The purpose of the policy is to protect the privacy of Youthline clients, members and staff and give them control over the collection, storage and dissemination of information by the organisation. All policy guidelines will meet the requirements set out in the Health Information Privacy Code.
Youthline believes it is the right of every individual to maintain their privacy and to control the collection, storage and dissemination of their personal information. This right to privacy will not be guaranteed by Youthline if the risk to the safety and well being of the individual and/or others, as outlined by Youthline’s Code of Ethics, is in question.
- Youthline will, at all times, have a designated person (Privacy Officer), to manage the privacy of clients, members and staff within the organisation, and to deal with any issues arising from the collection, storage and dissemination of personal information.
- A primary principal to guide our work is that if a Youthline worker is recording something that they would not want a client to see then they should not be recording that information.
- The collection of information must be agreed to by the individuals involved and have a purpose, for example, counsellors need to record information about clients in order to provide an effective service.
- It is not mandatory for individuals to supply information requested by Youthline. However, for organisational and safety reasons, Youthline may take action as a response to not receiving appropriate information. For example, the organisation would not employ a person or take on a volunteer who failed to consent to a criminal convictions check, and clients may have an offer of service withdrawn if they choose not to supply essential information.
- Signed consent from clients/trainees is required before video or audio taping can take place.
- Information can only be requested from the individual involved unless they have given consent for it to be obtained from a third party. Consent to gain information from a third party must be given in writing.
- Personal information must be stored in a locked cabinet and/or in a protected electronic environment. Access to this information will only be made available to people who have a reason, and are employed by Youthline to deliver one of its services.
- A person who has information stored by Youthline will be able to access that information within 48 hours of requesting it. The Privacy Officer will manage all requests to view information held by the organisation.
- Information can only be accessed by:
- The person it relates to or their legal representative.
- A person who is able to prove their identity.
- A person who is able to view the information at its storage point.
- A third party who has a legitimate purpose, for example, a health professional working with the person, and signed consent. Such requests can be made by fax if the phone/fax number is verified as belonging to a registered health or social service.
- A person who gives 48 hours notice.
- For audit purposes, financial information will be held for seven years.
- In order to deal with employment related issues, human resource files will be held for a period of two years. Information will be held indefinitely if its removal places others at risk. For example, inappropriate behaviour towards a client by a staff member or volunteer may mean a file is kept on record in order to prevent them being reemployed.
- Client files which contain information about abuse will be held for 10 years. This, for example, may allow a young person, on reaching adulthood, to deal more easily with their abuse-related issues.
- Other client files will be held for two years in case the counselling is reactivated.
- Information will be withheld by Youthline or passed on to another agency, for example Child, Youth & Family, if the safety or well being of others is at risk. Such an action would follow the guidelines as set out in the Youthline Code of Ethics.
- Information will not be held longer than required and the following guidelines apply:
Privacy Act 1993 – Guidelines
As a Charitable Trust, Youthline is legally bound to abide by the rules and regulations set forth in the Privacy Act 1993. The act sets strict limits on how personal information can be collected, stored and used, in order to protect an individual’s right to privacy and access to information.
In line with Child Youth and Family Approval Standards all client files related to sexual abuse will be kept indefinitely in the event that the client wishes to take legal action in relation to the abuse at any time.
The Privacy Act
All staff must be aware of the rules relating to the collection of a client’s personal information in the Health Information Privacy Code.
The Privacy Act is designed to give people control over their own personal information. Each organisation/agency (i.e. anyone who collects information) must have an assigned privacy officer to handle privacy issues. At Youthline, the privacy officer is the Youthline Clinical Services Manager.
Collection of Information
Rule 1: Purpose of Collection
Ask: “Is it really essential for us to have this information?”
Rule 2: Sources of Personal Information
Collect information direct from the individual unless individual unless individual has authorised you to collect it from someone else.
Rule 3: Collection of Information from Subject
Must make individual aware of these things:
- That information is being collected
- The purpose for which it is being collected (the more open you are with people the less likely you are to have a problem with the Act)
- Who is going to receive this information and where it will be stored. The individual has right to access.
- Whether supply of information is mandatory/voluntary.
- Consequence of not supplying information.
Rule 4: Collection of Information
Do not use tape recorders or videos without permission.
Storage and Security of Information
Rule 5: Manner of Collection
Requires us to take reasonable security in storing information against
- unauthorised access, use, modification, disclosure
- Other misuse.
Clinical Notes held by Counsellor / Staff Member / Youthline
All notes held by a Youthline staff member are covered by this policy.
It is essential that client notes are held securely and confidentially. This is to protect them against loss, unauthorised access, use, modification or disclosure and/or any other misuse.
Client’s Clinical notes are stored and held securely at Youthline. All hard copy client clinical notes are stored at Youthline after completion with each client. If for any reason client’s clinical notes need to leave Youthline premises, a copy of those notes will be stored in order that we may assist with client’s information requests.
Staff may not disclose the identity of an individual when dealing with information that should not be retained by others e.g. telephone conversation in other client/counsellor’s hearing or information left on desks, copier.
All client notes must be held in secure storage for 10 years at which time Youthline can make a decision whether to dispose of them. When disposing of notes after the minimum 10 years, all notes must be destroyed in a manner that preserves the privacy of the individual.
Rule 6: Access to Information
NB: It might be useful to know if you are requested to provide clients with their notes immediately (if caught by surprise), you take time-out to assess this viability before responding to a client's request.
Individuals are entitled to have access to information kept about them.
Some grounds for refusal:
- ‘unwarranted’ disclosure of affairs of another [family members of a client]
- disclosure of information being ‘evaluative’ material would breach expressed/implicit promise of confidentiality e.g. references given on a confidential basis.
- if after advice from their doctor that disclosure of the information may affect their personal health.
- disclosure is likely to endanger the safety of any individual [more than 50% of violence is domestic related]
Rule 7: Correction of Health Information
The individual is entitled, after obtaining access, to request:
- correction of that information or
- that notation may be attached to that information
- that they have requested correction and you have refused it
- that they can have their own note setting out the true position (e.g. omitted information may give an untrue picture of the situation)
A dissatisfied individual may complain to the Privacy Commissioner.
Rule 8: Accuracy of Health Information be checked Before Use
A Health Agency may not use personal health information (e.g. medical conditions) without ensuring that it is accurate, up to date, complete, relevant, not misleading.
Rule 9: Retention of Health Information
All client notes need to be held in secure storage for ten years at which time a decision can be made to dispose of them or not.
Rule 10: Information Collected For One Purpose Cannot Be Used For Another Purpose
But it can be used for other purposes if:
- you have authority from the person concerned
- the information is publicly available
- to prevent or lessen a serious and imminent threat to the public health/safety or the life of an individual.
- The purpose for which information is used is directly related to original purpose
Rule 11: Limits on Disclosure of Health Information
You do not have to disclose health information except
- to provide to the individual themselves
- if authorised
- for one of purposes for which it was obtained originally
Rule 12: Use of Unique Identifiers
Do not call any client by name or uniquely identify them in any other way.
- Youthline has a Privacy Officer. The role of the privacy officer is to encourage compliance, deal with requests and work with the Privacy Commissioner on any investigations.
- Make sure the client is aware why you are collecting personal information and what it is to be used for (e.g. statistics). Request permission to discuss a client session in supervision.
- When storing information, the privacy of the individual needs to be maintained at all times.