consent, except as required by law.

    • Use secure methods to transfer information when disclosure is necessary.

  • Client Rights:

    • Allow clients to access their information upon request.

    • Provide clients with the ability to correct or update their information.

4.3 Procedures for Handling Data Breaches

  • Identification:

    • Immediately report any suspected or actual data breaches to the privacy officer or designated authority.

  • Containment:

    • Take steps to contain the breach and prevent further unauthorised access.

    • Assess the scope and impact of the breach.

  • Notification:

    • Notify affected clients as soon as possible, providing details about the breach and measures taken to mitigate harm.

    • Notify relevant regulatory authorities as required by law.

  • Investigation and Response:

    • Conduct a thorough investigation to determine the cause of the breach.

    • Implement corrective actions to prevent future breaches.

    • Document the incident, investigation findings, and corrective actions.

4.4 Employee Confidentiality Agreements

  • Confidentiality Agreement:

    • All staff must sign a confidentiality agreement as part of their employment or engagement contract.

  • Training:

    • Provide regular training on privacy and confidentiality policies and procedures.

    • Ensure staff understand their obligations and the importance of maintaining confidentiality.

  • Compliance Monitoring:

    • Regularly monitor compliance with this policy through audits and supervision.

    • Address any breaches of confidentiality promptly and appropriately.

5. Implementation

  • Policy Distribution:

    • Ensure all staff receive a copy of this policy and acknowledge their understanding.

  • Ongoing Review:

    • Regularly review and update this policy to ensure it remains effective and compliant with current laws and standards.

6. Violations of the Policy

  • Reporting Mechanisms:

    • Staff are encouraged to report any violations of this policy to their supervisor or the privacy officer.

  • Consequences:

    • Non-compliance with this policy may result in disciplinary action, up to and including termination of employment.

7. Review and Updates​

​

  • Review Schedule:

    • This policy will be reviewed annually or more frequently if necessary to ensure it remains relevant and effective.

  • Policy Updates:

    • Revisions to this policy will be made in response to feedback from staff, changes in privacy laws, or new best practices.

 

8. Acknowledgment

 

All staff are required to sign an acknowledgment form stating that they have read, understood, and agree to adhere to the Privacy and Confidentiality Policy.

bottom of page