Text Size:

A Decrease font size. A Reset font size. A Increase font size.

Popular Searches

  1. Purpose
    1. The purpose of this Policy is to ensure Caraniche is proactive in its approach to privacy and to outline, in general terms, our obligations with respect to the collection and handling of personal information under applicable laws, namely:
      • the Privacy Act 1988 (Cth) (Privacy Act) (which includes the Australian Privacy Principles set out in Schedule 1 to the Privacy Act), and
      • the Health Records Act 2001 (Vic) (Health Records Act),
        (together, the Privacy Laws).
    2. In addition, Caraniche is committed to ensuring it complies with the Australian Psychology Society Code of Ethics as well as specific privacy obligations under contractual arrangements with third parties.
    3. Please note that the information contained in this Policy is not intended to be a substitute for legal advice.  Any queries in relation to privacy matters should be directed to Caraniche’s Privacy Officer using the contact details in section 17.
  2. Policy scope
    1. This Policy applies to Caraniche’s directors, officers and employees (including students and volunteers).  Each employee bears responsibility for complying with this Policy as part of their employment with Caraniche.
  3. Roles and responsibilities
    1. The Board of Caraniche is responsible for adopting, monitoring and reviewing this Policy and related privacy documentation.
    2. Responsibility for compliance with this Policy rests with the managers of individual business units together with any individual personnel member of Caraniche who collects, uses or otherwise handles personal information of any individual.  Everyone within Caraniche plays an important role in ensuring Caraniche manages privacy issues appropriately.
    3. Caraniche’s Privacy Officer and the Risk and Quality team are responsible for working with the board to ensure that further standards, guidelines and procedures that uphold this Policy are adopted as required.
    4. Caraniche’s Privacy Officer is the first point of contact for any issues or queries regarding privacy issues and for providing guidance about how to handle personal information and related compliance obligations.
  4. Privacy training
    1. From time to time, Caraniche will provide its personnel with opportunities to attend privacy training.  Such training may be tailored for different business units or different roles within Caraniche.  Training opportunities will be communicated to personnel at the relevant time.
  5. Related documents
    1. Please also refer to:
      • Caraniche Code of Conduct;
      • Caraniche Records Management Policy;
      • Caraniche client consent forms;
      • Caraniche Authority To Exchange Information form;
      • Caraniche Privacy Statements for clients e.g. Caraniche Privacy Booklet for Youth Services;
      • Client Information Request and Release Procedure;
      • Client Information Request and Release Register;
      • Guidelines For Telephone and Video Counselling.
  6. Policy structure
    1. As noted above in section 2, the purpose of this Policy is to ensure that Caraniche and its personnel have an understanding of our obligations under Privacy Laws.  This will enable us to identify and implement practices that reduce privacy risks.
    2. In undertaking our business, we collect, use and disclose a broad range of personal information relating to our clients, our personnel and third parties.
    3. The sections below explain:
      • what constitutes personal information (see section 8);
      • the types of personal information we collect and how we collect it (see sections 9 and 10);
      • the purposes for which we collect personal information and use or disclose personal information (see sections 11 and 12).
    4. This Policy also provides some general information relating to how we:
      • store and secure personal information (see section 13);
      • may use de-identified information or otherwise deal with individuals on an anonymous basis (see section 14); and
      • manage requests by individuals to access their personal information and typically respond to privacy complaints (see sections 15 and 16).
  7. What constitutes personal information?
    1. In general terms, personal information is information or opinion, whether true or not, about a person whose identity is apparent, or can reasonably be ascertained, from the information or opinion (that is recorded in any form).  Basic examples include a person’s name, address, phone number and date of birth.
    2. Importantly, personal information collected in the course of providing a health service1 is considered health information.  Health information is information or opinion about a person’s physical, mental or psychological health or disability, whether in writing or not.  Examples of health information include:
      • notes of an individual’s symptoms or diagnosis and treatment given;
      • specialist reports and test results;
      • physical or biological samples; and
      • prescriptions and other pharmaceutical purchases.
    3. Health information can also include other personal information collected to provide, or in providing, a health service to an individual such as appointment details, admission and discharge dates, billing information and Medicare number.
    4. Health information falls into the category of sensitive information2 (which is a subset of personal information) under the Privacy Laws, meaning that some stricter requirements apply when handling it.  Given Caraniche is a specialist provider of a broad range of psychological services, Caraniche regularly collects, uses and discloses sensitive information.
  8. What personal information do we collect?
    1. In broad terms, Caraniche collects the following type of information:
      • information about our clients (being recipients or potential recipients of our services);
      • information about our personnel (e.g., our employees, including students and volunteers) as well as job applicants); and
      • information about other third parties, such as our business partners and contractors or visitors to Caraniche’s premises.
    2. Importantly, the Privacy Laws require that we only collect personal information for purposes that are reasonably necessary for, or directly related to, our functions or business activitiesIn other words, we should not ask for any personal information that we do not need.
    3. The kinds of personal information we collect will vary depending on the context of the collection.  For example, we collect personal information:
      • so that we can deliver our services and programs to clients;
      • for administration and billing purposes;
      • for research purposes;
      • for auditing / evaluation / quality assurance purposes
      • for reporting purposes under contractual agreement; and
      • to otherwise manage our business operations.
    4. Further detail in relation to the types of personal information we collect is set out below.

