Privacy Policy for the Management of Personal Information
This document describes the privacy policy of Lynsey Byrom Clinical Psychology for the management of clients’ personal information. The psychological service provided is bound by the legal requirements of the Australian Privacy Principles set out in the Privacy Act 1988 (Cth).
CLIENT INFORMATION
Client files are held in:
- a secure filing cabinet,
- a password protected hard drive in a locked filing cabinet,
- a secure and encrypted cloud-based storage folder,
- a secure and encrypted internet-based medical practice management program (i.e., Power Diary)
which is only accessible to Lynsey Byrom. The information on each file includes personal information such as name, address, contact phone numbers, medical history, and other personal and financial information collected as part of providing the psychological service. Care is taken to ensure that all forms of client information are not visible to the public (e.g., computer screens not visable, physical documents removed from view on the desk in the therapy room).
HOW CLIENTS’ PERSONAL INFORMATION IS COLLECTED AND DESTROYED
A client’s personal information is collected in a number of ways during psychological consultation. These include times when the client provides information directly to Lynsey Byrom using hardcopy or electronic forms, correspondence via email, when the client interacts directly with employees of Lynsey Byrom Clinical Psychologist such as the receptionists, and when other health practitioners provide personal information to Lynsey Byrom via referrals, correspondence and medical reports. Whenever sensitive documentation is discarded, Lynsey Byrom uses an appropriate method of destruction. In the case where client information is destroyed, hard copy documents are shredded while electronic information is deleted. For example, at the completion of an episode of care a client’s financial information is deleted from the encrypted medical practice management program.
CONSEQUENCE OF NOT PROVIDING PERSONAL INFORMATION
If a client does not wish for their personal information to be collected in a way anticipated by this Privacy Policy, Lynsey Byrom may not be in a position to provide the psychological service to the client.
PURPOSE OF HOLDING PERSONAL INFORMATION
A client’s personal information is gathered and used for the purpose of providing psychological services, which includes assessing, diagnosing and treating a client’s presenting issue. The personal information is retained in order to document what happens during sessions and enables the psychologist to provide a relevant and informed psychological service.
DISCLOSURE OF PERSONAL INFORMATION
All personal information gathered during the provision of services will remain confidential except when:
- it is subpoenaed by a court, or disclosure is otherwise required or authorised by law; or
- failure to disclose the information would in the reasonable belief of Lynsey Byrom place a client or another person at serious risk to life, health or safety; or
- the client’s, or consent of a parent or guardian who is legally authorised to act on their behalf, prior approval has been obtained to:
- provide a written report to another agency or professional, e.g., a GP or a lawyer; or
- discuss the material with another person, e.g. a parent, employer, health provider, or third-party funder; or
- clinical consultation with another professional is required to provide better clinical services (identifying details will remain confidential); or
- disclose the information in another way; or
- disclose to another professional or agency (e.g., your GP) and disclosure of your personal information to that third party is for a purpose which is directly related to the primary purpose for which your personal information was collected.
A client’s personal information is not disclosed to overseas recipients unless the client consents or such disclosure is otherwise required by law. Clients’ personal information will not be used, sold, rented or disclosed for any other purpose.
In the event that unauthorised access, disclosure, or loss of a client’s personal information occurs the psychologist will activate a data breach plan and use all reasonable endeavours to minimise any risk of consequential serious harm.
REQUESTS FOR ACCESS AND CORRECTION TO CLIENT INFORMATION
At any stage a client may request to see and correct the personal information about them kept on file. The psychologist may discuss the contents with them and/or give them a copy, subject to the exceptions in the Privacy Act 1988 (Cth). If satisfied that personal information is inaccurate, out of date or incomplete, reasonable steps will be taken in the circumstances to ensure that this information is corrected. All requests by clients for access to or correction of personal information held about them should be lodged with Lynsey Byrom. These requests will be responded to in writing within 21 days, and an appointment will be made if necessary for clarification purposes.
CONCERNS
If clients have a concern about the management of their personal information, they may inform Lynsey Byrom. Upon request they can obtain a copy of the Australian Privacy Principles, which describe their rights and how their personal information should be handled. Ultimately, if clients wish to lodge a formal complaint about the use of, disclosure of, or access to, their personal information, they may do so with the Office of the Australian Information Commissioner by phone on 1300 363 992, online at http://www.oaic.gov.au/privacy/making-a-privacy-complaint or by post to: Office of the Australian Information Commissioner, GPO Box 5218, Sydney, NSW 2001.