ACC Privacy Policy. Policy Statement. Objective. Scope. Policy system. Policy standards. Collection

Similar documents
COLLECTION STATEMENT

Privacy Policy - Australian Privacy Principles (APPs)

What information does Genome.One collect about you and why?

This policy has implications for all managers, staff, board members, students, apprentices and trainees, contractors and volunteers.

Office of the Australian Information Commissioner

National Cervical Screening Programme Policies and Standards. Section 2: Providing National Cervical Screening Programme Register Services

CAPITAL SURGEONS GROUP, PLLC

Safeguarding Policy Children and Adults at Risk

Precedence Privacy Policy

National Standards for the Conduct of Reviews of Patient Safety Incidents

Agreement between: Care Quality Commission and NHS Commissioning Board

STEP BY STEP SCHOOL. Data Protection Policy and Privacy Notice

THE ADULT SOCIAL CARE COMPLAINTS POLICY

Safeguarding & Wellbeing Policy

HEALTH PRACTITIONERS COMPETENCE ASSURANCE ACT 2003 COMPLAINTS INVESTIGATION PROCESS

Notice of Privacy Practices

PRIVACY POLICY 18/8/2016

Medical Council of New Zealand

Employee Assistance Professionals Association of South Africa: an Association for Professionals in the field of Employee Assistance Programmes

Healthwatch England Escalation Guidance

POLICY STATEMENT PRIVACY POLICY

I have attached one of the following forms of identification to confirm these details (please specify)

Libra Domiciliary Care Ltd

Job Description. CNS Clinical Lead

A Case Review Process for NHS Trusts and Foundation Trusts

Counselling Policy. 1. Introduction

Standards conduct, accountability

Duty Nurse Manager Waitemata Central Position Description

SANTA RITA CARE CENTER Notice of Information Practices

Guidance for the assessment of centres for persons with disabilities

STATEMENT OF ETHICS AND CODE OF PRACTICE

Policy 1.1 Protection of Human Rights and Freedom from Abuse and Neglect

PRIVACY MANAGEMENT FRAMEWORK

Job Description. Ensure that patients are offered appropriate creative and diverse activities within a therapeutic environment.

Sample. Information Governance. Copyright Notice. This booklet remains the intellectual property of Redcrier Publications L td

JOB DESCRIPTION. Standards and Compliance. Call Centres - Wakefield, York and South Yorkshire. No management responsibility

JOB DESCRIPTION. Team Leader Health Hub Domestic Violence and Abuse (DVA) The Health IDVA Team will:

Complaints Handling. 27/08/2013 Version 1.0. Version No. Description Author Approval Effective Date. 1.0 Complaints. J Meredith/ D Thompson

Veteran Support Scheme Two

Team Leader Clinical Support Services

PRIVACY POLICY USES AND DISCLOSURES FOR TREATMENT, PAYMENT, AND HEALTH CARE OPERATIONS

June 19, Submitted Electronically

physicians, nurses, and technicians and other Facility personnel for review and learning purposes. We may also combine the medical information we

Health and Safety Policy

ADASS Safeguarding Adults Policy Network. Guidance. June 2016

Crest Healthcare Limited - 10 Oak Tree Lane

AGSVA SERVICE LEVEL CHARTER FOR DEFENCE INDUSTRY Australian Government Security Vetting Agency and Defence Industry

CODE OF PRACTICE 2016

NEW BRIGHTON CARE CENTER

DRAFT FOR CONSULTATION

Health and Safety Policy Part 1 Policy and organisation

Health, Safety and Wellbeing Policy

Consumer Complaints Management and Resolution Policy

THE PRIVACY ACT AND THE AUSTRALIAN PRIVACY PRINCIPLES FREQUENTLY ASKED QUESTIONS

Visiting Celebrities, VIPs and other Official Visitors

Farm Data Code of Practice Version 1.1. For organisations involved in collecting, storing, and sharing primary production data in New Zealand

A Privacy Compliance Checklist: Organizing for Privacy Management

DATA PROTECTION POLICY

Joseph Bikowski, M.D., Associates

NOTICE OF PRIVACY PRACTICES

Orthopedic Specialty Clinic, Ltd. Updated 05/2014

POSITION DESCRIPTION Enrolled Nurse

Accommodate reasonable requests you may have to communicate health information by alternative means or at alternative locations.

Trust Health and Safety Policy

NOTICE OF PRIVACY PRACTICES

For Payment. We will use and disclose your personal health information to obtain payment for health care services we have provided to you.

PRIVACY AND NATURAL MEDICINE PRACTITIONERS

LIVE HEALTHILY and LIVE WELL

POSITION DESCRIPTION. Counsellor Addiction Recovery Services

Quality and Governance Committee. Terms of Reference

Draft Code of Practice FOR PUBLIC CONSULTATION

Complaints and Adverse Events Manager Position Description

ALLOCATION OF RESOURCES POLICY FOR CONTINUING HEALTHCARE FUNDED INDIVIDUALS

POSITION DESCRIPTION. Social Worker

RECEIPT OF NOTICE OF PRIVACY PRACTICES WRITTEN ACKNOWLEDGEMENT FORM. I,, have received a copy of Dr. Andy Hand s Notice of Privacy Practice.

