McPhee Andrewartha Pty Ltd Information Governance, Data Security and Privacy Charter
McPhee Andrewartha (trading as MCA group and McPhee Andrewartha Psychology) is committed to attaining the highest standards of openness and accountability.
Personal information collected by McPhee Andrewartha is treated as confidential and is used only to maintain the integrity of the respective process. McPhee Andrewartha’s information management regime is governed by the Australian Psychological Society’s Code of Ethics, International Records Management Standard ISO AS 15489, the Australian Privacy Act 1988, The Privacy Amendment (Enhancing Privacy Protection) Act 2012 and the Mandatory Breach Notification Law and operates in accordance with the Notifiable Data Breaches (NDB) Scheme under the auspices of the Office of the Australian Information Commissioner (OCAI). All servers used for the storage of data and information are compliant with the requirement for health service data to be held in Australia.
We commit to:
- rectify incorrect information
- protect (as far as possible) your rights to personal privacy
- treat you fairly and courteously
- provide prompt assistance.
The effectiveness of this Charter will be regularly reviewed.
Protecting clients’ personal or corporate (includes employees) privacy is an important aspect of the way we create, organise and implement our services online, via the telephone, hardcopy/email and in our face-to-face appointments.
We will ensure that the personal or corporate information pertaining to our clients will not be disclosed to other individuals, organisations and authorities except if required by law or other regulation, or where written permission has been granted and/or the information is not protected as Commercial in Confidence.
We will implement and maintain technology and security policies, rules and measures to protect the personal and corporate information that we have under our control. We will advise all clients of the risks in transmitting information across the Internet informing them that while we will strive to protect such information, we cannot ensure or warrant the security of any information transmitted to us online and individuals do so at their own risk. Concerned clients will be provided the option to convey sensitive material to us by telephone or mail.
Once any personal or corporate information comes into our possession, we will take reasonable steps to protect that information from misuse and loss and from unauthorised access, modification and disclosure. We will remove personal and corporate information from our system where it is no longer required according to our records management archiving and disposal program.
Collection and Use of Personal Information
When clients are referred to us, we usually need to collect some specific information about them, such as their name, address, email address, telephone number and background information to provide a quality service. We will only collect such information with clients’ consent, unless the collection of this information is required by law, or to lessen or prevent a serious and imminent threat to any person’s life, health or welfare or a serious threat to public health, public safety or public welfare.
Clients can access the McPhee Andrewartha website anonymously, without disclosing their personal information. The personal information we may collect via this website includes:
- information submitted by you to engage in McPhee Andrewartha services or to subscribe to an online communication, such as an electronic blog.
- any messages or comments you submit to us via this website or to an email address displayed on this website, which may include personal information such as your name, email address, telephone number and opinions.
Use and Disclosure
Access to information is restricted to McPhee Andrewartha personnel who need to transact business with you. It is only used for purposes connected to your role as our client. We may use the data to collate statistics about our clients (such as your geographic location), but any statistics will not contain information that will identify individual clients.
Your personal information will not be sold or given away to any other person, organisation or authority without your consent. However, we must cooperate fully should a situation arise where we are required by law or legal process to provide information about a client.
Your email address will only be used for the purpose for which you have provided it and will not be added to a mailing list unless you have provided written agreement to receive subscribed news updates or other information from us. We will not use your email address for any other purpose, and will not disclose it to any other party without your consent.
Information obtained from you during sessions or from referral documentation remains confidential and cannot be disclosed without your written consent unless there is a legally enforceable requirement for us to do so. There are some legal limitations to confidentiality in the situation where:
- information is subpoenaed by a court, or
- failure to disclose information would place you or another person at risk: or
- your prior approval has been obtained to:
- provide a written report to another professional or agency, (eg. Medical practitioner, lawyer); or
- discuss the material with another person, (eg. a parent or employer or other third party billing source).
Your psychologist or consultant will consult with you if there is a need to discuss information about you with another person. In such circumstances we will ensure that a consent form is provided to you for your signature to ensure written and informed consent occurs is in place prior to the release of information. Intake information and consents in the case of any client who is a Dependent confirms those parties with authority to receive information from the treating practitioner.
In addition to providing our services to you and carrying out your requests, we may use or disclose personal information that we collect about you via our website for the following:
- any purpose disclosed on our website for the collection of the information;
- purposes connected with the operation, administration, development or enhancement of this website;
- where we suspect that fraud or unlawful activity has been, is being or may be engaged in;
- any other purposes required or authorised by law.
Further information regarding the terms and conditions of use for the McPhee Andrewartha website can be found here: www.mca-group.com.au.
McPhee Andrewartha will take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure. Storing paper files in lockable cabinets and protecting data in electronic format with passwords and server security achieves this. Information will be held for at least five years after the last occasion on which a service was provided. In the case of psychological treatment records, these are held for the period of seven years in the case of adult clients and until the age of 25 years for child clients.
Access and Correction
You have the right to access McPhee Andrewartha records about yourself/your employees that can be properly made available without infringing the right to privacy of other individuals.
You are able to access and correct any personal information held about you by McPhee Andrewartha. To make such a request, you may either contact us directly by email firstname.lastname@example.org or telephone us on +61 8 8357 1800 or 1300 856 480.
Any individual whom we hold information about may request information from us regarding the nature of the information we have, the purposes for which the information is used and how we collect, hold, use and disclose this information.
If requested, we will provide clients with access to information we hold about them unless to do so would pose a serious threat to the life or health of any person, providing access would have an unreasonable impact on the privacy of other individuals, or providing access is unlawful.
A fee will be applicable where the business incurs costs in providing access. The fee will depend on the nature of the access.
If a client establishes that the information we hold about them is inaccurate, incomplete, misleading or no longer relevant, we will make reasonable steps to correct this information.
In the event of a security breach, we comply with any applicable legislation and notification of relevant authorities. This includes the reporting requirements in place under the NDB Scheme of the OCAI. The FAQ information sheet for this can be found here https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme .
Wherever it is lawful and practicable clients have the option of remaining anonymous when using our services.