      5. Delivery of services and programs

    5. We collect personal information about our clients (and prospective clients) in the course of delivering our services and programs (including, for example, consultations, counselling and workplace group sessions).  Examples of the types of personal information we collect includes:
      • service / program attendance dates and times;
      • client history;
      • case notes (i.e., brief records of the content of the session) and clinical and risk assessments(i.e., information taken to assist the process of working with a client);
      • psychological test results;
      • reports and certificates (this may be material created by Caraniche or received by us from another service or service provider); and
      • correspondence and referral information.
    6. In some cases, we collect personal information relating to clients on behalf of other organisations (Custodian Organisations).  See sections 9.14 and 9.15 below for further details.

      7. Administration and billing

    7. We collect personal information so that we can schedule, and receive payment for, the services and programs that we provide.  This may include, for example, billing information (e.g., a payer’s name, address, payment rates and details, Medicare number, details of services delivered, etc.).

      8. Research

    8. We may collect personal information for research purposes.  We typically collect de-identified information about clients’ demographics, conditions and treatment to help plan our services and understand trends.  Otherwise, if the relevant information is not de-identified, we will usually need a client’s consent to collect health information from them for research purposes.
    9. In very limited circumstances, we may be able to collect health information (which is not de-identified) for research purposes without a client’s consent.  In particular, we may collect health information where it is necessary for research, or the compilation or analysis of statistics, relevant to public health or public safety, and:
      • the particular research purpose cannot be served by collecting de-identified information;
      • it is impracticable to obtain the individual’s consent; and
      • the collection is either:
        • required by or under an Australian law (other than the Privacy Act);
        • in accordance with rules established by competent health or medical bodies that deal with obligations of professional confidentiality which bind Caraniche; or
        • in accordance with guidelines issued by the National Health and Medical Research Council and approved by the Information Commissioner under s95A of the Privacy Act.
    10. If we collect information without consent (i.e., under the exception outlined in section 9.9 above), we are required to take reasonable steps to de-identify that information before disclosing it to anyone else.  Otherwise, we may use or disclose health information for research or statistical purposes relevant to public health or public safety when the Privacy Act permits the use or disclosure.  Please see section 12.4 for further detail on use or disclosure of health information for research purposes.

      11. Auditing / evaluation / quality assurance

    11. We collect personal information for the purposes of conducting audits / evaluation / quality assurance processes.  Types of personal information collected may include, but are not limited to:
      • incident and feedback reports or information;
      • clinical records, case notes and assessment notes;
      • information regarding utilisation of services / programs; and
      • client reported assessments.

