Policy: Client Privacy And Confidentiality

Policy context: This policy relates to:


  • CSS 4.1 Privacy
  • CSS 4.2 Record keeping and disposal
  • CSS 4.3 Confidentiality
  • CSS 4.4 Access to confidential information
  • RACGP ( 4TH Ed):
  • ISO 9001:2008

Legislation and other requirements

  • Commonwealth Privacy Act (1988)
  • Privacy Amendment (Private Sector) Act 2000
  • Queensland Child Protection Act (1999)
  • Queensland Juvenile Justice Act (1992)

Relevant Policies

  • Managing Client Records
  • Client Privacy and Confidentiality Child and Youth in Care
  • Client Complaint Policy
  • Code of Conduct

Related Documents

  • Client Consent Non-Consent Form
  • Privacy Statement
  • Workplace Confidentiality Agreement
  • Request for Personal Information Form
  • Request to Amend Personal File
  • Photo Consent Form
  • Information Authorisation Form
  • Code of Conduct Acknowledgement Form
  • Code of Conduct for Interacting and Working with children and young people
  • FIS Media Consent Form
  • Client Consent Form
  • SHS Client Consent Form
  • FSS Client Consent Form

1. Purpose

Townsville Aboriginal and Islander Health Service (TAIHS) promotes the rights and responsibilities of people using its services by protecting clients’ rights to confidentiality and privacy, taking into account relevant privacy and other legislative requirements. This policy
sets out how TAIHS protects the privacy and confidentiality of people using services. It covers what is written and what is said about people and how information is shared. It also covers the circumstances where the right to confidentiality may be overridden by other

2. Policy Statement

TAIHS has adopted the following as its Privacy Statement:

TAIHS is committed to protecting and upholding the rights of our clients to privacy in the way we collect, store and use information about them, their needs and the services we provide to them. We want our clients to have confidence that we take these responsibilities

We acknowledge that clients have legislated rights to confidentiality and privacy, and to accessing their own records. We believe it is mandatory and accountable practice to protect and uphold these rights, so we act correctly in those circumstances where the right to
confidentiality or privacy may be overridden by legislative considerations.

We make sure no personal information about a client is shared with anyone, on purpose or by omission, unless the client has given their informed consent or in special circumstances where the law allows an exception.

We also pay attention to the physical layout of our premises in regard to privacy.

3. Scope

This policy and related documents do not apply in cases where the client is a child or youth under the statutory intervention of the Child Protection Act 1999, or a service foster carer or kinship carer. The Client Privacy and Confidentiality Child and Youth in Care Policy shall apply in such cases.

4. Definitions

Privacy Statement -  refers to a document that declares the intentions of the organisation in relation to Client information and data; how
personal information is stored; how clients can access this information and the purposes for which personal information is
used and disclosed

5. Procedures

5.1 Client Privacy and Confidentiality

  • To provide an effective and high-quality service and to maintain appropriate accountability, we must collect, store and sometimes share relevant personal information about our clients.
  • It is important that all TAIHS staff and board members are consistent and careful in the way we manage what is written and said about a client and how we decide who can see or hear this information. To uphold the rights of clients to confidentiality and privacy, each staff and management member must ensure the following are strictly adhered to.

5.2 Collecting Records

  • TAIHS staff must use ensure that information provided by clients is collected in a fair, legal and transparent way. When staff visit clients, they shall interview clients in a private area if a confidential and/or sensitive interview is to take place.
  • TAIHS staff shall use discretion and sensitivity in both verbal and written communications with other service providers especially when such communication is likely to be overheard by other employees, the general public or other unauthorised personnel.
  • Staff must obtain consent from the client to access information from another service, including other units of TAIHS, using the appropriate Client Consent Form.
  • Care should be taken that individuals cannot see computer screens showing information about other individuals.
  • Staff must not disclose passwords to unauthorised persons.

5.3 Storing Records

  • Information collected by the staff will be kept in a personal file.
  • Client records will not be left in open areas where they can be seen by staff not directly involved in service provision to the client (ie desk tops where they are visible to others)
  • Confidential records including board members, TAIHS staff or client’s records will be stored in a secure place.
  • Only authorised persons will have access to such records.
  • Electronic records must be secured. This includes locking computers when information is not being used, closing client files immediately after use, and logging off terminals when finished.
  • All client records shall be moved in a secure manner if transportation outside the office is required.

5.4 Using Records

  • TAIHS will only use the personal information collected for the purposes for which it was collected, or other purposes that are agreed to between the organisation and the client.
  • Additional purposes may be required to comply with legislation. If this is the case, the organisation will communicate to the client that this has occurred.

5.5 Disclosure of Records

  • Confidential information concerning clients shall not be visible to unauthorised persons, whether they are employees, volunteers, committee members or the public.
  • No unauthorised person shall be given access to any client’s personal information unless client has provided consent on the appropriate Client Consent Form, there is a legitimate need or when compelling moral and ethical reasons exist i.e. duty of care principles.
  • TAIHS staff may be required to disclose client data, only under the following circumstances:
    • where required by law
    • with client consent
    • Where permitted by law.

5.6 Client access to personal records

  • TAIHS is committed to permitting a client access to their own records collected by the organisation only.
  • Client can access personal records; however, clients must complete a Request for Personal Information Form. All requests must be approved by the Medical Advisor, in the case of Medical Records, and / or the Chief Executive Officer.
  • The Medical Advisor / Chief Executive Officer will make a determination about a request to access TAIHS file records within two working days of receiving the request.
  • In the advent that a client wishes to add a note to his/her record, the client must complete a Request to Amend Personal File form.
  • TAIHS will aim to ensure access is:
    • convenient
    • without reasonable delay
    • without cost (with the exception of medical records and information that exceeds 10 pages, for which a small fee may be charged. In the case of medical records, the fee shall be $35).

5.7 Changing confidential/personal records.

  • TAIHS does not allow records to be changed. However, client records can be updated by TAIHS staff, and clients may request to add a note to their records by completing the Request to Amend Personal File form.

5.8 Refusal to access confidential information

  • TAIHS has the right to refuse a request to access to personal information or confidential records if it conflicts with personal privacy and is in breach of privacy laws.
  • The client has the right to lodge a complaint about the refusal of service, in line with the Client Complaints Policy.

6. Policy Revision

  • This document will be reviewed in line with the Document Control Procedure. If any changes are made, supporting documentation (including Practice Manuals) must be updated.