(NAME OF HOME) 2.1 This policy is based on the Six Principles of Safeguarding that underpin all our safeguarding work within our service.

NOTICE OF PRIVACY PRACTICES

Safe to Practise Health Assessment Form

Introduction. Contents

HIPAA Notice of Privacy Practices

POSITION DESCRIPTION. Early Childhood Early Intervention (ECEI) Team Leader

Oklahoma Surgicare NOTICE OF PRIVACY PRACTICES. Effective Date: 02/17/2010

ROLE DESCRIPTION. Physiotherapy Musculoskeletal Practitioner Telephone Triage Physiotherapist

NHS England Complaints Policy

RQIA Provider Guidance Nursing Homes

PRIVACY POLICY. 1. Privacy Statement

CHC30113 Certificate III in Early Childhood Education and Care

EQuIPNational Survey Planning Tool NSQHSS and EQuIP Actions 4.

JOB DESCRIPTION Safeguarding Lead

PERSONAL HEALTH INFORMATION PROTECTION ACT (PHIPA) Frequently Asked Questions (FAQ s) Office of Access and Privacy

FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY A. 38

REVIEWED BY Leadership & Privacy Officer Medical Staff Board of Trust. Signed Administrative Approval On File

OREGON HIPAA NOTICE FORM

ROYAL COLLEGE OF ART HEALTH AND SAFETY POLICY

OAK HAMMOCK AT THE UNIVERSITY OF FLORIDA, INC. NOTICE OF PRIVACY PRACTICES. Privacy Office: (352) Effective Date: September 23, 2013

Instructions for using the following Notice of Privacy Practices

Research Equipment Grants 2018 Scheme 2018 Guidelines for Applicants Open to members of Translational Cancer Research Centres

Sample Privacy Impact Assessment Report Project: Outsourcing clinical audit to an external company in St. Anywhere s hospital

Complaint about a training organisation operating under ASQA s jurisdiction

Community Child Care Fund - Restricted non-competitive grant opportunity (for specified services) Guidelines

Transcription:

ACC Privacy Policy Policy Statement ACC s Privacy Policy sets out the standards that will enable personal and health information in our care to be managed as carefully and respectfully as if it were our own. Objective A privacy policy is a vehicle for guiding and training staff, providing assurance that all employees understand their responsibility to protect inadvertent use of information for unauthorised purposes, and protecting our customers from any harm that could result. The policy sets out the principles used by ACC to collect, use, disclose and store personal and health related information, and forms the basis of how ACC will handle, process, manage and destroy personal and health information. Scope Privacy relates to personal information, defined as information about an identifiable individual. ACC is also a health agency that manages health information, which is information about an individual s medical history, disability, or health services provided to an individual. Information includes physical and electronic documents, and can include information held in the mind of ACC s employees as long as that information is readily retrievable. This Privacy Policy applies to all business units, branches, service providers, suppliers, and employees of ACC. Policy system Privacy is one of ACC s strategic intentions and there is accountability for privacy throughout the organisation, from the Board and Executive to managers and employees. ACC s privacy system is integrated with our Target Operating Model (TOM) through the Information Layer. The TOM puts the customer at the centre of our processes and will fundamentally transform the way ACC collects, uses, stores and discloses information. ACC s Privacy Maturity Plan is part of the Information layer of the TOM. ACC s privacy system is guided by the Privacy Policy, with the maturity plan measuring our progress. As a specialist team within this system, ACC s Privacy Team supports organisational privacy controls, knowledge and skills. Policy standards Collection ACC carefully manages the collection of personal and health information. ACC collects personal and health information for purposes linked to our organisational purpose. We collect only the information necessary to carry out our functions and responsibilities. Information is collected primarily from individuals who make an injury-related claim or pay levies. Staff who gather information for ACC are guided by internal procedures and training that specifies the boundaries of collection. These procedures guide instances when information needs to be

