Preamble
BigDog Support Services Pty Ltd (BigDog) is legally required in many instances to retain worker and client information. Australian Securities and Investment Commission (ASIC) notes that the Corporations Act 2001 (Corporations Act) in section 286(1) states that a company must keep written financial records that:
Correctly record and explain its transactions and financial position and performance
Would enable true and fair financial statements to be prepared and audited
Any retention of information must be in line with the relevant legislative requirements pertaining to the information. Relevant information only is to be retained in accordance with the Privacy Act 1988 (Cth).
BigDog has effective information management systems that maintain appropriate controls of privacy and confidentiality for clients and other stakeholders. Management of each client’s information ensures that it is identifiable, accurately recorded, current and confidential. Each client’s information is easily accessible to the client and appropriately utilised by relevant workers.
BigDog acknowledges that clients, carers and advocates have the right to privacy, dignity and confidentiality in all areas of their lives and that these rights will be respected.
BigDog is often empowered to retain information for clients, workers and organisations. The retention of this information must be for valid reasons and therefore the reasons must be able to be clearly demonstrated in accordance with the Privacy Act 1998.
Private and confidential information includes the following:
Personal information such as home address, telephone numbers, and other non-workrelated information
Personal information provided by individuals or about individuals in the course of performance reviews, leave applications, supervision sessions or similar discussions
Information about any internal dispute or grievance
Business conducted in Board meetings, other than that identified as being for public discussion
Any confidential and proprietary information concerning financial transactions, competitive tenders or expressions of interest or any other organisational plans or activities identified by the Directors
2.4.1 Information Collection
BigDog obtains each client’s consent to collect, use and retain their information or to disclose their information to other parties. This includes details of the purpose of collection, use and disclosure. BigDog informs each client in what circumstances the information could be disclosed, including that the information could be provided without their consent if required or authorised by law.
BigDog acknowledges that clients, carers and advocates have the right to privacy, dignity and confidentiality in all areas of their lives and that these rights will be respected.
BigDog is often empowered to retain information for Clients, staff and organisations. The retention of this information must be for valid reasons and therefore the reasons must be able to be clearly demonstrated in accordance with the Privacy Act 1998
Private and confidential information includes the following:
Personal information such as home address, telephone numbers, and other non-workrelated information
Personal information provided by individuals or about individuals in the course of performance reviews, leave applications, supervision sessions or similar discussions Information about any internal dispute or grievance Business conducted in Board meetings, other than that identified as being for public discussion
Any confidential and proprietary information concerning financial transactions, competitive tenders or expressions of interest or any other organisational plans or activities identified by the Directors
2.4.2 Information Storage and Usage
BigDog ensures each client is informed of how their information is stored and used as well as when and how each client can access or correct their information or withdraw or amend their prior consent.
2.4.3 Information Management Systems
BigDog maintains an information management system that is relevant and proportionate to the size and scale of the organisation and records each client’s information in an accurate and timely manner.
BigDog has identified the pivotal role of Information and Communication Technology (ICT) to enhance access to information and provide support services available to workers, developing strategies that direct how computing equipment, networks, systems and software will be employed to improve instructional systems, information systems, and communications services.
A standard suite of office applications software is adopted and provides benefits to BigDog in the form of improved communications, training materials and technical support services for workers and clients.
2.4.4 Document Storage and Disposal
BigDog has obligations under the Privacy Act 1988 (Cth) (Privacy Act) to put in place reasonable security safeguards and to take reasonable steps to protect the personal information that we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure.
All information is to be stored in a manner that reflects the importance of the information. BigDog ensures that documents are stored with appropriate use, access, transfer, storage, security, retrieval, retention, destructions and disposal processes relevant and proportionate to the scope and complexity of supports delivered.
Procedures
Privacy
BigDog is committed to protecting and upholding the right to privacy of people with a disability, those who support them, workers, volunteers and representatives of other agencies. BigDog requires workers and volunteers to be consistent and careful in the way they manage what is written and said about individuals and how they decide who can see or hear this information.
