Frequently Asked Questions: Privacy
A list of Frequently Asked Questions (FAQs) on privacy matters has been compiled to help answer queries that you may have about the Quarterly Data Collection (QDC) Information System.
Questions are set out below for you to select. Links throughout the answers will guide you to further information .
Privacy questions
- What privacy legislation applies to organisations that provide services for people with a disability?
- What if my client is unable to give consent?
- Are parents classified as authorised representatives even if their child is 18 years or older?
- Do I need to get a signed consent form?
- Do I only need to get consent once?
- What does it mean if a client does not give their consent?
What privacy legislation applies to organisations that provide services for people with a disability?
There are a number of Acts that regulate the handling and management of information throughout the information lifecycle, from collection right through to retention. In Victoria, these are: The Information Privacy Act 2000 (IPA) and Health Records Act 2001 (HRA). Health information in the context of the HRA includes disability information. There is also the Commonwealth Privacy Act 1988.
Other legislation that regulates service provision may have confidentiality provisions, for example the Intellectually Disabled Persons' Services Act 1986 (IDPSA) or the Mental Health Act 1986 (MHA). If there is inconsistency between the HRA and other privacy legislation for example, then the confidentiality provisions in the IDPSA or the MHA prevail.
Want to know more?
For more information on privacy you can also refer to the following agencies and websites:
- The Department of Human Services
(www.dhs.vic.gov.au/privacy) - The Health Services Commissioner (External link)
(www.health.vic.gov.au/hsc/) - The Privacy Commissioner for Victoria (External link)
(www.privacy.vic.gov.au) - The Commonwealth Privacy Commissioner (External link)
(www.privacy.gov.au [External link])
The above sites are external to the Disability Services site and selecting them will open in this browser window.
What if my client is unable to give consent?
If your client is unable to give their consent due to a disability: to the collection, sharing, use, and disclosure and storage of data on the QDC database, an authorised representative could provide that consent. Section 85 of the Health Records Act 2001 (HRA) and section 66 of the Information Privacy Act 2000 (IPA) both outline who is deemed to be an authorised representative.
The following is a list of authorised representatives under the HRA:
- A guardian within the meaning of the Guardianship and Administrative Act 1986 (GAA)
- An administrator or a person responsible within the meaning of the GAA
- An agent under the Medical Treatment Act 1988 (MTA)
- A parent, if the client is a child.
An authorised representative must promote the best interest of the client and act in a way that least restricts that person’s freedom.
Are parents classified as authorised representatives even if their child is 18 years or older?
Under section 85(6)d of the Health Records Act 2001, an authorised representative includes an administrator, or ‘a person responsible’ within the meaning of the Guardianship and Administration Act 1986 (GAA).
Under section 37 of the GAA, ‘a person responsible’ is defined as the first person in the list detailed in the Act, who is ‘reasonably available and willing and able to make a decision for the person’.
Section 37g of the GAA defines ‘a person responsible’ as the primary carer. Therefore, in situations where the parents are the primary carers, then under 37g they can be classed as authorised representatives.
If parents are not the primary carers, they would still be authorised representatives as they would fall under 37h of the GAA, which defines the person responsible as the person’s ‘nearest relative’. ‘Nearest relative’ has the meaning set out in section 3 of the GAA. Section 3b defines ‘nearest relative’ as the person’s ‘father or mother’.
Therefore parents, as the ‘nearest relative’, who are ‘reasonably available and willing and able to make a decision for the person’, are able to consent to the information being reported to the Department of Human Services (DHS) and then to the Australian Institute of Health and Welfare (AIHW).
Do I need to get a signed consent form?
Under the Victorian privacy legislation there is no legal requirement to get a signed consent from the client. Nevertheless, it is good practice to note when, how and who provided you with consent, whether given or withheld.
The key principle about consent is to ensure that the client is fully informed about what information is going to be collected; why; how the information is to be used, disclosed and stored; who will use that information; and with whom (third party such as DHS) that information will be shared.
Do I only need to get consent once?
While there is no time limit on the currency of consent, it is good practice to ensure that every time a person seeks access to a service, they are fully informed of their rights and the agency’s obligations under Victorian privacy legislation, even if they have previously accessed services from your agency.
Also, in the instance where a client is in receipt of services over a long period of time, you should periodically (at least every 12 months) touch base with that client to ensure that the client is fully aware of their rights and the agency's obligation under the Victorian privacy legislation.
What does it mean if a client does not give their consent?
If a client chooses to withhold consent for the purposes of the QDC, there is no consequence for that person in terms of receiving services from your agency.
In terms of data collection, the statistical linkage key (SLK) for that client is converted to all 9s except for the year of birth and code for sex. This will impact on the usefulness of information in assisting with the planning and development to provide better services for Victorian people with a disability.