Purpose
The purpose of the policy is to protect the privacy of Youthline clients, members and staff and give them control over the collection, storage and dissemination of information by the organisation. All policy guidelines will meet the requirements set out in the Health Information Privacy Code.
Philosophy
Youthline believes it is the right of every individual to maintain their privacy and to control the collection, storage and dissemination of their personal information. This right to privacy will not be guaranteed by Youthline if the risk to the safety and well being of the individual and/or others, as outlined by Youthline’s Code of Ethics, is in question.
Guidelines
As a Charitable Trust, Youthline is legally bound to abide by the rules and regulations set forth in the Privacy Act 2020. The act sets strict limits on how personal information can be collected, stored and used, in order to protect an individual’s right to privacy and access to information.
In line with Oranga Tamariki Approval Standards all client files related to sexual abuse will be kept indefinitely in the event that the client wishes to take legal action in relation to the abuse at any time.
All staff must be aware of the rules relating to the collection of a client’s personal information in the Health Information Privacy Code.
The Privacy Act is designed to give people control over their own personal information. Each organisation/agency (i.e. anyone who collects information) must have an assigned privacy officer to handle privacy issues. At Youthline, the privacy officer is the Youthline Clinical Services Manager.
The Privacy Act
All staff must be aware of the rules relating to the collection of a client’s personal information in the Health Information Privacy Code.
The Privacy Act is designed to give people control over their own personal information. Each organisation/agency (i.e. anyone who collects information) must have an assigned privacy officer to handle privacy issues. At Youthline, the privacy officer is the Youthline Clinical Services Manager.
Collection of Information
Rule 1: Purpose of Collection
Ask: “Is it really essential for us to have this information?”
Rule 2: Sources of Personal Information
Collect information direct from the individual unless individual unless individual has authorised you to collect it from someone else.
Rule 3: Collection of Information from Subject
Must make individual aware of these things:
Requires us to take reasonable security in storing information against:
All notes held by a Youthline staff member are covered by this policy. It is essential that client notes are held securely and confidentially. This is to protect them against loss, unauthorised access, use, modification or disclosure and/or any other misuse.
Client’s Clinical notes are stored and held securely at Youthline. All hard copy client clinical notes are stored at Youthline after completion with each client. If for any reason client’s clinical notes need to leave Youthline premises, a copy of those notes will be stored in order that we may assist with
client’s information requests.
Staff may not disclose the identity of an individual when dealing with information that should not be retained by others e.g. telephone conversation in other client/counsellor’s hearing or information left on desks, copier.
All client notes must be held in secure storage for 10 years at which time Youthline can make a decision whether to dispose of them. When disposing of notes after the minimum 10 years, all notes must be destroyed in a manner that preserves the privacy of the individual.
Rule 6: Access to Information
Individuals are entitled to have access to information kept about them.
Some grounds for refusal:
The individual is entitled, after obtaining access, to request:
Rule 8: Accuracy of Health Information be checked Before Use
A Health Agency may not use personal health information (e.g. medical conditions) without ensuring that it is accurate, up to date, complete, relevant, not misleading.
Rule 9: Retention of Health Information
All client notes need to be held in secure storage for ten years at which time a decision can be made to dispose of them or not.
Rule 10: Information Collected For One Purpose Cannot Be Used For Another Purpose
However it can be used for other purposes if:
You do not have to disclose health information except
Do not call any client by name or uniquely identify them in any other way.
Summary
Privacy Officers
All voluntary agencies are required by law to appoint a Privacy Officer under the Privacy Act which passed into law on 30th June 2020 and comes into force on 1 December 2020.
In most cases it is possible for an existing staff member or committee member to take on the duties of a privacy officer. If the designated person is an existing staff member he or she should be a person acceptable to the staff of the agency or community group. The name of the officer should be known
to all within the agency and the staff encouraged to discuss privacy issues with that person.
There is no special training for the job although good listening skills, sound judgement and an awareness of the importance of confidentiality would be prior requisites. Privacy officers would also need to be familiar with the Information Privacy Principles in the Act.
The tasks of the privacy officer are to encourage compliance with the privacy principles in the Act, deal with requests for personal information and work with the Privacy Commissioner in respect of any privacy complaints against the agency.
