Meridian is committed to protecting the privacy and confidentiality of clients, staff, Board members, students, volunteers, and stakeholders in the way information is collected, stored, used, and disclosed.
Meridian will comply with legislative requirements, including the Privacy Act 1988 (Cth) and the Health Records (Privacy & Access) Act 1997 (ACT), and ethical obligations, at all times.
More details of the Australian Privacy Principles Meridian adheres to can be found here: https://www.oaic.gov.au/privacy/australian-privacy-principles/australian-privacy-principles-quick-reference/
Meridian holds two types of information which are covered by this policy, personal (including health information) and organisational information.
Personal information is information or an opinion about you, whether true or not, which identifies you or from which your identity is reasonably identifiable and includes sensitive and health information.
HOW WE COLLECT YOUR PERSONAL INFORMATION
Personal information collected by Meridian is only for purposes which are directly related to the functions or activities of the organisation. These purposes include:
- If you enquire about programs
- If you are referred to programs
- If you are receiving support or treatment
- For managing human resources – eg Board members, staff and volunteers
- Sector development activities
- If you are involved in community or sector development activities
- If you are donating Fundraising
- If you are providing feedback or making a complaint
If you become a client of Meridian Health or Wellbeing services and/or Meridian HIV and Client Services, we will provide you with more specific information, and request your consent, when collecting health and personal information (as required under the ACT Health Records Act . Information provided will include:
- The purpose of collecting your information
- How your information will be used
- Who (if anyone) information may be transferred to and under what circumstances information will be transferred
- Any limits to privacy of your personal information
- How you can access or amend your health information (rights and responsibilities)
- How you can make a complaint about the use of your personal information
As part of our contract with ACT Department of Health we are required to maintain client records in accordance with the ACT Health Records (Privacy and Access) Act 1997 (ACT).
Click here for more details of the ACT Health Records Act 1997 (ACT)
USE AND DISCLOSURE OF INFORMATION
Meridian only uses your personal information for the purposes for which it was given, or for purposes which are directly related to one of the functions or activities of the organisation. It may be provided to government agencies, other organisations or individuals if:
- You have consented
- It is required or authorised by law
- It will prevent or lessen a serious and imminent threat to somebody's life or health.
The safety and wellbeing of clients and community members is a priority of Meridian. Workers may be legally bound to disclose health and other personal information if they have reasonable grounds to believe that:
- Information given indicates potential or intent to harm others or self or commit a criminal act.
- Information given results in the disclosure of a child protection issue (see Child Protection policy).
In the case of either of the above, workers are to discuss their concerns with their supervisor immediately. In the case of suspected child abuse or neglect, workers will consult Meridian’s Reporting Child Abuse and Neglect Policy and Procedure.
Other circumstances that may limit your rights as a client to confidentiality and privacy include:
- If you are under the age of 16 years, in which case your parents/ guardians legally have the right to know what happens in counselling.
- Where use or disclosure is required by law, such as through a court order.
Meridian takes steps to protect the personal information held against loss, unauthorised access, use, modification or disclosure and against other misuse. These steps include reasonable physical, technical and administrative security safeguards for electronic and hard copy of paper records.
ACCESS AND CORRECTION
You may request access to personal information held about you. Access will be provided unless there is a sound reason under the Privacy Act or other relevant law. Other situations in which access to your information may be withheld include:
- There is a threat to the life or health of an individual
- Access to information creates and unreasonable impact on the privacy of others
- The request is clearly frivolous or vexatious or access to the information has been granted previously
- There are existing or anticipated legal dispute resolution proceedings
- Denial of access is required by legislation or law enforcement agencies.
Meridian is required to respond to your request to access or amend information within 45 days of receiving the request.
Amendments may be made to personal information to ensure it is accurate, relevant, up-to-date, complete and not misleading, taking into account the purpose for which the information is collected and used. If the request to amend information does not meet these criteria, Meridian may refuse your request.
If the requested changes to personal information is not made, you may make a statement about the requested changes which will be attached this to the record.
The Chief Executive Officer is responsible for responding to queries and requests for access/amendment to personal information.
ANONYMITY AND IDENTIFIERS
Wherever it is lawful and practicable, you will have the option of not identifying yourselves or requesting that Meridian does not store any of your personal information.
As required by the Privacy Act 1988, Meridian will adopt a government assigned individual identifier number e.g. Medicare number as if it were its own identifier/client code.
Meridian works with a variety of stakeholders including private consultants. The organisation may collect confidential or sensitive information about its stakeholders as part of a working relationship. Staff at Meridian will not disclose information about its stakeholders that is not already in the public domain without stakeholder consent.
BREACH OF PRIVACY OR CONFIDENTIALITY
Staff members who are deemed to have breached privacy and confidentiality standards set out in this policy may be subject to disciplinary action.
If a client or stakeholder is dissatisfied with the conduct of a Meridian staff or Board member, a complaint should be raised.
Information on making a complaint will be made available to clients, stakeholders and will be found on the Meridian website. Additionally, a complaint can be taken over the phone by any staff member.
As a client, you have the right to make a complaint about your treatment in regard to how your privacy has been managed by the Meridian. Workers are required to make clients aware of this right. Clients can lodge their complaint in writing to:
ATT: Chief Executive Officer
PO BOX 5245
Braddon ACT 2612
Or via email: [email protected]
Complaints will be dealt with in accordance with the Meridian's Feedback and Complaints Policy.
For more resources and fact sheets about Health complaints and feedback in Canberra please visit Health Care Consumers’ Association (HCCA)
Complaints can also be lodged directly with the Privacy Commissioner:
The Privacy Commissioner
GPO Box 5218
SYDNEY NSW 2001
The last update to this document was 22 July 2022.