Skip to main content
Victorian government website
State Government of Victoria, Australia
Funded Agency Channel

Client Relationship Information System for Service Providers (CRISSP) privacy statement

CRISSP provides a client and case management information system for Community Care and Disability Services non-government organisations (NGOs) funded by the Department of Human Services. CRISSP supports the provision of services and coordinated care to your department-funded clients and facilitates effective communication between NGOs and the department about common clients.

CRISSP has been designed to support the dual objectives of protecting privacy and delivering coordinated care.

The Common Client Layer (CCL) enables the sharing of limited, common client information across CRISSP, CRIS (for Department of Human Services Child Protection, Youth Justice, Disability Services and Early Childhood Intervention Services) and Department of Human Services Office of Housing. Department of Human Services front-end receptionists also have limited access to client information via the CCL for the purposes of providing department-funded clients with integrated reception services and relevant information about specific NGOs in response to a clients query. This facilitates the coordination of services for your department-funded clients. Implementation of the CCL must be in accordance with the CRISSP Privacy Guidelines.

Many of the privacy requirements for the collection and handling of personal and health information within CRISSP are covered by your organisations existing privacy policy. In broad terms privacy legislation requires that you:

  • only collect personal and health information that is necessary for a specified primary purpose
  • ensure that the individual knows why it is collected and how it will be handled
  • only use and disclose it for a primary purpose or a permitted secondary purpose (unless otherwise authorised by law)
  • store it securely and protect it from unauthorised access
  • provide the individual with access to his/her own information, and the right to seek its correction.

Privacy requirements have been embedded within CRISSP when they can be automated, leaving the exercising of any discretions or decision-making to workers. CRISSP facilitates compliance with specific privacy requirements and provides specific privacy cues (for example provision of the CRISSP Privacy Notice). You are responsible for dealing with all other privacy issues, in particular those that require your professional judgement to be exercised.

When using CRISSP, remember:

  • All CRISSP clients have a default status of confidential. You may only change a clients status in accordance with defined privacy requirements.
  • New department-funded clients must be provided with a CRISSP Privacy Notice. This notice provides clients with information about the purposes of CRISSP information collection, its proposed uses and disclosures and other relevant information, for example, the CCL. Department-funded clients may then have their status changed to unrestricted in order to facilitate coordinated care.
  • In order to provide coordinated care to your non-department clients or to those clients whose details have been transferred to CRISSP from earlier systems (for example IT or paper-based), you must provide them with a copy of the CCL Consent Form and obtain their consent to CCL visibility. You must record a consent circumstance in the CRISSP consent module prior to changing the clients status.
  • The CCL handles alerts across the entire system, including CRIS and FERIS as well as CRISSP. Alerts must be managed in accordance with their associated business rules and the CRISSP Privacy Guidelines. Only authorised users may access CRISSP and authorised users may only access personal or health information on a need to know basis.
  • Use of CRISSP is subject to audit trails. Monitoring to detect any unauthorised access attempts, multiple unsuccessful logons or unauthorised use will be undertaken.

More detailed information may be found in the CRISSP Privacy Guidelines. If you have further questions in relation to this Statement see the CRISSP Privacy Guidelines or contact your organisations privacy adviser.

Download print version