009 Information Management Policy

1. Purpose

Proactive Support is committed to maintaining an information management system which protects and maintains information through its lifecycle. Participant’s records, and all business information created and used by Proactive Support such as documents and staffing information, will be complete, relevant, easily accessible, and secure. Proactive Support organises, stores, accesses and disposes of records in a way that conforms to legislative, contractual and Quality Management System (QMS) requirements.

2. Scope

This policy covers all hard or soft copy information created or utilised by Proactive Support, including but not limited to:

  • Participant’s personal information
  • Staff details and documents
  • Proactive Support policies, procedures, forms, and participant informationals
  • Photographs, audio, and video files
  • All business documentation and information e.g. licenses, branding, registers, rosters etc.

3. Definitions

In this policy:

Staff means any person employed by Proactive Support, including managers and workers, regardless of pay, status or working hours

Participant means a client or potential client who is receiving supports or services from Proactive Support

Advocate is a person speaking or acting on the participant’s behalf, including associated family members, carers, nominees, independent advocates, and significant others

Informed consent is where the participant is informed in what circumstances their information could be disclosed, and consent is given by the participant for this to occur

Hard copy means a printed version on paper of data held on a computer

Soft copy means a legible version of a piece of information not printed on a physical medium, especially as stored or displayed on a computer

4. Rights and Responsibilities

All Staff

All staff have the right to:

  • Their personal information being secure and used only for intended purpose
  • Access information about participants which is relevant and necessary to perform their work duties

All staff are responsible for:

  • Ensuring the information they provide to Proactive Support, whether personal or concerning participants, is accurate and comprehensive
  • Documentation which is legible and correct
  • Adhering to information policy and procedures
  • Assisting in maintaining the information management system

Management

Managers are to:

  • Ensure participants are aware of their information rights: access, consent, security
  • Maintain an information system which allows information to be gathered and retrieved in a timely fashion
  • Oversee appropriate information disposal in the required timeframes
  • Respond promptly to security breaches as required by legislation

5. Information Management

Proactive Support will effectively manage all information gathered and created for the purpose of offering support and services to participants through:

5.1 Creation

All Proactive Support documentation which is created for the purposes of providing information to staff and participants, will be:

  • Clear, legible, easy to understand
  • Relevant
  • Concise
  • Branded with one or more of the following:
  • Proactive Support’s logo
  • Proactive Support’s mission statement
  • Proactive Support’s name in green

5.2 Collection

Information which is collected for the purpose of Proactive Support business (e.g. participant details, staff information, feedback) will be:

  • Necessary – only information which is relevant will be gathered
  • Informed – the person providing their information will be informed what it is to be used for and who will have access to it
  • Accurate – no hearsay or guessing is acceptable. Factual information only is to be recorded
  • Entered into the appropriate Register (using Excel), where relevant
  • Collected according to the 017 Participant’s Information, Money, and Property Procedures

5.3 Secure Storage

Information created or collected will be stored securely in the following locations:

  • Hard copy – in a lockable cabinet, or covered folder and in the boot of the car when in transit
  • Soft copy – on a secured computer, in a dedicated Proactive Support desktop

Written documents such as an Incident form or Feedback form are to be scanned and added electronically to the appropriate file, with the hard copy stored in the appropriate file in the filing cabinet.

5.4 Use

Information used by Proactive Support will be for the express purpose of providing supports and services to participants. To that end, participant’s information will be used only when necessary and be kept confidential as per the 003 Participant’s Privacy, Dignity and Confidentiality Policy.

Informed consent will be solicited from the participant when they first engage Proactive Support’s services via the ‘Participant Photography and Informed Consent’ form.

Where a participant’s information needs to be disclosed to other parties (such as other support services or clinicians) prior consent must be obtained.

5.5 Access

Proactive Support will keep all its information and documentation in an orderly fashion so it is easily accessible when requested by participants or as it is used in the day-to-day business activities. Broadly, the electronic filing system is structured at a high level as follows:

  • Business Operational
  • Financials
  • Forms
  • Governance
  • Human Resources
  • Incident Documentation
  • Library of Resources
  • Our Services
  • Participants
  • Policies and Procedures
  • Registers
  • WHS plus Risk Mgmt.

5.6 Disposal

Information collected by Proactive Support for the purposes of Incident and Complaint management is to be retained for seven years from time of record (or report to the NDIS Commission). Participant and Staff information collected for the purpose of engaging services and supports, or for employment, is to be retained as long as the information is still required and then destroyed.

The disposal of physical records must be effected by secure cross-cut shredding, or the use of secure confidential bins from a registered provider, or by another secure means as befits the type of record. Digital records should be deleted in such a manner that the contents of those records cannot be recovered and/or reconstructed.

6. Related Documentation

Proactive Support

010 Quality Management Framework

003 Participant’s Privacy, Dignity and Confidentiality Policy

017 Participant’s Information, Money, and Property Procedures

‘Participant Photography and Informed Consent’ form

NDIS Consent Forms

External

Human Rights Act 2019

Information Privacy Act 2009 (Qld)

Right to Information Act 2009 (Qld)

Privacy Act 1988 (Cth)

Australian Privacy Principles