Private Speech Pathology Practice
Privacy Guide
Templates
2014
The Speech Pathology Association of Australia Limited
Level 2, 11-19 Bank Place, Melbourne, VIC 3000
Telephone: (03) 9642 4899 Facsimile: (03) 9642 4922
Email: office@speechpathologyaustralia.org.au
Website: www.speechpathologyaustralia.org.au
Appendix 2: Sample Consent Form
Appendix 2: Sample Privacy Policy
Private Speech Pathology Practice – Privacy Guide Templates
A sample Privacy Policy is provided below. Before adapting the Privacy Policy to meet your
own needs you need to be familiar with the material in SPA’s Privacy Guide (in particular you
need to have completed the steps in the How to develop a Privacy Policy section) and have a
working knowledge of the Australian Privacy Principles.
(On Letterhead)
PRIVACY POLICY
(Date)
1. PART 1 – ABOUT THIS POLICY
1.1 Purpose
(Name of the practice) is committed to protecting the privacy of personal information we collect
and hold about individuals.
(Name of the practice) complies with the Australian Privacy Principles (APPs) under the
Privacy Act 1988 (Cth), other privacy laws that govern how private sector health service
providers like (name of practice) handle your personal information (including your health
information), and Speech Pathology Australia’s Code of Ethics (2010).
This Privacy Policy explains how (name of the practice) manages the personal information we
collect, use and disclose.
(Name of the practice) is a private speech pathology practice under the ownership of (name
of the practice owner).
2. PART 2 – HOW (name of the practice) HANDLES YOUR PERSONAL INFORMATION
2.1 (Name of the practice’s) Legal Obligations
In order to provide you with the health care services that you have requested, (name of the
practice) will need to collect and use your personal information. If you provide incomplete or
inaccurate information to us or withhold personal and health information from us we may not
be
able
to
provide
you
with
the
services
you
are
seeking.
2.2 What information does (name of the practice) collect?
We will only collect the information we need for the particular function or activity we are
carrying out.
We collect information from you that is necessary to provide you with speech pathology
services and to manage our relationship with you. The information we collect includes: your
name, date of birth, address, health fund details and information about your health history and
family history. We require this information to assist the speech pathologist to diagnose and
treat you.
2.3 How does (name of the practice) collect health information?
We will usually collect your health information directly from you. Sometimes, we may need to
collect information about you from a third party (such as a relative or another health service
provider).
2.4 How does (name of practice) use your information?
Speech Pathology Australia – 2014
10
Page 2 of
Private Speech Pathology Practice – Privacy Guide Templates
(name of the practice) uses your personal information for the purpose you have given the
information to us. We will use your information to provide speech pathology services to you,
to manage our relationship with you and to contact you in relation to matters concerning your
care. We may also use your information for other purposes permitted under the Privacy Act
1988.
Who might we disclose your information to?
We may disclose your information to the following people:
(a) disclosure to other health professionals involved in your treatment
Your personal information will generally only be used by the speech pathologist involved in
your care, however on occasion your care may be provided by a number of health
professionals (for example., speech pathologist, occupational therapist and/or psychologist)
working or consulting together. We may disclose your information to these health
professionals as part of the process of providing your care and to other health professionals
involved in your care.
(b) the referrer
(name of the practice) will usually send a discharge summary to the referrer (i.e., your medical
practitioner) following discharge from (name of the practice) or at other times, as required for
your care.
If you do not wish us to provide a copy of your discharge summary to the referrer you must let
us know. Also, if the referrer’s details have changed please let us know.
(c) Relatives, guardian, close friends or legal representative
We may provide information about your condition to your parent, child, other relatives, close
personal friends, guardians, or to a responsible person for you, unless you tell us that you do
not wish us to disclose your health information to any such person.
