top of page

Your Privacy

Privacy and Information Management Policy and Procedures




This includes having in place systems governing the appropriate collection, use, storage and disclosure of personal information, access to and correction and disposal of that information.



Compliance with legislative requirements governing privacy of personal information.

All ESSENTIAL SUPPORT COORDINATION participants are satisfied that their personal information is kept private and only used for the intended purpose



The Privacy Act 1988 (Privacy Act) is an Australian law which regulates the handling of personal information about individuals by private sector organisations. Amendments were made to this legislation in 2012 (the Privacy Amendment Act 2012) which updates the Australian Privacy Principles (APP) and came into effect in March 2014. The amendment requires an organisation to explicitly state how they will adhere to the APP and inform their participants on how their privacy will be protected. The APP cover the collection, use, storage and disclosure of personal information, and access to and correction of that information. The APP are summarised in Appendix 1 of this document.


The Health Records Act 2001 (Vic)  governs how long personal health information must be kept.



'Personal information' means information (or an opinion) we hold (whether written or not) from which a person’s identity is either clear or can be reasonably determined.

‘Sensitive information’ is a particular type of personal information - such as health, race, sexual orientation or religious information.



Ensuring all ESSENTIAL SUPPORT COORDINATION Staff Understand Privacy and Confidentiality Requirements

  1. The Director of ESSENTIAL SUPPORT COORDINATION will review their Privacy Policy annually and ensure they understand their responsibility to protect the privacy of individuals' personal information.

  2. All Staff will undergo training related to Privacy and Confidentiality Requirements at the time of induction and then annually.


Managing Privacy of Participant Information Storage

  1. Participant information collected is kept in an individual participant record.

  2. Each participant record has a unique identification number

  3. A participant record includes: personal information • clinical notes • investigations • correspondence from other healthcare providers • photographs • video footage.

  4. A Firewall is used in the ESSENTIAL SUPPORT COORDINATION computer system as a means of protecting information stored on the computer. Other security related procedures such as user access passwords, multi-factorial authentication also assist with the protection of information.

  5. Paper records are kept in locked, fireproof cabinets.

  6. Participant information is stored for seven years post the date of last discharge. In the case of participants aged under 18 years, information is kept until their 25th birthday and 7 years post discharge.

  7. Participant related information, or any papers identifying a participant are destroyed by shredding and deleting from the computer and all databases.

  8. User access to all computers and mobile devices holding participant information is managed by passwords and automatic inactive logouts.


Managing Privacy and Confidentiality Requirements of Participants

  1. ESSENTIAL SUPPORT COORDINATION refers to their Privacy Policy on the participant’s NDIS Service Agreement.

  2. The NDIS Service Agreement includes 5 Consents plus other pertinent consents to your organisation :

  1. Consent for sharing and obtaining Information

  2. Consent for receiving services

  3. Consent for photography

  4. Consent to participate in Participant Satisfaction Surveys

  5. Consent to participate in Quality Management Activities

These consents are discussed with the participant and /or their decision maker in a way        they can understand prior to the commencement of service.

  1. Persons contacting ESSENTIAL SUPPORT COORDINATION with an enquiry do not need to provide personal details. However, once a decision is made to progress utilising ESSENTIAL SUPPORT COORDINATION’s services, personal and sensitive information will need to be collected.

  2. ESSENTIAL SUPPORT COORDINATION may need to share pertinent participant information with other professional Allied Health Professional at the time of case conferencing or when determining support plans. Information is only shared in order to provide the best service possible and is only shared with those people whose Professional Codes of Ethics include privacy and confidentiality. Permission to share information is sought from the participant prior to the delivery of services and as required at other points of intervention as / if required.

  3. Personal information is not disclosed to third parties outside of ESSENTIAL SUPPORT COORDINATION, other than for a purpose made known to the participant and to which they have consented, or unless required by law.

  4. Participants are informed there may be circumstances when the law requires ESSENTIAL SUPPORT COORDINATION to share information without their consent.


Keeping Accurate Participant Information

Participants are informed of the need to provide us with up to date, accurate and complete information.

ESSENTIAL SUPPORT COORDINATION staff update information on the participant record at the time of reviews or when they become aware of change in information.

AHP staff at ESSENTIAL SUPPORT COORDINATION update the participant record as soon as practical after the delivery of services to ensure information is accurate and correct.



Using Participant Information for Other Purposes

Under no circumstances will ESSENTIAL SUPPORT COORDINATION use personal details for purposes other than stated above, unless specific written consent is given by the participant or their representative.


Participant Access to Their Information

Participants have the right to access the personal information ESSENTIAL SUPPORT COORDINATION holds about them. To do this, participants must contact the Director of ESSENTIAL SUPPORT COORDINATION.


Management of a Privacy Complaint

  1. If a person has a complaint regarding the way in which their personal information is being handled by ESSENTIAL SUPPORT COORDINATION, in the first instance they are to contact the Director. The complaint will be dealt with as per the Complaints Management Policy. If the parties are unable to reach a satisfactory solution through negotiation, the person may request an independent person (such as the Office of the Australian Privacy Commissioner) or the NDIS Quality and Safeguards Commission to investigate the complaint. ESSENTIAL SUPPORT COORDINATION will provide every cooperation with this process.





bottom of page