Department of Human Services Privacy Policy
- The Department of Human Services (the department) is committed to protecting the privacy of personal and health information which we and our funded service partners collect, use, disclose and store.
- The department collects three broad types of information:
- Personal information is recorded information which directly or indirectly identifies a person.
- Health information is information about a person’s physical or mental health, disabilities or health services received and other information collected in the course of providing health services.
- Sensitive information is information about a person’s race or ethnicity, political or philosophical opinions, religious beliefs, sexual preferences or practices, criminal record or membership details, such as membership of a trade union or professional association.
- The services and functions which we and our service partners provide relate primarily to the areas of community services, housing, women’s affairs and youth affairs. We are committed to providing coordinated service and care to our clients.
- The department collects and uses a range of personal, health and sensitive information so that we can deliver our services and carry out our statutory functions. Information is also used for planning, funding, administering, monitoring, evaluating, integrating and improving our services and functions, including those performed under the relevant legislation. Where appropriate and practicable, we remove identifying details from information used for these purposes.
- We collect information using a variety of methods. Some typical examples of how we collect your information include application forms, enquiries, surveys and complaints, as well as solicited and unsolicited correspondence received.
- Occasionally, you may need to provide information about other individuals to us (for example, your authorised representative). If so, we rely on you to inform them that you have provided us with their personal information and to refer them to the department’s privacy policy.
- We recognise that the nature of our services means that much of the information we collect and handle is particularly sensitive.
- If you do not provide us with the information we must have to deliver the service, we may not be able to deliver the service you need or provide you with a coordinated service.
- The information we collect may be shared within the department and with our service providers to enable efficient and effective delivery of quality services. Your information will be shared with our service providers only in relation to delivery of coordinated departmental services to meet your needs.
- The types of entities we may share your information with include:
- your authorised representatives, interpreter or legal advisors acting on your behalf
- entities who provide services on behalf of the department and who will provide services to you, such as our community sector partners, community service organisations, contracted service providers or other health service providers. Please note: There may be circumstances when we are required by law to collect, use or disclose your information.
- We are bound by Victorian privacy legislation, including the Information Privacy Act 2000 and the Health Records Act 2001, as well as other laws which impose specific obligations in regard to the handling of personal, sensitive and health information. In broad terms this means that we:
- collect only information which we need for a specified primary purpose
- ensure that the person knows why we collect their information and how we will handle it
- use and disclose information only for the primary, a directly related purpose, or for another purpose with the person's consent (unless otherwise required or authorised by law)
- store information securely, protecting it from unauthorised access
- ensure that any transfer of information outside of Victoria is in accordance with privacy legislation
- retain information for the period authorised by the Public Records Act 1973
- provide the person with access to their own information, and the right to seek its correction.
See the summary of the Information Privacy Principles and the Health Privacy Principles below.
- We recognise that privacy principles protect information both as a matter of individual right, and to support the public interest in ensuring the department can collect, use and share information necessary for delivery of its services.
- We adhere to the privacy principles contained in the Victorian privacy legislation as minimum standards in relation to handling personal, sensitive and health information.
- The privacy principles are reflected in and supported by our corporate values:
Client focus
Responsibility
Collaborative relationships
Professional integrity and respect
Quality - We recognise the essential right of individuals to have their information handled in ways which they would reasonably expect - protected on the one hand, and made accessible to them on the other.
- Individuals may gain access and make correction to their information in our possession through the Freedom of Information Act 1982. Information on our Freedom of Information process is available on this site (see link below).
If you would like more information about how the department protects your privacy, please see the department’s privacy brochure titled Your privacy Matters (see link below). The privacy brochure contains information on how to contact the department.
Explanatory notes
(a) The Health Records Act 2001 applies to health information, which is broadly defined to include information and opinion relating to physical and mental health, disability and aged care services. It contains 11 health privacy principles.
(b) The Information Privacy Act 2000 contains 10 information privacy principles which apply to personal and sensitive information.
Key privacy principles in summary
The table below provides a summary of the key privacy principles outlined in schedule 1 of the Health Records Act 2001 (HRA) and the Information Privacy Act 2000 (Victoria) (IPA), as published by the Health Services Commissioner and the Victorian Privacy Commissioner respectively.