Other uses and disclosures
In order to provide the best possible environment in which to treat you, we may also use or
disclose your personal and health information where necessary for:

activities such as quality assurance processes, accreditation, audits, risk and claims
management, patient satisfaction surveys and staff education and training;

invoicing, billing and account management;

to liaise with your health fund, Medicare or the Department of Veteran's Affairs and where
required provide information to your health fund, Medicare or the Department of Veteran's
Affairs to verify treatment provided to you;

the purpose of sending you standard reminders, for example for appointments and followup care, by text message or email to the number or address which you have provided to
us.
(f) Other uses with your consent
With your consent we may also use your information for other purposes such as including you
on a marketing mail list, or research. Please note, however, that unless you provide us with
your express consent for this purpose, we will not use your information in this way. We will not
disclose your personal information to any individual who is outside Australia.
Speech Pathology Australia – 2014
10
Page 3 of
Private Speech Pathology Practice – Privacy Guide Templates
2.5 Access to and correction of your health information
You have a right to access the personal and health information that we hold about you. You
can also request an amendment to your personal and health information should you believe
that it is inaccurate.
If we do not agree to change your medical record/personal information in accordance with
your request, we will permit you to make a statement of the requested changes and we will
enclose this with your record.
Should you wish to obtain access to or request changes to your health record you can ask for
our Privacy Officer (see details below) who can give you more detailed information about
(name of the practice)'s access and correction procedure.
Please note that (name of the practice) may recover reasonable costs associated with
supplying this information to you.
2.6 Data Quality
(name of the practice) will take reasonable steps to ensure that your personal information
which we may collect, use or disclose is accurate, complete and up-to-date.
2.7 Data Security
(name of the practice) will take reasonable steps to protect your personal information from
misuse, interference, loss, unauthorised access, modification or disclosure. We use
technologies and processes such as access control procedures, network firewalls, encryption
and physical security to protect your privacy.
(name of the practice) will destroy or permanently de-identify any of your information which is
in its possession or control and which is no longer needed for the purpose for which it was
collected provided (name of the practice) is not required under an Australian law or
court/tribunal or otherwise to retain the information.
2.8 What to do if you have a complaint about privacy issues
If:
(a) you have questions or comments about this Privacy Policy;
(b) (name of the practice) does not agree to provide you with access to your personal
information; or
(c) you have or a complaint about our information handling practices,
You can lodge a complaint with or contact our Privacy Officer on the details below. We will
promptly review your complaint and provide a response to you.
2.9 How to contact us if you have a complaint about privacy issues
By letter: Privacy Officer, (name of the practice) (address)
By email: (email address)
By telephone: (phone number)
PART 3 – HOW (NAME OF THE PRACTICE) HANDLES YOUR PERSONAL INFORMATION
WHEN YOU VISIT OUR WEBSITE
This section of our Privacy Policy explains how we handle your personal information which is
collected from our website: www. (name of the practice).com.au.
Speech Pathology Australia – 2014
10
Page 4 of
Private Speech Pathology Practice – Privacy Guide Templates
This Privacy Policy applies to your use of our website and the use of any of the facilities on
our website.
3.1 Collection
When you use our website, we do not attempt to identify you as an individual user and we will
not collect personal information about you unless you specifically provide this to us.
Sometimes, we may collect your personal information if you choose to provide this to us via
an online form or by email, for example, if you:
 submit a general enquiry via our contacts page;
 register to receive eNewsletters; or
 send a written complaint or enquiry to our Privacy Officer.
When you use our website, our Internet Service Provider (ISP) may record and log for
statistical purposes the following information about your visit:
 your computer address;
 your top level name (for example, .com.,gov., .org, .au etc.);
 the date and time of your visit;
 the pages and documents you access during your visit; and
 the browser you are using.
Our web-site management agent may use statistical data collected by our ISP to evaluate the
effectiveness of our web-site.
3.2 Cookies
A "cookie" is a device that allows our server to identify and interact more effectively with your
computer. Cookies do not identify individual users, but they do identify your ISP and your
browser type.
This website uses temporary cookies. This means that upon closing your browser, the
temporary cookie assigned to you will be destroyed and no personal information is maintained
which will identify you at a later date.
Personal information such as your email address is not collected unless you provide it to us.