      Business operations

    12. We collect personal information so that we can appropriately conduct and monitor our business operations and activities.  In particular, we collect information about our personnel (and prospective personnel) so that we can properly administer employment and fulfil our various legal obligations.  The types of personal information we collect includes:
      • names, addresses, contact details and next of kin;
      • qualifications and professional registration information;
      • criminal records including but not limited to National Police Checks, Working With Children Checks, NDIS Worker Screening Checks;
      • information regarding professional experience;
      • references from previous employers and/or character references;
      • tax file numbers, superannuation fund details and financial institution information;
      • demographic information, such as gender, cultural background or disabilities;3 and
      • performance review information and conduct appraisals.
    13. We may also collect information about visitors or other third parties so that we can appropriately interact with them and respond to queries, etc.

      14. Collection of information on behalf of Custodian Organisations

    14. Sometimes we collect personal Information on behalf of Custodian Organisations, such as Justice Health, where the Custodian Organisation is the responsible custodian of the personal information.
    15. In this case the personal information collected by us (for example, an individual’s ‘health record’), is not owned by Caraniche and is instead owned by the relevant Custodian Organisation and the Custodian Organisation’s own policies and procedures will apply to the storage, handling and disclosure of that personal information.  Caraniche will usually be required to comply with the Custodian Organisation’s relevant policies and procedures in relation to the collection and handling of the personal information as part of its contractual arrangements with that Custodian Organisation.
  9. How do we collect personal information?
    1. Caraniche collects personal information through a variety of different methods including:
      • face to face meetings and telephone communications (with clients, personnel, job applicants, contractors, visitors and others);
      • paper-based forms;
      • electronic forms including via Client Management System (e.g. Tacklit);
      • email communications; and
      • Caraniche websites and other online tools such as software.

      Direct collection

    2. Personal information must only be collected in a lawful and fair way.4  If practical, we must collect personal information directly from the individual (unless the individual has consented to collection from someone else, or the information relates to a child or an adult who lacks capacity in which case the relevant information may be collected from a parent or guardian).
    3. The rules relating to collection of sensitive information (including health information) are more onerous.  In particular, we can collect health information about a client only if:
      • the client consents (expressly or impliedly)5 to us collecting it; and
      • the information is reasonably necessary for our activities (i.e., to provide a service or program to that client).
    4. Sensitive information should always be collected directly from clients (and not from a third party) unless it is not reasonable or practicable to do so.  Examples of where it might not be reasonable or practicable to get consent is in an emergency where it may be necessary to collect a client’s health information from a client’s guardian or relative.
    5. When we collect personal information, we must take reasonable steps to tell the individual (as close as possible to the time we collect the information):
      • our identity and contact details;
      • the fact and circumstances of collection;
      • whether the collection is required or authorised by law;
      • the purposes of collection;
      • the consequences if personal information is not collected;
      • our usual disclosures of personal information of the kind collected;
      • information about our privacy policy; and
      • whether we are likely to disclose personal information to overseas recipients and, if practicable, the countries where they are located.
    6. Caraniche informs individuals of the matters set out in section 10.5 above through its collection notices, privacy statements and consent forms as required.  Consent is a key control to ensure the individual has understood and provided informed consent.

