Privacy and Confidentiality Factsheet
How do we collect your information?
We collect personal information in a number of ways, including:
- Directly from you or (when relevant) your carers, for example when you complete the GPSO intake forms, provide information by phone or in agreements.
- From our own records of how you use our services
What information do we collect?
Depending on how you are interacting with us, this information may include your contact details, health history, diagnosis, personal care routine, goals, training and educational needs, capabilities, medication, behavioural support or other information relevant to your individual needs, wants and preferences. We collect information relating to your NDIS plan including participant number, start and finish dates and the funding allocated for each support category. We also encourage you to provide us with a copy of your NDIS plan as this assists GPSO to provide the best quality supports.
What do we use your information for?
If you receive a service from GPSO, we will collect and hold your personal information to gain an understanding of your needs so that we can:
- Provide optimal supports and services
- Assist with personal care, feeding routines, changing procedures
- To reach your full potential and achieve your goals
- Provide appropriate advice and information
- Administer billing services and comply with legal requirements
How do we store your information?
The security of your information is important to us and we take all reasonable steps to protect it from misuse, loss, unauthorised access, modification or disclosure.
All personal, health and NDIS information is stored securely in paper and/or electronic form. This includes:
- Requiring our GPSO team members to maintain confidentiality
- Document storage security measures including password protection, locked cabinets, key security
- Providing discrete environments for confidential discussions
- Only allowing access to records when the individual seeking access to their own information has satisfied our identification requirements
How do we keep your information accurate?
We take all reasonable steps to ensure that all records and customer information we collect, use and disclose is accurate, complete and up to date. You can amend any information in your records that you consider to be incorrect, incomplete or misleading, and we request that you ensure all information you provide to GPSO is current and in writing.
GPSO updates all Participant information when a new NDIS plan is approved. This ensures GPSO is up to date with your support needs and can provide the best possible services.
We suggest you let us know if there are any errors in the information, any changes to personal details e.g. name, address, contact information, or if you receive a recent allied health report or other relevant assessments that can assist GPSO in the delivery of support.
How do we access your own personal information?
The records for recipients of GPSO services remain the property of GPSO, however you have the right to access your own records on request and to be provided with copies of documents.
You, or your authorised representative, can make a written request to GPSO to access information in your record. You, or your authorised representative, will be required to complete and sign an ‘Authority to Exchange Information’ form which is included in the intake process. Viewing of records will occur under the supervision of a GPSO administration member. Under no circumstances is information allowed to be removed from the participant’s file without the consent of the Participant or their nominated representative.
Disclosing personal information?
In order for GPSO to provide a comprehensive and effective service it may be helpful to share your information with other service providers e.g. your GP or other service provider. In this situation, prior to taking any action, we will ask you to give written consent for us to disclose any information from your record to the other party.
GPSO obtains the Participant’s consent to exchange information during the intake process, where an ‘Authority to Exchange Information’ form is required to be completed and signed. This form provides the Participant the opportunity to allow or deny permission for service providers and individuals to access their personal information. Copies of all paperwork related to the release of the information will be placed in your file (paper and/or electronic version). If you are unable to give consent about the release of your information due to age, physical or cognitive limitations, a decision will be sought from your authorised representative.
We will only provide Participant information to a third party with your, or your representative’s, consent, however there are occasions where we must provide information (without individual consent) if bound by legislation or regulatory compliance, by court order, by law enforcement authorities as part of a criminal investigation or to ensure your safety and the safety of others, to do so.
You are able to withdraw your consent to release information at any stage.