We do not disclose domain names or aggregate information to third parties other than agents
who assist us with this website and who are under obligations of confidentiality. You may be
able to configure your browser to accept or reject all cookies and to notify you when a cookie
is used. We suggest that you refer to your browser instructions or help screens to learn more
about these functions. However, please note that if you configure your browser so as not to
receive any cookies, a certain level of functionality of the (name of the practice) website and
other websites may be lost.
3.3 Links to third party websites
We may create links to third party websites. We are not responsible for the content or privacy
practices employed by websites that are linked from our website.
3.4 Use and disclosure
We will use any personal information collected via our website in accordance with our privacy
policy.
Speech Pathology Australia – 2014
10
Page 5 of
Private Speech Pathology Practice – Privacy Guide Templates
Appendix 3: Sample Consent Form
A sample consent form is provided below. It is of a general nature only and may not address
your circumstances or requirements. You need to be familiar with the material in SPA’s
Privacy Guide and have a working knowledge of the Australian Privacy Principles before
developing your consent form. You should adapt the statement to meet your individual needs.
SPA suggests that you provide to (and discuss with) each client a copy of your collection
statement (See Appendix 4).
(On Letterhead)
(Name of Organisation/Practice) needs to collect information about you/your child for the primary
purpose of providing a quality service to you/your child. In order to thoroughly assess, diagnose and
provide therapy, we need to collect some personal information from you (about your child). If you do
not provide this information; we may be unable to treat you/your child. This information will also be
used for:
a. The administrative purpose of running the practice;
b. Billing either directly or through an insurer or compensation agency;
c. Use within the practice if passing your case to another speech pathologist within the
practice for your/your child’s ongoing management;
d. Disclosure of information to your/your child’s doctors, other health professionals or to
teachers to facilitate communication and best possible care for you/your child; and
e. In the case of insurance or compensation claim it may be necessary to disclose and/or
collect information that affects your return to work.
We do not disclose your personal information to overseas recipients.
(Name of Organisation/Practice) has a Privacy Policy that is available on request and is available in
the waiting area. This policy provides guidelines on the collection, use, disclosure and security of
your/your child’s information. The Privacy Policy contains information on how you may request access
to, and correction of, your/your child’s personal information and how you may complain about a breach
of your/your child’s privacy and how we will deal with such a complaint. A summary of the Privacy
Policy is contained in the Collection Statement overleaf.
To ensure the process of quality treatment provision, information about your/your child’s assessment
results and progress may be given to other relevant service providers, who are involved in your/your
child’s management. These may include your/your child’s doctor, teachers, specialists, insurers,
solicitors, employers or others, but only where it is considered to be of benefit to your/your child’s
progress. Please provide names of individuals involved in you/your child’s care.
Please list the names and contact details of the individuals involved in your/your child’s care:
I (Name), have read the above information and understand the reasons for collecting the information
and the ways in which the information may be used. I understand that it is my choice as to what
information I provide and that withholding or falsifying information might act against the best interests
of my/my child’s assessment and therapy progress. I am aware that I can access my/my child’s
personal and treatment information on request and if necessary, correct information that I believe to be
inaccurate. I understand that if, in exceptional circumstances, access is denied for legitimate purposes,
that the reasons for this and possible remedies will be made available to me. I understand that the
Practice must obtain additional consent if the information collected is to be used in any ways other
than that outlined above.
Client/Parent Name:…………………………………….. Child’s Name:…………………………………
Speech Pathology Australia – 2014
10
Page 6 of
Private Speech Pathology Practice – Privacy Guide Templates
Signed…………………………………………..
Speech Pathology Australia – 2014
10
Date……………………………………
Page 7 of
Private Speech Pathology Practice – Privacy Guide Templates
Appendix 4: Sample Collection Statement
A sample collection statement is provided below. Please note this is not a Privacy Policy but
a collection statement as outlined in APP 5. You may choose to provide this information
attached to a consent form or in a brochure or displayed as a poster in your practice. You
need to be familiar with the material in SPA’s Privacy Guide and have a working knowledge
of the Australian Privacy Principles before developing your privacy statement. You may adapt
the statement to meet your individual needs. This statement needs to be provided before or
at the time of collection of information and you must ensure that the client has fully understood
the purposes for collecting the information; that is, it must not just be a ritual that is performed.