      7. Collection of personal information from third parties

    7. In some cases, we collect ‘solicited’ personal information (i.e., we explicitly ask a third party to provide us with personal information or take active steps to collect personal information from it).
    8. Caraniche will typically collect information from third parties such as:
      • health or other organisations (including public entities) that we are providing a service on behalf of;
      • another health service provider which has been, or is, involved in a client’s care (for example, we may receive a referral from another health provider);
      • a ‘responsible person’ for a client (such as a parent or guardian); or
      • an individual’s past employer or referee.
    9. Different requirements apply in relation to the collection of sensitive information from third parties compared to other types of personal information.  For personal information (other than sensitive information) we may collect this information from a third party where it is reasonably necessary for, or directly related to, our functions or activities.  The same requirement applies where we are collecting sensitive information from a third party, however, in this case, the individual about whom the sensitive information relates must consent to the collection unless an exception applies.  There are a range of exceptions but the ones most likely to apply to Caraniche include:
      • the collection is required or authorised by or under Australian law or a court / tribunal order;
      • it is unreasonable or impracticable to obtain the individual’s consent to the collection and we reasonably believe the collection is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety;
      • the collection is reasonably necessary to establish, exercise or defend a legal claim; or
      • the collection relates to health information which is necessary for us to provide a health service to the individual and either:
        • the collection is required or authorised by or under an Australian law (other than the Privacy Act); or
        • the health information is collected in accordance with the rules established by competent health or medical bodies that deal with obligations of professional confidentiality which bind Caraniche; and
      • the collection of health information is from a client about another individual where it is part of the client’s family, social or medical history and that history is necessary to provide a health service to the client.  This may include, for example, information about inheritable conditions.  The information should be limited to that which is necessary to provide the health service to the client.
    10. In some cases, Caraniche collects personal information from (or may disclose personal information to) agencies or organisations that are responsible for paying for the services / programs that we deliver to a client (Billing Agency).  Generally, the client must consent to us collecting / disclosing such information.  While the actual process will vary depending on the Billing Agency we are dealing with, some typical scenarios include:
      • the client is provided with the service / program on an anonymous basis and scheduling and billing arrangements are organised by the Billing Agency using a client reference number; and
      • the Billing Agency identifies the client by name and Caraniche provides the Billing Agency with information on dates / times of attendance or more detailed information on the nature of the services provided (for billing purposes).
    11. In each case, clients should understand what personal information has been collected from them and how that information may be used / disclosed.  If Caraniche personnel members are unclear as to what processes apply, or otherwise have any specific questions relating to interactions or communications with a Billing Agency, these should be directed to Caraniche’s Privacy Officer.

      12. Unsolicited information

    12. From time to time we may receive ‘unsolicited’ information.  This is information that we come across by accident, or receive but have not requested.  If we receive unsolicited information, we must determine whether the Privacy Laws would have allowed us to collect that information.  If it is sensitive information, we would generally have required the person’s consent to collect the information (unless an exception applies).  If we could have lawfully collected the information, we must comply with Privacy Laws when handling it.  If we could not have lawfully collected the information, then we must destroy or de-identify the information as soon as practicable if it is lawful and reasonable to do so.
  10. The purposes for which we collect personal information
    1. As noted above at section 9.2, Caraniche must only collect personal information when it is reasonably necessary for, or directly related to our functions and business activities.  The purpose for which we collect personal information is referred to as the ‘primary purpose’ of collection.  It is important to note that Caraniche can only use or disclose personal information for the purpose for which it was collected, or for a secondary purpose if an exception applies.  See section 12 for further information on use or disclosure.

      2. Primary purpose of collecting information about clients

    2. We collect personal information about clients when necessary to:
      • deliver our services and programs;
      • provide a safe and secure workplace for our personnel;
      • provide a safe environment for our clients
      • fulfil our contractual and other legal obligations;
      • plan, fund, monitor and regulate and evaluate our services, programs and functions;
      • comply with reporting requirements;
      • undertake research; and
      • manage, evaluate and audit our internal processes, systems and procedures.