BigDog will ensure that:
We meet our legal and ethical obligations as an employer and service provider in relation to protecting the privacy of people with a disability, those who support them and workers
Clients are provided with information about their rights regarding privacy
Clients and workers are provided with privacy when they are being interviewed or discussing matters of a personal or sensitive nature
All workers and volunteers understand what is required in meeting these obligations.
In dealing with personal information, BigDog workers will:
Ensure privacy for clients and those who support them, workers or volunteers when they are being interviewed or discussing matters of a personal or sensitive nature
Only collect and store personal information that is necessary for the functioning of BigDog and its activities
Use fair and lawful ways to collect personal information
Collect personal information only by consent of the individual
Ensure that clients know what sort of personal information is held, what purpose it is held for and how it is collected, used, disclosed and who will have access to it
Ensure that personal information collected or disclosed is accurate, complete and up-todate, and provide access to any client to review information or correct wrong information about themselves
Take reasonable steps to protect all personal information from misuse and loss and from unauthorised access, modification or disclosure
Destroy or permanently de-identify personal information no longer needed and/or after legal requirements for retaining documents have expired
Confidentiality
BigDog requires employees, volunteers and contractors to respect and maintain the confidentiality of individuals and BigDog business generally.
Workers may from time to time have access to information that is confidential to BigDog, other agencies that have dealings with BigDog, or to other workers and volunteers.
Workers will:
Retain all confidential information in the strictest confidence and not disclose any confidential information to any person other than for purposes directly related to their position at BigDog
Not use any confidential information which they have acquired in relation to the activities of BigDog for their own interests or the interests or purposes of others not associated with BigDog
Not make copies of any confidential information for any other reason other than those essential to and directly related to their position and responsibilities with BigDog
Upon the request, and in any event upon the cessation of their engagement or employment with BigDog return or destroy materials containing confidential information which are in their possession.
This will not prevent an individual from:
Disclosing information to proper authorities in relation to concerns about improper conduct, breaches of laws or breaches of duty of care
Providing access for external reviewers to non-identified information for the purposes of formal audit processes
Making a formal complaint to appropriate authorities about an aspect of BigDog operation
Disclosing any information that they may be required to disclose by any court or regulatory body or under applicable law
BigDog is committed to transparency in its operations and to ensuring it is open to public scrutiny. It must also balance this with upholding the rights of individuals to privacy and of the organisation to confidentiality on sensitive corporate matters. BigDog will prevent unauthorised persons gaining access to an individual’s confidential records and permit clients access to their own records when this is reasonable and appropriate.
Accordingly, access to some BigDog documents and records will be limited to specified individuals and not be available to others for viewing. This policy applies to internal records and unpublished materials of BigDog.
Access to these records is limited to the Directors and senior management.
All records and materials not falling into the categories above may be released to the public at the discretion of the Directors. Any request for access to information should be directed to the Directors, who will make available to worker information that they are entitled to access.
In considering a request, the Directors will take into consideration: a general presumption in favour of transparency the business, legal, and administrative interests of BigDog, including commercial confidentiality and privacy obligations
Where an external party requests access to information that requires workers to devote time to collating, copying or otherwise making material accessible, the Directors may determine a fee to be charged.
All clients and those who support them have the right to access their records and advise BigDog about inaccuracies.
Clients who are refused access to their own records or information files may appeal by contacting the Directors who will review the decision in the context of this policy.
Record retention
Client Records ..................................
Financial Records .............................
Employment Records
WHS Records
7 years from cessation of services
5 years
7 years post-employment
7 years
Historical Records as determined by the Directors
CareMaster
In accordance with regulatory compliance standards, clients can no longer be deleted from the system until 7 years after their exit date. This adjustment ensures that CareMaster maintains the integrity and security of BigDog data while adhering to industry regulations.
1. All records due for disposal or destruction must be approved by a director prior to any such action and recorded on the disposal register.
2. All paper-based records with direct reference to clients are to be destroyed by shredding or by fire or collected by the client.
3. All Human Resource personnel records on paper, containing names of workers will be destroyed by shredding or fire.
4. All Financial records of BigDog will be destroyed by shredding or fire.
5. Any Paper records that are non-specific in content may be bundled and disposed of by way of an approved recycling system such as council recycling projects or within landfill collection of local councils.