(On Letterhead)
Privacy Policy and Health Information Collection Statement
(Name of the practice) is an independent practice under the ownership of (name of the
company, partnership or sole trader)
You may contact (name of practice) by writing to (name of practice & address), by emailing
(insert email address) or by calling (name of the Privacy Officer). You have the right to gain
access to the information held by (name of practice) about you/your child.
Our Privacy Policy (available upon request) contains information on how you may request
access to, and correction of, your/your child’s personal information and how you may complain
about a breach of your/your child’s privacy and how we will deal with such a complaint.
(Name of practice) needs to collect information about you/your child for the primary purpose
of providing quality treatment. In order to fully assess, diagnose and treat you/your child, we
need to collect some personal information from you. This information will also be used for the
administrative purposes of running the practice such as billing you or through an insurer or
compensation agency. Information will be used within the practice for handover when another
speech pathologist will be providing you/your child with ongoing assistance.
(Name of practice) may disclose information regarding diagnosis or treatment to your/your
child’s doctor or other treatment providers only with your consent. In the case of insurance or
compensation claims, it may be necessary to disclose information and/or collect information
that affects your/your child’s treatment and return to work. (Name of Practice) will not disclose
your/your child’s information to commercial companies, however specific service or product
information as deemed suitable for your/your child’s speech pathology management, may be
forwarded to you by us, unless you instruct (name of practice) not to forward this type of
information. Your written consent will obtained at the start of your/your child’s treatment in
order to carry out the above activities. We do not disclose your/your child’s personal
information to overseas recipients.
Information at (name of practice) is stored securely and only practice staff have access to it.
(Name of practice) takes all reasonable steps to ensure that information collected about
you/your child is accurate, complete and up-to-date. You may have access to your/your child’s
information on request and if you believe that any of the information is inaccurate we may be
able to amend it accordingly. If you do not provide relevant personal or health information
(about your child), in part or in full, to (name of practice) it may result in incomplete
assessment. This may impact on the diagnosis and the following therapy that is provided. Any
concerns that you may have about this policy or about your/your child’s management can be
directed to (name of privacy/complaints officer & and the address, phone number).
Speech Pathology Australia – 2014
10
Page 8 of
Private Speech Pathology Practice – Privacy Guide Templates
Appendix 5: Access Audit Questions
The following Access Audit Questions are designed to assist you to be prepared should a
client request access to his/her health information. Make sure that you are familiar with the
Privacy Act and the APPs before administering this checklist to ensure that you are using this
information within the context of the Privacy Legislation.
1.
How would your staff process a request if a client requests access to his/her
information?
2.
Do you have a procedure in place to be able to respond to this request?
3.
Do you have a designated privacy officer if there is more than one person within the
practice?
4.
Are all staff aware of the procedures to be followed?
5.
Will accessing information incur a cost to your client?
NB: Remembering that this should not act as a deterrent for the request and should
reflect the actual costs incurred in the process you and the client chooses; any costs
imposed must also be in accordance with the amounts prescribed or permitted by law
6.
Is the client being encouraged to be specific about which aspect, assessment or dates
they want information on? This will then limit time, expense and potential confusion for
all concerned.
7.
If all the information is being requested, how will you facilitate this?
8.
Is the client happy to sit in a room and read the information or would they like a copy
of the
information? If they choose to sit and read it then it is important that someone be with
them to ensure client wellbeing.
NB: It is the intention of the Privacy Act to allow clients easy access to their information
for no or low cost.
9.
Does the client know an estimated cost prior to you commencing any photocopying of
information?
10.
Does the client want the speech pathologist to explain the information contained in the
records? If so a reasonable cost would apply.
11.
Would writing a summary report satisfy the requests of the client and a reasonable fee
may be applied?