obtained from indirect sources such as staff, medical providers, employers, or government agencies, or to fulfil our health and safety obligations. ACC commits to making people aware of the collection of information. We will inform them of our purpose for collection and their rights to access and correct that information. Irrelevant and unnecessary information will be returned to the supplier or destroyed where practicable. Access ACC facilitates access to personal and health information as a key priority. ACC commits to providing individuals with access to their personal and health information, unless an exception under legislation applies. Requesters are verified and the information is provided to them within legislative timeframes and boundaries. Correction ACC respects the individual s right to seek amendment of factually incorrect information. Staff follow ACC s process regarding the facilitation of such requests, and where information is unable to be corrected, they will invite the individual to submit a statement of correction, and ensure that it is read together with the original document in future. Use and disclosure Information held by ACC will be used and disclosed according to legislation. ACC uses information to: assess entitlements to compensation, rehabilitation and medical treatment; assist the evaluation of ACC s services and performance; contribute to research into injury prevention and effective rehabilitation; ascertain levy payments and maintain the Scheme. Personal and health information is used and disclosed for the purposes consistent with the reason it was obtained, and the core business purposes of ACC. Reasonable steps will be taken to ensure personal and health information is complete, relevant, and up to date. Personal and health information is disclosed to other parties only where there is legal authority to do so. ACC may use and disclose personal and health information to fulfil our legislative obligations and protect the health and safety of staff and third parties. ACC will take reasonable steps to ensure third parties protect the personal and health information ACC shares with them in line with legislation and with the same care ACC gives to it. Storage ACC commits to storing information with reasonable safeguards against loss and disclosure. Reasonable safeguards include using physical and technological protections against unauthorised access. ACC will not keep information for longer than is necessary, or allowed by legislation. Incident management ACC has clear, consistent processes for reporting, managing and escalating privacy incidents. Privacy incidents reported within ACC include breaches, near misses, or loss of ACC client data caused by parties contracted to ACC. Incidents will be resolved at the source as soon as practicable and affected parties notified as appropriate. Breaches will be reported externally according to the standards set by the Government Chief Privacy Officer and legislation.

Training ACC will train its employees and contractors in personal and health information management. New staff are trained to ensure the privacy principles are applied when fulfilling their role within ACC. Existing staff are required to undertake regular training on privacy risk areas specific to their business area, as well as broader privacy principles. Staff information ACC will protect the privacy of staff members. Staff personal and health information is treated with the utmost care and respect, and in accordance with legislative privacy requirements. Process review ACC commits to retaining up to date privacy processes. ACC business processes relating to the collection, recording, access, use, storage and destruction of personal and health information will be regularly reviewed to ensure they reflect ACC s privacy strategic intention and remain relevant and accessible to staff. Accountabilities Board responsibility for privacy is set out in the ACC Board Governance Manual. This acknowledges that the Board is committed to managing personal and health information by: setting clear expectations regarding privacy and protection of personal and health information, and communicating them to executive management holding executive management accountable for meeting those expectations ensuring that effective privacy risk management is fully embedded within ACC's overall risk management activities employing high-quality monitoring and information management practices. To support the Board, ACC managers are directly accountable for identifying and addressing privacy risk in their own units, and reporting privacy incidents to the Board via the Chief Governance and Strategy Officer. The Chief Governance and Strategy Officer, on behalf of the Executive, is accountable for ensuring that supporting guidelines, operational measures and monitoring are in place. Responsibilities ACC has the following roles and responsibilities embedded in the organisation: The Board is responsible for ensuring the organisation is aware of the need to look after our customers information through high-quality monitoring and information management practices. The Executive will model best privacy practices and ensure privacy is core to all aspects of ACC s culture. The Chief Governance and Strategy Officer, represents the Executive team in relation to all matters regarding privacy.

The Chief Governance and Strategy Officer is responsible for ensuring that organisational controls are in place to: support and raise awareness of this policy; report and analyse privacy incidents to identify root causes of privacy incidents; and develop training to disperse privacy knowledge throughout ACC. ACC s Privacy Officer supports ACC s compliance with this policy and the relevant legislation. The Privacy Officer oversees investigations into privacy-related complaints lodged with the Privacy Commissioner and ACC. ACC People Managers have specified responsibilities for: notifying privacy incidents to their manager proactively assessing and managing privacy risk managing all privacy reporting requirements through the Privacy Reporting Tool liaising with the Talent Group following all privacy incidents to ensure consistent follow up with staff owning the unit s Privacy Risk Register and ensure it is kept current ensuring staff are aware of and recognise the importance of their role in privacy ensuring staff are aware of and compliant with ACC s Privacy Policy, the Privacy Act 1993 (external link), the Health Information Privacy Code 1994 (external link), and complete their annual privacy training ensuring new staff induction includes privacy training. All ACC staff have individual responsibility to maintain best practice privacy behaviours, report all privacy breaches and near misses to a manager, promote privacy at work, comply with privacy policies, actively participate in privacy training, and identify privacy risks. Monitoring and oversight ACC s privacy policies and guidelines have been established to comply with the Privacy Act 1993 (external link) and Health Information Privacy Code 1994 (external link). The monitoring and oversight of privacy follows the three lines of defence assurance model to provide assurance that staff and third party privacy risks are being managed effectively under different situations. Breaches of Policy ACC s Code of Conduct sets out the expectation that staff will comply with all policies and procedures. Actions found to be in breach of the Code of Conduct may result in disciplinary action. Who to contact For general enquiries email information@acc.co.nz. Use the following contact information if you have concerns and complaints about Right 7 of the Code of ACC Claimants Rights: complaints@acc.co.nz Customer Support Service phone 0800 650 222, or if overseas phone +64 848 7403

ACC s Privacy Team can provide support or respond to any complaints about privacy related matters under the Privacy Act or Health Information Privacy Code. You can contact them in the following ways: The Privacy Officer Accident Compensation Corporation PO Box 242 Wellington 6011 Email: Privacy.Officer@acc.co.nz Phone: (04) 816 7400

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback