Privacy policy

Privacy Policy

1. Introduction

Grampians Rural Health Alliance (GRHA) Privacy Policy is in alignment with the Australian Privacy Principles (APP) 1.3 defined in the Privacy Act 1988 (the Privacy Act), referred to as the “APP Privacy Policy”.

1.1 GHRA Context

GRHA administers a broad range of programs and activities to support Australia’s world-class health system which allows universal and affordable access to high quality medical, pharmaceutical and hospital services while helping people to stay healthy through health promotion and disease prevention activities.

GRHA’s diverse set of responsibilities include:

Public health, including health protection, and medical research

Health promotion and disease prevention

Primary health care

Hospitals funding and policy

Hearing services policy and funding

Specific health services, including human quarantine

Sport and recreation

National drug strategy

Health workforce capacity

Mental health policy and primary mental health care

1.2 The Privacy Act

The Privacy Act regulates how APP entities collect, hold, use and disclose personal information, and how individuals can access and seek correction of that information. APP entities are:

Commonwealth agencies, including the Department of Health and

Private sector organisations,
which are bound by the Privacy Act.
‘Personal information’ is information or opinion in any form that identifies or enables identification of a living person. The complete definition in the Privacy Act is “Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:

(a) Whether the information or opinion is true or not; and

(b) whether the information or opinion is recorded in a material form or not.”

This APP Privacy Policy sets out how GRHA, as an APP entity, manages personal information.

1.3 Compliance with the Privacy Act

GRHA is required to comply with the Privacy Act and in particular the thirteen APPs which regulate the collection, holding, use and disclosure of personal information.

2. GRHA’s Personal Information Handling Practices

2.1 Collection of personal information generally

GRHA only collects personal information which it needs in order to perform its functions and activities including those contained in legislation administered by the Ministers responsible for the Department (as set out in the Administrative Arrangements Order). As GRHA has limited direct contact with the public, GRHA only collects personal information in a limited range of categories.
These categories include:

personal information collected by contracted service providers in compliance with contractual measures as required by the Privacy Act.

personal information collected from employees, job applicants, contractors and others in relation to employment.

GRHA collects personal information in accordance with the Privacy Act.
GRHA routinely provides a privacy notice as required by APP 5 when it solicits personal information.
In some circumstances, individuals or organisations provide personal information on an unsolicited basis. Examples of this include correspondence to the Department or to GRHA. GRHA may not normally give an APP 5 privacy notice in these circumstances because the information is unsolicited.
In all cases where personal information is received, it is handled according to the particular circumstances and in compliance with the Privacy Act.
GRHA collects personal information through a range of different channels including:

paper-based and electronic forms (including online forms)

face to face meetings

telephone, email, and facsimile communications

GRHA’s websites (including online portals)

social media websites and accounts.

2.2 Kinds of personal information collected and held

GRHA collects and holds various kinds of personal information including:

records relating to personnel, payroll matters, recruitment, disciplinary and counselling matters for the GRHA’s staff, contractors and job applicants including security clearances and police record checks

records relating to occupational health and safety matters including accident and injury records, compensation and rehabilitation case files applications, correspondence (including decision letters), instruments of appointment, medical and patient records and other records relating to the performance of GRHA’s administrative functions and activities

correspondence, invoices, receipts and other records relating to good and services supplied to GRHA

correspondence, invoices, receipts and other records relating to services provided by GRHA or publications purchased from GRHA

correspondence, curricula vitae, remuneration and travel records and other records including membership lists relating to a range of non-statutory and statutory committees, boards, reference and working groups

distribution and mailing lists relating to the dissemination of departmental publications, reports, newsletters and other information of interest to individuals

correspondence and other documents relating to contracts, grants, allocations, funding agreements, requests for tenders and other procurement processes

correspondence, reports and other records relating to internal and external audits, allegations of fraud and compliance investigations

correspondence from individuals, third parties and the Ministers and Ministerial staff including background and briefing material

correspondence and other documents relating to complaints and other feedback provided to GRHA requests for access to documents held by GRHA including requests under the Freedom of Information Act 1982 (FOI Act) and related correspondence

correspondence and other documents relating to requests for legal advice

certain PCEHR records, such as personal information added to PCEHR directly by consumers or uploaded by their healthcare providers.

2.3 Sensitive Information

Where the above kinds of personal information include sensitive information such as:

information about an individual’s racial or ethnic origin

health information such as details of an individual’s medical history, including details of specific medical conditions, disabilities and medication history

information about an individual’s membership of a professional association
this information is given the higher level of protection required by the APPs.

2.4 How GRHA holds personal information

Personal information held by GRHA is stored on electronic media including the Electronic Document and Records Management System and also on paper files. GRHA stores and disposes of personal information in accordance with the Archives Act 1983.
Electronic and paper records containing personal information are protected in accordance with Australian Government security policies.

2.5 Purposes for which personal information is collected, held, used and disclosed

The purpose for which GRHA collects, holds, uses and discloses personal information will vary depending on the function and activity being taken and may include one or more of the following:

performing personnel functions including work health and safety obligations in relation to GRHA’s staff and contractors

recruiting and engaging staff and contractors

providing secretariat services to GRHA’s committees, boards, reference and working groups

providing assistance to or making payments to eligible recipients

informing the design and development of GRHA’s policies and programs and the composition of bodies providing advice to GRHA

assessing satisfaction with service provision

undertaking compliance with legal obligations under portfolio and other legislation

administering statutory schemes including registers, accreditation and exemption schemes

administering scholarships, fellowships, awards and training programs

undertaking health promotion activities and campaigns

maintaining appointment and officer details and making decisions in relation to portfolio appointments

conducting health surveillance activities

researching and evaluating programs and activities

investigating and responding to complaints about service provision and payments

auditing GRHA’s programs and activities and investigating and responding to allegations of fraud

contract management

managing and responding to correspondence and enquiries from individuals and organisations

support for the Secretary in performing her functions under the Personally Controlled Electronic Health Records Act 2012

2.6 How to seek access to and correction of personal information

An individual has a right of access under the Privacy Act to personal information about himself or herself held by GRHA. This right of access is subject to the entitlement of GRHA to refuse access under the FOI Act. GRHA, accordingly, requires individuals seeking access to their own personal information to seek that access under the FOI Act and not the Privacy Act in the first instance.

Individuals can request access to documents containing their personal information by telephoning (03) 5320 4529. There is no charge under the FOI Act for making a request or for the provision of an individual’s personal information. More information about making FOI requests is available by telephoning (03) 5320 4529.
An individual also has a right under the Privacy Act to request GRHA to correct his or her personal information. Where an individual wishes to request correction of personal information, he or she should contact GRHA at the contact details provided at paragraph 4.1 of this APP Privacy Policy. GRHA will deal promptly with the request in accordance with the requirements of the APPs.

2.7 Disclosure of personal information overseas

GRHA does not disclose personal information outside of Australia.

3. Complaints

3.1 Complaint handling process

If an individual believes GRHA has breached his or her privacy rights, he or she may contact GRHA using the contact details set out at section 4.1 of this APP Privacy Policy. GRHA will treat the complaint seriously and is committed to providing a fair and timely response.
If an individual wishes to make a privacy complaint against GRHA, he or she also has the option of complaining directly to the Australian Information Commissioner. The Australian Information Commissioner’s details are set out below:

Telephone: 1300 363 992
Email: enquiries@oaic.gov.au
Post: Australian Information Commissioner
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001

4. How to Contact GRHA

4.1 Contact Details

GRHA can be contacted by telephone on (03) 5320 4529.