      Primary purpose of collecting information about personnel and others

    3. We collect personal information about personnel (and prospective personnel) and others:
      • to assess suitability for employment or placements;
      • to administer employment or student placement programs;
      • for insurance purposes; and
      • to fulfil our contractual and other legal obligations (including employment laws and occupational health and safety laws).
    4. Note that some Caraniche personnel may have access to company resources (for example, mobile phones, laptops, tablets, etc.) to use in the course of their employment (and for reasonable personal use).  Use of such resources may result in the collection of personal information (for example, records relating to physical location, telephone numbers messaged or called, websites accessed, etc.).
  11. When do we use or disclose personal information?
    1. Caraniche can use and disclose personal information for the primary purpose for which we collected it.
    2. The context in which information was collected helps to identify the primary purpose of collection.  For example, if a client provides us with health information during a consultation, the primary purpose of us collecting that information is to provide services and treat that client.
    3. We can also use and disclose personal information for a ‘secondary purpose’ (being any purpose other than the primary purpose) in certain circumstances.  This will generally be where:
      • the individual has consented to use or disclosure of the personal information for a secondary purpose;
      • the individual would reasonably expect us to use or disclose their information for that secondary purpose and:
        • for personal information that is not sensitive information, the secondary purpose is related to the primary purpose of the collection; or
        • the secondary purpose is directly related to the primary purpose of the collection (this would include, for example, complaint handling, incident monitoring, disclosure to clinical supervisors by psychiatrists, psychologists or social workers, etc);
      • the use or disclosure is required or authorised by or under an Australian law or a court / tribunal order (for example, mandatory notification of child abuse under care and protection laws, child and family violence information sharing schemes, subpoena/summons, etc.);
      • the use or disclosure is necessary to lessen or prevent a serious threat to the health, safety or welfare of a person or the public;
      • the use or disclosure is required in order for us to take appropriate action in relation to suspected unlawful activity or serious misconduct; or
      • we reasonably believe that the use or disclosure is reasonably necessary for law enforcement related activities.
    4. In addition, we may use or disclose health information for research or statistical purposes relevant to public health or public safety in accordance with the Privacy Laws, for example, where:
      • the individual has consented to the use or disclosure; and
      • the use or disclosure is for the same (primary purpose) for which the information was collected; or
      • the use or disclosure is otherwise for a purpose which is directly related to the primary purpose of the collection, and the individual would reasonably expect us to use or disclose the information for that purpose.
    5. Where we do not have an individual’s consent to the use or disclosure of their health information for research purposes, we must carefully consider whether any exceptions apply that could allow us to use or disclose that information without consent.  This is a complicated issue and advice must be sought from Caraniche’s Privacy Officer before using or disclosing the information.
    6. Caraniche must not publish any individual’s personal information that has been collected for research purposes unless such individual has provided consent.  Caraniche must also ensure that it notifies its clients that they have the right to opt out of any research project at any time.
  12. Storing and securing personal information
    1. The security of personal information collected by us is paramount, whether this information is in computer or online systems or in paper-based form.  Under the Privacy Laws, we are required to take all reasonable steps to protect information from misuse and loss, and from unauthorised access, modification and disclosure.  Physical, technical and appropriate protective data security practices are applied to all personal information held by us.  By way of example, security software has been deployed across our computing networks and passwords are required when using work computers, portable devices and email communications.
    2. Caraniche may have different storage arrangements in place for different types of personal information.  For example:
      • personal information that we have collected for the purposes of providing a service / program will usually be stored or uploaded onto the client’s electronic case file within the Caraniche Client Management System, or within the Custodian’s Organisation’s client electronic record;
