PsychSession Privacy Policy

for Management of Personal Information

(last updated: 8/04/2020)

This document describes the privacy policy of PsychSessions for the management of clients’ personal information. The psychological service provided is bound by the legal requirements of the Australian Privacy Principles set out in the Privacy Act 1988 (Cth).

Client information

Client information is held in a combination of: secure filing cabinets; encrypted and password protected Windows Server 2012 data drives accessed using Windows 10 Pro computers owned by PsychSessions and maintained by Blue Arc IT Solutions, as well as via encrypted IPSec VPN links when working remotely using either PsychSessions or privately owned computers; Power Diary, which is an online practice management system; and Office 365, including email, SharePoint, and OneDrive, all of which is accessible only to authorised employees. The information on each file includes personal information such as name, address, contact phone numbers, medical history, and other personal information collected as part of providing the psychological service.

How clients’ personal information is collected

A client’s personal information is collected in a number of ways during psychological consultation with PsychSessions, including when the client provides information directly to PsychSessions using hardcopy forms, correspondence via email, when the client interacts directly with PsychSessions employees such as the receptionist, and when other health practitioners provide personal information to PsychSessions, via referrals, correspondence and medical reports.

Consequence of not providing personal information

If the client does not wish for their personal information to be collected in a way anticipated by this Privacy Policy, PsychSessions may not be in a position to provide the psychological service to the client. In some circumstances, clients may request to be anonymous or to use a pseudonym, unless it is impracticable for PsychSessions to deal with the client or if PsychSessions is required or authorised by law to deal with identified individuals.

Purpose of holding personal information

A client’s personal information is gathered and used for the purpose of providing psychological services, which includes assessing, diagnosing and treating a client’s presenting issue. The personal information is retained in order to document what happens during sessions, and enables the psychologist to provide a relevant and informed psychological service.

Disclosure of personal information

Clients’ personal information will remain confidential except when:

  1. it is subpoenaed by a court, or disclosure is otherwise required or authorised by law; or
  2. failure to disclose the information would in the reasonable belief of PsychSessions place a client or another person at serious risk to life, health or safety; or
  3. the client’s prior approval has been obtained to:
    1. provide a written report to another agency or professional, e.g., a GP or a lawyer; or
    2. discuss the material with another person, e.g. a parent, employer, health provider, or third party funder; or
    3. disclose the information in another way; or
    4. disclose to another professional or agency (e.g. your GP) and disclosure of your personal information to that third party is for a purpose which is directly related to the primary purpose for which your personal information was collected.

A client’s personal information is not disclosed to overseas recipients, unless the client consents or such disclosure is otherwise required by law. Clients’ personal information will not be used, sold, rented or disclosed for any other purpose.

In the event that unauthorised access, disclosure or loss of a client’s personal information occurs PsychSessions will use all reasonable endeavours to minimise any risk of consequential serious harm, and when required will comply with the requirements of the OAIC Notifiable data breaches scheme.

Requests for access and correction to client information

At any stage clients may request to see and correct the personal information about them kept on file. The psychologist may discuss the contents with them and/or give them a copy, subject to the exceptions in the Privacy Act 1988 (Cth). If satisfied that personal information is inaccurate, out of date or incomplete, reasonable steps will be taken in the circumstances to ensure that this information is corrected. All requests by clients for access to or correction of personal information held about them should be lodged with management. These requests will be responded to in writing within 30 days, and an appointment will be made if necessary for clarification purposes.

Concerns

If clients have a concern about the management of their personal information, they may inform PsychSessions. Upon request they can obtain a copy of the Australian Privacy Principles, which describe their rights and how their personal information should be handled. Ultimately, if clients wish to lodge a formal complaint about the use of, disclosure of, or access to, their personal information, they may do so with the Office of the Australian Information Commissioner by phone on 1300 363 992, online at https://www.oaic.gov.au/privacy/privacy-complaints/ or by post to:

Office of the Australian Information Commissioner
GPO Box 5218
Sydney, NSW 2001