6. Computer records must be fully deleted from any computer prior to disposal. The Information Officer is charged with ensuring that all electronic information is deleted or destroyed by the approved means for the equipment of which is being disposed.
7. Any records upon mediums not discussed in this policy will require scrutiny of the Information Officer and a predetermined plan for disposal designated prior to their usage.
8. The Information Officer will retain records of all bundled information destroyed.
Archiving
Archived paper-based material is bundled together, and an Archive Cover Sheet is completed and forms the top of the bundled material for ease of identification.
Archived material will be placed within archived boxes. Boxes are to be labelled by year of sealing but only by a generic code or title outlining contents. No names are to appear upon the external areas of the archive boxes for added security. Boxes are to be stored in a dry area that can be secured from unauthorised persons. All efforts must be taken to prevent areas from being fire hazards. Box contents lists are to be retained at a separate location by the Information Officer.
Responsibilities
Directors
The Directors are responsible for safeguarding personal information relating to BigDog workers, volunteers, contractors and other stakeholders. All workers are responsible for the management of personal information to which they have access, and in the conduct of research, consultation or advocacy work.
The Directors are also responsible for content in BigDog publications, communications and website and must ensure the following:
Appropriate consent is obtained for the inclusion of any personal information about any individual including BigDog workers
Information being provided by other agencies or external individuals conforms to privacy principles
That the BigDog website contains a Privacy Policy that makes clear the conditions of any collection of personal information from the public through their visit to the website
To ensure privacy when discussing sensitive or personal matters, workers will arrange for a private location to hold discussions including phone calls.
Information Officer
A dedicated Administration Officer will be given the role of Information Officer to ensure compliance with the requirements of these procedures. As a minimum requirement the officer will conduct an annual cull of aged records.
Summary
Client Records
Client information includes but is not limited to personal details, personal care support, sensory skills, behavioural information, individual needs, health and medical history. As this information may be relevant as long as the client is receiving services from BigDog then retention will be required until cessation of services, whereby a designated time for disposal may be negotiated with the relevant client. In the event that a client relocates or requires services externally of BigDog but has the intention of receiving services from BigDog at a later date.
Financial Records
Company financials that meet the Australian Taxation Office (ATO) or ASIC requirements and are required for auditing requirements. However, it will be the responsibility of the directors to ensure compliance in any areas that the retention period is required to be longer.
Employment Records
Employment information includes but is not limited to personal details, induction, payroll, training, appraisals, and employment separation.
Workplace Health and Safety Records
Records such as workplace incidents, risk register and management plan, WHS representative, first aid records, incident register, workplace assessments, Safety Data Sheets (SDS).
Information of Historical Significance
Information deemed by the Directors as having historical significance. Information retained for this purpose must be scrutinized and permission may need to be gained from individuals to allow for retention. Examples may be minutes of meetings, reports, submissions, photos, contracts, letters and Director’s reports.
Supporting Documents
Policies
1.3 Privacy and Dignity
2.0 Provider Governance and Operational Management
Forms
Archive Cover Sheet
CareMaster
Consent to Obtain/Release Information
Information Disposal Register
Service Agreement
Information
ASIC Financial Records Information
Human Services Quality Framework October 2021 Version 8
Data breach notification guide (August 2014)
Don’t leave Privacy to chance
NDIS Practice Alerts
NDIS Practice Standards November 2021 Version 4
NGO Training
Comprehensive Health Assessments
Effective Progress Notes
Feedback, Compliments and Complaints
Oral Health
Transitions of Care
Legislation
Child Protection Reform and other Legislation Act 2022 (QLD)
Disability Services and Inclusion Act 2023 (Cwth)
Disability Services Act 2006 (QLD)
National Disability Insurance Scheme Act 2013 (Cwth)
NDIS (Provider Registration and Practice Standards) Amendment Rules 2021
Privacy Act 1988 (Cwth)
NDIS Practice Standards and Quality Indicators
BigDog Support Services Pty Ltd (BigDog) is a registered NDIS provider and is required to apply the scheme’s practice standard and quality indicators.
The standards have been developed to create an important benchmark to assess provider performance and ensure that high quality and safe supports and services are provided to NDIS participants.
