Terms and Conditions

Primary purpose for collection of information

ARRCS primarily collects personal information to ensure delivery of optimum health and aged care services that are tailored to the needs of the individual and support their personal network.

Secondary purpose

ARRCS is a not-for-profit organisation that receives government funding. Public fundraising through direct marketing helps us to enhance the services we provide. As such we use the names and addresses of our clients and donors to forward a regular organisation newsletter and other fundraising activities. This newsletter contains information on the array of services available. People receiving care can elect not to receive newsletters and other updates, however most find this information helpful.

Information we collect, use and store

To ensure the delivery of optimum health and aged care services, we usually collect the following types of personal information:

  • Name and contact details of client (including address, telephone number and email address).
  • Health status and services provided.
  • Clinical care information, including images and scans.
  • Relevant demographic and social information, such as date of birth.
  • Name and contact number of any carers or relevant family members.
  • Name and contact number of the client’s general practitioner and other relevant health care providers.
  • Financial institution information.
  • Government-related identifiers (including but not limited to Medicare, Centrelink and Department of Veterans Affairs numbers).

To deliver holistic palliative care services to clients with a life limiting illness, we also request our clients to volunteer their religious affiliations to better support the delivery of services as and when required by the client and their family.

Consequences if personal information is not collected

ARRCS is committed to providing its clients with the very best of care to improve their quality of life and to provide support to their personal network. If your personal information is not collected because it is refused or not available, it may result in a different level of service to you than you could be entitled to.

Additionally, ARRCS uses your personal information to improve our services to some of the most vulnerable groups in the community. If sufficient information is not gathered in relation to certain research projects, the incomplete data may jeopardise future care and service planning and funding arrangements that ARRCS enters into for it to deliver premium services. In addition, ARRCS may not be able to effectively resolve an individual’s complaint or dispute if their personal information is incomplete or missing.

Legal requirements for handling personal information

As an organisation that manages, funds and monitors a health service, ARRCS has various exemptions for collecting, using and disclosing your personal information under ‘permitted general situations’ and ‘permitted health situations’ as defined in the Privacy Act 1988. The information handling requirements imposed by some APPs do not apply if a ‘permitted general situation’ or a ‘permitted health situation’ exists. These exceptions apply in relation to the collection of personal information (including sensitive information, in some cases) (APP 3), the use or disclosure of personal information (APPs 6 and 8) and the use or disclosure of a government related identifier (APP 9). In general terms, ARRCS is permitted to handle your personal information if the collection is required or authorised under other Australian laws (such as contractual agreements with the Department of Veteran Affairs) or in accordance with established health and medical bodies that operate under their own obligations of professional confidentiality.

Obligations for obtaining consent

ARRCS is permitted to collect your personal information (including sensitive information) as part of its functions as a not for profit health care provider. However, using and disclosing your personal information requires consent where it is practical and reasonable to do so. As such, prior to admission, ARRCS’s privacy policy is discussed with you or your substitute decision-maker. Our clients are requested to provide their consent to the use and disclosure of personal information collected from them for the purpose of providing optimum care.

In the absence of your consent, or a person authorised to act on your behalf, under the Privacy Act 1988, information can only be released to another if:

  1. There is a statutory obligation to disclose certain information. (For example, subpoenas, warrants, coronial inquiries, provisions of other acts, such as the Adult Guardianship Act (NT) 1989).
  2. The public interest requires the release of confidential information.

Disclosure of personal information to others

Disclosure of your personal information to ARRCS places the organisation in a position of trust within the community and as such we seek to protect and uphold the privacy of individuals in accordance with the APPs.

ARRCS will not provide your personal information (including health or sensitive information) to other entities unless it is required under laws (such as through contractual agreements with the Commonwealth under the Aged Care Act 1997), or it reasonably believes that the recipient of the information will not disclose the personal information derived from ARRCS. Where it is required by law, personal information disclosed to other sources will be de-identified.

There are a number specific instances under which ARRCS needs to provide personal information to other agencies, bodies and individuals. The following are typical examples:

  • where ARRCS is authorised to provide another agency (such as to the Northern Territory Department of Health) with personal information to enable care to be delivered to the client;
  • where, for legal reasons, ARRCS is obligated to provide information under a Court Order or other legal enforcement authority such as the Police or Coroner - the Privacy Act 1988 provides strict guidelines for the release of information under these circumstances;
  • where we provide de-identified information to funding agencies and government departments to meet our contractual requirements (de-identified information cannot be linked directly back to an individual);
  • where we maximise the efficient delivery of our care through engaging aged care specialists who work on our behalf to improve the quality of life for our clients (client consent is sought prior to this release of information);
  • where a client is incapable of giving or communicating consent and personal information is required to be given to their ‘adult guardian’ (under the Adult Guardianship Act (NT) 1989), Disability Services Act, Carers Recognition Act, Mental Health and Related Services Act or ‘responsible person’ (under the Privacy Act 1988) for the necessary provision of appropriate care or treatment or for compassionate reasons.

In all other situations, the release of your personal information may only occur with your written consent or your substitute decision-maker who has legal authority.

Notwithstanding the above, as a ARRCS client you have the right to withdraw consent to release your personal information (for example for direct marketing) at any time. Ideally such communication should be in writing to the relevant ARRCS Service Manager responsible for your care.

Unsolicited personal information that ARRCS receives will be de-identified or destroyed unless it falls within Commonwealth or State funding arrangements, or is required to be retained by law.

Reporting requirements

Under contractual arrangements with various funding bodies and government departments, ARRCS is also obliged to provide a range of different reports. Some reports provide de-identified information on the amount of care provided and the types of clients that ARRCS supports and some reports include the client name and date of birth and address.

For example, under the funding provided by the Commonwealth Home and Community Care program de-identified data is supplied. However, under the Department of Veterans’ Affairs contract reporting information is provided to Medicare on the amount of care provided, the Veteran’s name and the DVA pension numbers of the veteran clients supported. Under the Disability Services contract, reports are provided to the Department of Health which includes the client name, address, date of birth and service provision data.

Identifiers

ARRCS will identify individuals (including clients and staff) by a number of unique identifiers internally assigned by ARRCS. ARRCS may, however, retain a record of other external agency personal identifiers that are required to provide services, coordinate with other care agencies, or otherwise fulfil service, operational, or reporting obligations.

Use of contractors

At times ARRCS uses contractors to provide aspects of care and support to clients. Contractors are required to abide by the same confidentiality and privacy requirements as ARRCS employees and this is clearly stated within non-disclosure clauses in their contract.

There may be disclosures of personal information where there is a change of contractors, in which case personal information may be transferred to a new contractor. We may also disclose your personal information in seeking assistance and advice from lawyers, auditors, data support specialists and other advisers who are bound by confidentiality obligations to us.

Keeping information up to date and accurate

ARRCS makes every effort to keep your personal information up to date and accurate. This may mean that at times our staff will review or test the personal information held and request verification as to its accuracy.

In order to provide clarity and a record of the request, it is preferred that written requests for access to personal information not already available are forwarded to the relevant ARRCS Service Manager. The ‘contact us’ page on the ARRCS website can be used to find the contact details of the relevant ARRCS service: http://www.arrcs.org.au. ARRCS will take all reasonable steps to assess and correct any personal information that is believed to be inaccurate, incomplete or out-of-date.

Access to individual personal information

You can request access to all your personal information held by ARRCS by contacting the relevant Service Manager. This request will be evaluated as per the requirements and conditions of the Privacy Act 1988. There may be instances where access is denied to certain records or aspects of records in accordance with the APPs.

Generally, if requested, an individual will be provided access to any personal information held about them, unless:

  • it is unlawful to provide the information;
  • it poses a serious and imminent threat to the life or health of any individual;
  • it has an unreasonable impact upon the privacy of other individuals;
  • the request is frivolous or vexatious; or
  • access is otherwise exempt under the Australian Privacy Principles.

ARRCS will ensure the request is handled in a timely manner. It is reasonable to expect that extraction of the personal information required may then take up to fifteen working days due to the need to access both paper based and computerised information systems. A nominal fee may be charged to meet the costs of extracting and photocopying the information.

Cross-border disclosure of personal information

ARRCS will not transfer your personal information to third parties outside Australia unless they are subject to similar privacy laws or schemes, or your consent has been obtained, or other provisions of Australian Privacy Principle 8 - Cross-border Disclosure of Personal Information apply.

Data Security

ARRCS strives to ensure the security, integrity, and privacy of your personal information. Periodically we review and update our security measures in relation to current and future technologies. Systems and procedures are already in place to protect your personal information from misuse and loss and from unauthorised access, modification or disclosure. ARRCS will retain information in line with its record retention policies. When information is no longer required or relevant it will be disposed of in a secure manner.

Website cookies

A "cookie" is a small file supplied by a website and stored by the web browser software on your computer when you access a website. The cookie allows a website to recognise you as an individual as you move from one page to another. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to use the full functionality of the Website. A further explanation of cookies can be found at the website of the Office of the Australian Information Commissioner http://www.oaic.gov.au/privacy/privacy-resources/privacy-fact-sheets/other/privacy-fact-sheet-4-online-behavioural-advertising-know-your-options

Email

All email from ARRCS managed devices and services (iPads, laptops, desktops, Outlook Web Access) sent to a ARRCS address (i.e. name@arrcs.org.au) is secured using SSL encryption. Email transmission of your identifying information over public networks (for example, using personal email accounts) is prohibited by ARRCS. The use of personal email accounts and phone messaging accounts to send or receive any client or resident or corporate information or images (for example, wound photos) is also strictly prohibited by ARRCS.

ARRCS strives to be efficient with the funding entrusted to us. As email can be sent more economically than postal mail, we give our donor’s/supporters the opportunity to supply their email address and to consent to ARRCS using the given addresses for mailing purposes.

Direct marketing

As a non-profit organisation, ARRCS engages in direct marketing to support its fundraising activities. An ‘opt in’ and ‘opt out’ facility is available for all ARRCS newsletters and advertising material, and an opt out facility is provided in any direct mail outs. An individual or business can contact ARRCS at any time to opt out of any direct marketing material they receive. This can be done by using the ‘contact us’ page on ARRCS’s website contains the contact details of the nearest ARRCS service: http://www.arrcs.org.au or by phoning, posting or emailing using the contact details that appear at the end of this policy.

Privacy concerns, complaints and suggestions

ARRCS is keen to adhere to the APPs and protect the individual’s right to privacy. If you have any concerns, complaints, suggestions or questions as to how we might improve in this area please contact the ARRCS Privacy Officers at the addresses below.

It is reasonable to expect a response to your complaint, concern or suggestion within five working days. Where a complaint requires investigation, we seek to provide the findings of the investigation and discuss these with the complainant within ten working days. If after that you are still not satisfied, you can complain about a privacy matter to the Office of the Australian Information Commissioner. Refer to the Complaint Checker page on the Office of the Australian Information Commissioner’s website for how to make a complaint.

Anonymity

Where lawful and practicable, ARRCS allows people to participate in activities anonymously (e.g. when completing evaluation forms, opinion surveys or when making a donation. Anonymous compliments and complaints about any aspect of ARRCS services, including privacy matters, are also able to be submitted via the ARRCS internet site.

Further Questions

Any questions about this policy can be directed to the:

ARRCS Privacy Officers

NT Regional Manager (North) NT Regional Manager (Central)
PO Box 336 PO Box 2096
Darwin, NT 8000 Alice Springs, NT 0871
Ph: 08 8982 5200 Ph: 08 8953 1540
Fax: 08 8941 7533 Fax: 08 8952 1240