Educational material explaining what your agency needs to know to comply with the Act is available from the office of the Privacy Commissioner.
The purpose of the policy is to protect the privacy of Youthline clients, members and staff and give them control over the collection, storage and dissemination of information by the organisation. All policy guidelines will meet the requirements set out in the Health Information Privacy Code.
Philosophy
Youthline believes it is the right of every individual to maintain their privacy and to control the collection, storage and dissemination of their personal information. This right to privacy will not be guaranteed by Youthline if the risk to the safety and well being of the individual and/or others, as outlined by Youthline’s Code of Ethics, is in question.
Guidelines
- Youthline will, at all times, have a designated person (Privacy Officer), to manage the privacy of clients, members and staff within the organisation, and to deal with any issues arising from the collection, storage and dissemination of personal information.
- A primary principal to guide our work is that if a Youthline worker is recording something that they would not want a client to see then they should not be recording that information.
- The collection of information must be agreed to by the individuals involved and have a purpose, for example, counsellors need to record information about clients in order to provide an effective service.
- It is not mandatory for individuals to supply information requested by Youthline. However, for organisational and safety reasons, Youthline may take action as a response to not receiving appropriate information. For example, the organisation would not employ a person or take on a volunteer who failed to consent to a criminal convictions check, and clients may have an offer of service withdrawn if they choose not to supply essential
information. - Signed consent from clients/trainees/practitioners is required before video or audio taping can take place.
- Information can only be requested from the individual involved unless they have given consent for it to be obtained from a third party. Consent to gain information from a third party must be given in writing.
- Personal information must be stored in a locked cabinet and/or in a protected electronic environment. Access to this information will only be made available to people who have a reason, and are employed by Youthline to deliver one of its services.
- A person who has information stored by Youthline will be able to access that information within 48 hours of requesting it. The Privacy Officer will manage all requests to view information held by the organisation.
- Information can only be accessed by:
- The person it relates to or their legal representative.
- A person who is able to prove their identity.
- A person who is able to view the information at its storage point.
- A third party who has a legitimate purpose, for example, a health professional working with the person, and signed consent. Such requests can be made by fax or email if the phone/fax number or email is verified as belonging to a registered health or social service.
- A person who gives 48 hours’ notice.
- The person it relates to or their legal representative.
- Information will be withheld by Youthline or passed on to another agency, for example Oranga Tamariki, if the safety or well-being of others is at risk. Such an action would follow the guidelines as set out in the Youthline Code of Ethics.
- Information will not be held longer than required and the following guidelines apply:
- For audit purposes, financial information will be held for seven years.
- In order to deal with employment related issues, human resource files will be held for a period of two years. Information will be held indefinitely if its removal places others at risk. For example, inappropriate behaviour towards a client by a staff member or volunteer may mean a file is kept on record in order to prevent them being reemployed.
- Client files which contain information about abuse will be held for 10 years. This, for example, may allow a young person, on reaching adulthood, to deal more easily with their abuse-related issues.
- Other client files will be held for two years in case the counselling is reactivated.
- For audit purposes, financial information will be held for seven years.
As a Charitable Trust, Youthline is legally bound to abide by the rules and regulations set forth in the Privacy Act 2020. The act sets strict limits on how personal information can be collected, stored and used, in order to protect an individual’s right to privacy and access to information.
In line with Oranga Tamariki Approval Standards all client files related to sexual abuse will be kept indefinitely in the event that the client wishes to take legal action in relation to the abuse at any time.
All staff must be aware of the rules relating to the collection of a client’s personal information in the Health Information Privacy Code.
The Privacy Act is designed to give people control over their own personal information. Each organisation/agency (i.e. anyone who collects information) must have an assigned privacy officer to handle privacy issues. At Youthline, the privacy officer is the Youthline Clinical Services Manager.
The Privacy Act
All staff must be aware of the rules relating to the collection of a client’s personal information in the Health Information Privacy Code.
The Privacy Act is designed to give people control over their own personal information. Each organisation/agency (i.e. anyone who collects information) must have an assigned privacy officer to handle privacy issues. At Youthline, the privacy officer is the Youthline Clinical Services Manager.
Collection of Information
Rule 1: Purpose of Collection
Ask: “Is it really essential for us to have this information?”