12.
Is the request in writing? They do not need to be, however, if the request is complex,
then requesting this may be the most effective way of being clear about what is being
requested.
13.
Has the request been made by a third party and if so has the client given his/her
permission, or is that person entitled to be requesting that information? For example:
in a custody issue or power of attorney context? It is recommended that you seek
specific advice if you are at all in doubt.
Appendix 6: Privacy Audit Questions and Breaches Information
Speech Pathology Australia – 2014
10
Page 9 of
Private Speech Pathology Practice – Privacy Guide Templates
Here are a series of questions to ask when conducting an audit and what to consider if there
is a breach of the APPs. This audit follows the APPs to ensure that they are being considered
so it is important for you to know and understand the APPs before conducting the audit. This
list of questions is not exhaustive and should be used as a guide only.
Privacy Audit Questions
1. Information Collected
What personal information does the practice collect?
Why does the practice collect the information it collects?
How does the practice collect this information (i.e., standard forms, surveys, etc.)?
Is it needed for a particular function and is that function related to clinical care?
Is the collection fair, lawful, non-intrusive?
Would your client’s know that you are collecting the information you collect?
2. Right of Access
Is the client aware from the time that they commence seeing you that they can access
their information if they choose to and how to go about doing that?
3. Use & Disclosure
Is the information that you are collecting going to contribute to the quality of the service
that you deliver and how?
Have you explained the purpose of the collection and the usual disclosures?
Does the practice give the information to anyone outside the practice and for what
purpose?
4. Secondary uses of information
Do you have informed consent of the client, guardian or power of Attorney to be
releasing information for a secondary use?
5. Legal requirement for the collection of some information
Is the collection fair, lawful, non-intrusive?
There may be some instances where it is required by law or procedure to collect
particular information. If so, then the speech pathologist must know when they are
doing this and for what reason, under which law, and why.
6. Data Quality
How accurate is the information being collected?
How complete is the information?
How up-to-date is the information?
What mechanisms do you have in place for routinely updating or checking this
information?
7. Data Security
Where and how does the practice store information?
Who has access to the information?
Is it the right people only who have access to the information?
Does the practice have measures to protect the personal information it holds from
unauthorized access?
How do they have access to it (electronically or hard copy, audio or video information)?
Is the information safe from misuse?
Speech Pathology Australia – 2014
10
Page 10 of
Private Speech Pathology Practice – Privacy Guide Templates
Does the practice contract out any functions or activities involving personal
information?
What measures are taken to protect this information?
Does the practice transfer any personal information overseas?
8. Openness
How accessible is your Privacy Policy and where is your Privacy statement displayed?
9. Access and Correction
What procedures do you have in place for requests for information?
Are all staff familiar and trained in the procedures of how to respond to requests for
information?
10. Identifiers
Are you using your own identifiers on files and not Commonwealth Government ones?
(DVA, Tax File, Medicare etc.)
11. Anonymity
Do you maintain the clients’ anonymity wherever possible, in all conversations, in all
contexts wherever possible?
12. Transborder Dataflow
Are you ever requested to send information overseas?
If so is it identifiable only with the client’s consent?
Only non-identifiable information is to be sent overseas unless specifically requested
by the client.
Breaches of the APPs
Individuals are within their rights under the Privacy Act to direct complaints to the organisation
concerned. Where possible you should attempt to rectify the problem and satisfy the
complainant’s request. Have a procedure in place and ensure that all staff are well trained to
facilitate this process. Ensure that all new staff are well trained in the policy and procedures
that you adopt for your practice.
If the complainant is not happy with the response then they may take his/her complaint to the
Office of the Australian Information Commissioner.
If the complaint is upheld by the Federal Privacy Commissioner, then the practice could be
made to redress any financial loss or damage to the client. This could include compensation
or the taking of remedial action such as the removal of complainants from mailing lists & other
databases. The practice may then be required to update its policies, procedures and training
processes.
Speech Pathology Australia – 2014
11
Page 11 of