      • personal information that we have collected for the purposes of providing a service / program for a Custodian Organisation will sometimes be stored in a paper-based client file and stored securely onsite the Custodian Organisation or archived at a secure offsite third-party record management storage facility. In instances where this information is held by Caraniche staff working remotely in various locations, staff are expected to uphold the confidentiality and security of client information. This includes ensuring any paperwork with identifying client information is marked as confidential and kept securely away from others (refer also to Guidelines For Telephone and Video Counselling).
      • billing information will usually be recorded in the Caraniche Accounting Package and in the Caraniche Client Management System;
      • personal information relating to our employees and other personnel is typically stored in Caraniche’s Employment Database and on Caraniche’s server; and
    3. In each case, access restrictions apply as appropriate.
    4. Where we collect information on behalf of a Custodian Organisation (see sections 9.14 and 9.15) the security and storage of that information will generally be the responsibility of the Custodian Organisation.
    5. We will also take all reasonable steps to destroy or permanently de-identify personal information if it is no longer required in accordance with Privacy Laws.
    6. In accordance with the Health Records Act and the Australian Psychological Society (APS) Code of Ethics, client files are destroyed 7 years after the date of our last contact with the client (or such longer period as may be required by applicable law).  Client files relating to minors must generally be retained until the minor reaches the age of 25 (or such longer period as may be required by applicable law).
    7. Where personal information is deemed to be a ‘public record’ then such information will be retained and disposed of as required under the Public Records Act 1973 (Vic).
    8. On occasions, where unavoidable, some records may be held out of the office (e.g. working from home environment), however reasonable efforts should be undertaken to minimise the generation of such records and all reasonable steps to protect information from misuse and loss, and from unauthorised access, modification and disclosure must be applied. Refer to Guidelines For Telephone and Video Counselling.
    9. Where records have been held offsite, at the earliest opportunity they should be returned to the primary worksite and consolidated with other related records.
  13. De-identified information and anonymity
    1. From time to time Caraniche uses certain de-identified information (such as anonymous or statistical usage data, anonymized IP addresses, browser or platform types) where practicable to do so.  De-identified information is not subject to the same restrictions under Privacy Laws because, by its nature, it does not include any personal information.
    2. In particular (but without limitation), such de-identified information may be used to improve the quality and design of our services.
    3. In some cases, individuals interacting with organisations (for example, Billing Agencies) will sometimes be linked to numbers or codes that could be used to identify them (for example client reference numbers, etc).  Where an individual’s identity is apparent or can reasonably be ascertained from the identifier, it constitutes personal information and we must comply with Privacy Laws in respect of such information.
    4. Caraniche may provide clients with the option of not identifying who they are or using a pseudonym where it is lawful and practicable to do so. However, in the context of providing our services and programs, it will usually be impracticable to transact with an individual anonymously due to the type of information required from an individual e.g., contact details, medical history, referrals, etc.
  14. Access to and correction of personal information
    1. Caraniche must take reasonable steps to ensure that all personal information that it collects and holds is accurate, up to date and not misleading, having regard to the purpose(s) for which the information is to be used.  We should not use personal information where it is known to contain errors.
    2. All individuals (or their authorised representatives) have a right to access, update and correct information that we hold about them.  We must respond to a request for access within a reasonable period (30 days will generally considered to be a reasonable period). Each request to client information must be recorded in Client Information Request and Release Register. Please refer to Client Information Request and Release Procedure.
    3. For information that Caraniche does not hold, for example, where the Custodian Organisation holds the information, any requests to access, update or correct this information must be directed to the Custodian Organisation.