This is an abridged version of the privacy principles, and is intended for quick reference only. The full privacy principles can be found in schedule 1 of the HRA and the IPA.
|
Health privacy principles summary |
Information privacy principles (IPPs) summary |
|---|---|
| 1. Collection Only collect health information if necessary for the performance of a function or activity and with consent (or if it falls within HPP1). Notify individuals about how the information is used and that they can gain access to it |
1. Collection Collect only personal information that is necessary for performance of functions. Advise individuals the use of the information, third parties who may have access to their information, and how they can gain access to personal information. |
| 2. Use and disclosure Only use or disclose health information for the primary purpose for which it was collected or a directly related secondary purpose the person would reasonably expect. Otherwise, consent is generally required. |
2. Use and disclosure Use and disclose personal information only for the primary purpose for which it was collected or a secondary purpose the person would reasonably expect. Use for secondary purposes should have the consent of the person. |
| 3. Data quality Take reasonable steps to ensure health information held is accurate, complete, up-to-date and relevant to the functions performed. |
3. Data quality Make sure personal information is accurate, complete and up-to-date. |
| 4. Data security and retention Safeguard the health information held against misuse, loss, unauthorised access and modification. Only destroy or delete health information in accordance with HPP4. |
4. Data security Take reasonable steps to protect personal information from misuse, loss, unauthorised access, modification or disclosure. |
| 5. Openness Document clearly expressed policies on management of health information and provide the policies to anyone who asks. |
5. Openness Document clearly expressed policies on management of personal information and provide the policies to anyone who asks. |
| 6. Access and correction Individuals have a right to seek access to health information held about them in the private sector, and to correct it if it is inaccurate, incomplete, misleading or not up-to-date. * |
6. Access and correction Individuals have a right to seek access to their personal information and make corrections. Access and correction will be handled mostly under the Victorian Freedom of Information Act 1982. |
| 7. Identifiers Only assign a number to identify a person if the assignment is reasonably necessary to carry out the functions efficiently. |
7. Unique identifiers A unique identifier is usually a number assigned to an individual in order to identify the person for the purposes of the organisation's operations. Tax File Numbers and Driver's Licence Numbers are examples. IPP 7 limits the adoption and sharing of unique numbers. |
| 8. Anonymity Give individuals the option of not identifying themselves when entering transactions with organisations where this is lawful and practicable. |
8. Anonymity Where practicable, give individuals the option of not identifying themselves when entering transactions with organisations. |
| 9. Transborder data flows Only transfer health information outside Victoria if the organisation receiving it is subject to laws substantially similar to the Victorian HPPs. |
9. Transborder data flows If personal information travels, privacy protection should travel with it. Transfer of personal information outside Victoria is restricted. Personal information may be transferred only if the recipient protects privacy under standards similar to Victoria's IPPs. |
| 10. Transfer/closure of practice health service provider A health service provider whose business or practice is being sold, transferred or closed down, and will no longer be provide services must give notice of the transfer or closure to past service users. |
10. Sensitive information The privacy legislation restricts collection of sensitive information such as an individual's racial or ethnic origin, political views, religious beliefs, sexual preferences, membership of groups or criminal record. |
| 11. Making information available to another health service provider A health service provider must make health information relating to an individual available to another health service provider if requested by the individual. |
Contact information
| For information about the Health Records Act: | For information about the Information Privacy Act: |
|---|---|
| Health Services Commissioner Level 30, 570 Bourke Street Melbourne Victoria 3000 Telephone: 1800 136 066 www.health.vic.gov.au/hsc |
Victorian Privacy Commissioner Level 11, 10-16 Queen Street Melbourne Victoria 3000 Telephone: 1300 666 444 www.privacy.vic.gov.au |
*In the public sector individuals already have this right under the Freedom of Information Act 1982.
Website privacy statement
The Department of Human Services website privacy statement has information about how any personal information about you will be treated as you access and interact with this website (see link below).
Contact information
Privacy Team
Tel: (03) 1300 884 706
Email: privacy@dhs.vic.gov.au
Information Victoria
Tel: 1300 366 356
Freedom of Information
dhsfoi@dhs.vic.gov.au
Request more information about this topic.