The four core modules are:
1.0 Rights and Responsibilities;
2.0 Governance and Operational Management;
3.0 The Provision of Supports; and
4.0 The Support Provision Environment.
The supplementary modules cover:
5.0 Specialist Support
5.1 High intensity daily personal activities.
5.3 Implementing behaviour support plans.
2 4 Information Management
Management of each participant’s information ensures that it is identifiable, accurately recorded, current and confidential. Each participant’s information is easily accessible to the participant and appropriately utilised by relevant workers.
2.4.1 Each participant’s consent is obtained to collect, use and retain their information or to disclose their information (including assessments) to other parties, including details of the purpose of collection, use and disclosure. Each participant is informed in what circumstances the information could be disclosed, including that the information could be provided without their consent if required or authorised by law.
2.4.2 Each participant is informed of how their information is stored and used, and when and how each participant can access or correct their information and withdraw or amend their prior consent.
2.4.3 An information management system is maintained that is relevant and proportionate to the size and scale of the organisation and records each participant’s information in an accurate and timely manner.
2.4.4 Documents are stored with appropriate use, access, transfer, storage, security, retrieval, retention, destruction and disposal processes relevant and proportionate to the scope and complexity of supports delivered.
Human Services Quality Standards
The Human Services Quality Standards set a benchmark for the quality of service provision. Each Standard is supported by a set of performance indicators which outline what an organisation is required to demonstrate to meet that standard.
1 Governance and Management
Sound governance and management systems that maximise outcomes for stakeholders.
1.4 BigDog management systems are clearly defined, documented and monitored and (where appropriate) communicated including finance, assets and risk.
1.7 BigDog has effective information management systems that maintain appropriate controls of privacy and confidentiality for stakeholders.
3 Responding to Individual Need
3.3 BigDog ensures that services to the individual/s are delivered, monitored, reviewed and reassessed in a timely manner.
6 Human Resources
6.1 BigDog has human resource management systems that are consistent with regulatory requirements, industrial relations legislation, work health and safety legislation and relevant agreements or awards.
Delegation of Authority
Version Details
This policy will be reviewed every twelve (12) months unless circumstances deem it necessary to review earlier. The review process will involve an analysis of the usefulness of the policy and to note any changes which are required to improve the policy.
If minor changes are made in wording or to clarify the intent, the version number will indicate this by adding a ‘point’ i.e. Version 1.0 indicates the original version and 1.1 with the first round of minor changes made. A significant change or intent of the policy will be indicated by a whole new number i.e. Version 2.0.
The following rules also apply in interpreting this policy:
• Headings are for convenience only and do not affect interpretation.
• A singular word includes the plural and vice versa.
• A word that suggests one gender includes the other genders.
Updated BigDog from BDS
Updated BigDog from Service Provider March 2012
July 2012
October 2013
Header includes new logo and page of pages
Included iCloud and Dropbox as IT storage methods
Ratified by Community Committee on 16th July 2012
Indicators replace Service Standard Indicators
Training sub-heading added to Supporting Documents
Word converted to Office 2013 DOCX
February 2015
term ‘Client’ to NDIS term ‘Participant’ June
Record retention included as a heading
New Office of Privacy Commissioner information sheets
February 2017
January 2019
January 2020
January 2021
Created an all-inclusive HSQF Policy to address each of the service standards indicators.
Updated to new logo and style guide
Removed HSQF Standards Indicators and Policy matched with NDIS Practice Standards and Quality Indicators
Front cover updated to Practice Standards colour identification
Supporting Policies updated
Responsible Officers details
Date V Details
Changed ‘director’ to ‘directors’
Introduction of BigDog Training Portal and modules
Included new form Consent to Obtain/Release Information
January 2022
January 2023
January 2024
5.2 Updated officers, training modules and practice alerts
NDIS Practice Standards November 2021 Version 4
6.0 Included Human Services Quality Standards and Child Protection Act and the term “Participant” is returned to “Client” to allow for policies to cover NDIS and Child Safety.
6.1 Disability Services Act 1986 replaced with Disability Services and Inclusion Act 2023 and policy review process included.