      4. Access by clients

      If a client requests access to, or wishes to correct, personal information that is held by a Custodian Organisation, Caraniche must advise the client to contact the relevant Custodian Organisation directly who can direct them to the Freedom of Information (FOI) processes.

    4. To gain access to the personal information held by Caraniche in a client’s treatment file (electronic or hardcopy) an individual (or a ‘responsible person’) can either:
      • make a request directly to the treating clinician for access to the file (or parts of the file) within a treatment session; or
      • request access in writing by contacting Caraniche’s Privacy Officer.
    5. For clients’ protection, we will usually require confirmation of identity before providing access to personal information held by Caraniche (this may not be relevant where, for example, the relevant client is already known to us).  In accordance with Health Records Act, reasonable costs may be charged to the individual for providing access to their personal information.  This charge must not be excessive, and we must advise the individual that there is a charge and explain the reasons for it.  The charge may include the cost of:
      • Caraniche personnel searching for, locating and retrieving requested information;
      • Caraniche personnel reproducing and sending the personal information; and
      • the postage or materials involved in giving access.
    6. If there are inaccuracies on a client’s treatment file, the client (or their parent or legal guardian) can request that a note be placed on the individual’s file incorporating the individual’s comments regarding the inaccuracies, and/or corrections.
    7. There are some situations where Caraniche will not provide clients with access to personal information.  For example, access to personal information will not be provided where:
      • access would or could comprise a serious threat to the life or to health of a person (e.g., to the client, or to others named in documentation in the treatment file);
      • access would have an unreasonable impact upon the privacy of other individuals;
      • the request for access is frivolous or vexatious;
      • providing access would be unlawful;
      • providing access would be likely to prejudice an investigation of possible unlawful activity; or
      • an enforcement body performing a lawful security function asks Caraniche not to provide access to the information on the basis that providing access would be likely to cause damage to the security of Australia.
    8. Where Caraniche is not able to provide access to personal information or is not willing to make a correction to personal information, it must provide notify the relevant individual and provide reasons.  The request and refusal reason must be recorded in Client Information Request and Release Register. Please refer to Client Information Request and Release Procedure.

      9. Access by personnel and others

    9. If a Caraniche personnel member (including students or volunteers) wishes to access or correct personal information that we hold about them, they must contact the People and Capability Team.
    10. Other individuals who wish to access or correct personal information that we hold about them must contact Caraniche’s Privacy Officer.
  15. Dealing with complaints
    1. Individuals who wish to complain about the handling of their personal information may lodge a complaint with Caraniche’s Privacy Officer via Caraniche’s Feedback Management procedures.  Caraniche will appropriately investigate the complaint and provide a response to the individual, as required, within a reasonable amount of time (usually this will not be more than 30 days).
    2. Individuals who are unhappy with the way Caraniche handles their personal information or who are not satisfied with the way in which we have handled a complaint may lodge a complaint with:
      • the Health Complaints Commissioner (in relation to health information); or
      • the Office of the Australian Information Commissioner.
  16. Contact details and further information
    1. Caraniche Privacy Officer

      2. Address:  Level 1, 260 Hoddle St, Abbotsford VIC 3067
      Phone: (03) 8417 0500
      Email:  feedback@caraniche.com.au

    2. For further information and guidance on the Privacy Laws and the role of the Office of the Australian Information Commissioner see https://www.oaic.gov.au
    3. For further information and guidance on the handling of health information specifically and the role of the Health Complaints Commissioner see https://www.hcc.giv.gov.au
    4. For further information on the Australian Psychological Society Code of Ethics, see https://www.psychology.org.au/About-Us/What-we-do/ethics-and-practice-standards/APS-Code-of-Ethics
  17. Document control and revision history
Revision History:
Version No.: Preceding Version: Approved by: Description of changes to preceding version:
4.0 3.3 Executive Periodic (full) review.
Document Owner: Department owner: Approval Date:
Director of Strategy and Governance Strategy and Governance 31 May 2023
Next Review Date: June 2025

1. Under the Privacy Laws, health service is defined broadly and includes any activity performed in relation to an individual that is intended or claimed by the person performing it to assess, maintain, improve or manage the individual’s health, or to diagnose or treat actual or suspected illness, disability or injury.

2. Sensitive information includes information or opinion about a set of specific characteristics, including a person’s racial or ethnic origin, political opinions or affiliations, religious beliefs or affiliations, sexual orientation or practices, experiences of family violence, criminal record, etc.

3. Note that information of this type constitutes sensitive information and may be disclosed by our personnel on a voluntary basis only.  This information is generally sought by Caraniche to meet specific workplace needs.

4. Lawful collection is a collection that does not breach any State, Territory or Commonwealth law.  Information is collected in a fair way if it done without intimidation or deception and in a way that is not unreasonably intrusive.

5. Express consent is given orally or in writing by an affirmative, unambiguous act.  Implied consent arises where you can infer from the circumstances, and the conduct of the person, that consent is being given.