Rule 2: Sources of Personal Information
Collect information direct from the individual unless individual unless individual has authorised you to collect it from someone else.
Rule 3: Collection of Information from Subject
Must make individual aware of these things:
- That information is being collected
- The purpose for which it is being collected (the more open you are with people the less likely you are to have a problem with the Act)
- Who is going to receive this information and where it will be stored. The individual has right to access.
- Whether supply of information is mandatory/voluntary.
- Consequence of not supplying information.
Requires us to take reasonable security in storing information against:
- Loss
- unauthorised access, use, modification, disclosure
- Other misuse.
All notes held by a Youthline staff member are covered by this policy. It is essential that client notes are held securely and confidentially. This is to protect them against loss, unauthorised access, use, modification or disclosure and/or any other misuse.
Client’s Clinical notes are stored and held securely at Youthline. All hard copy client clinical notes are stored at Youthline after completion with each client. If for any reason client’s clinical notes need to leave Youthline premises, a copy of those notes will be stored in order that we may assist with
client’s information requests.
Staff may not disclose the identity of an individual when dealing with information that should not be retained by others e.g. telephone conversation in other client/counsellor’s hearing or information left on desks, copier.
All client notes must be held in secure storage for 10 years at which time Youthline can make a decision whether to dispose of them. When disposing of notes after the minimum 10 years, all notes must be destroyed in a manner that preserves the privacy of the individual.
Rule 6: Access to Information
Individuals are entitled to have access to information kept about them.
Some grounds for refusal:
- ‘Unwarranted’ disclosure of affairs of another [family members of a client].
- Disclosure of information being ‘evaluative’ material would breach expressed/implicit promise of confidentiality e.g. references given on a confidential basis.
- If after advice from their doctor that disclosure of the information may affect their personal health.
- Disclosure is likely to endanger the safety of any individual
The individual is entitled, after obtaining access, to request:
- correction of that information or
- that notation may be attached to that information
- that they have requested correction and you have refused it
- that they can have their own note setting out the true position (e.g. omitted information may give an untrue picture of the situation)
Rule 8: Accuracy of Health Information be checked Before Use
A Health Agency may not use personal health information (e.g. medical conditions) without ensuring that it is accurate, up to date, complete, relevant, not misleading.
Rule 9: Retention of Health Information
All client notes need to be held in secure storage for ten years at which time a decision can be made to dispose of them or not.
Rule 10: Information Collected For One Purpose Cannot Be Used For Another Purpose
However it can be used for other purposes if:
- you have authority from the person concerned
- the information is publicly available
- to prevent or lessen a serious and imminent threat to the public health/safety or the life of an individual.
- The purpose for which information is used is directly related to original purpose
You do not have to disclose health information except
- to provide to the individual themselves or if authorised or for one of the purposes for which it was obtained originally.
Do not call any client by name or uniquely identify them in any other way.
Summary
- Youthline has a Privacy Officer. The role of the privacy officer is to encourage compliance, deal with requests and work with the Privacy Commissioner on any investigations.
- Make sure the client is aware why you are collecting personal information and what it is to be used for (e.g. statistics). Request permission to discuss a client session in supervision.
- When storing information, the privacy of the individual needs to be maintained at all times.
- Refer appendices for Youthline disclosure/consent forms.
Privacy Officers
All voluntary agencies are required by law to appoint a Privacy Officer under the Privacy Act which passed into law on 30th June 2020 and comes into force on 1 December 2020.
In most cases it is possible for an existing staff member or committee member to take on the duties of a privacy officer. If the designated person is an existing staff member he or she should be a person acceptable to the staff of the agency or community group. The name of the officer should be known
to all within the agency and the staff encouraged to discuss privacy issues with that person.
There is no special training for the job although good listening skills, sound judgement and an awareness of the importance of confidentiality would be prior requisites. Privacy officers would also need to be familiar with the Information Privacy Principles in the Act.
The tasks of the privacy officer are to encourage compliance with the privacy principles in the Act, deal with requests for personal information and work with the Privacy Commissioner in respect of any privacy complaints against the agency.
Educational material explaining what your agency needs to know to comply with the Act is available from the office of the Privacy Commissioner.