top of page

Privacy, Confidentiality & Information Security Policy

By using this website, you agree to the terms outlined in this privacy policy. This page explains how Latrobe Valley Home Support Services collects, uses, and protects your personal information in accordance with the Privacy Act 1988 (Cth) and other applicable legislation.

To help us understand how our site is used and improve the experience for visitors, we use Google Tag Manager. This tool may load third party tracking and advertising codes, including Google Ads, which help us measure the effectiveness of our marketing. By continuing to use this site, you consent to the use of these tools. You can manage your cookie preferences at any time through your browser settings.

If you have any questions about how your information is handled, please don't hesitate to get in touch with us at reception@lvhss.com.au. Date Effective: 09/07/2026

1. Purpose


a. The purpose of this policy is to ensure that Latrobe Valley Home Support Services Pty Ltd (“the Organisation”) manages personal, health, and sensitive information in a secure, lawful, and ethical manner.


b. This policy supports:
   i. Compliance with the Aged Care Act 2025, NDIS Act 2013, Privacy Act 1988 (Cth), and other relevant
legislation
   ii. Protecting client, staff, and organisational information from unauthorized access, disclosure, or misuse
   iii. Ensuring data integrity, confidentiality, and availability
   iv. Supporting best practice in information governance and risk management


c. Legislative and regulatory references include:
   i. Privacy Act 1988 (Cth) – handling of personal and sensitive information
       https://www.oaic.gov.au
   ii. Aged Care Act 2025 – client privacy, record-keeping, and reporting obligations
       https://www.legislation.gov.au
   iii. NDIS Act 2013 & NDIS Practice Standards – privacy, confidentiality, and information security
       https://www.ndiscommission.gov.au
   iv. SCHADS Award 2020 – confidentiality requirements for staff
       https://www.fairwork.gov.au

2. Scope


a. This policy applies to:
   i. Sole Director
   ii. Manager
   iii. Program Manager (Case Manager)
   iv. Support Workers
   v. Contractors, volunteers, and third-party providers
   vi. All staff accessing, handling, or storing organisational data


b. It covers:
   i. Collection, storage, access, and disposal of personal and health information
   ii. Confidentiality obligations of staff, contractors, and third parties
   iii. Information security management systems and risk mitigation
   iv. Client, staff, and organisational record-keeping practices

3. Definitions


a. Personal Information – any information that can identify an individual, including name, contact details,
or health information.
b. Sensitive Information – includes health records, disability information, financial information, or other
information requiring higher protection.
c. Confidentiality – the obligation to protect information from unauthorized access, use, or disclosure.
d. Information Security – the protection of information assets against threats, including loss, theft,
corruption, or unauthorized access.

4. Policy Statement


a. The Organisation is committed to:
   i. Ensuring that all personal, health, and sensitive information is handled in accordance with legal,
ethical, and professional standards
   ii. Protecting the privacy of clients, staff, and stakeholders at all times
   iii. Implementing robust information security measures, including electronic and physical safeguards
   iv. Ensuring staff and contractors are aware of their responsibilities regarding confidentiality and
information security


b. Principles:
   i. Lawful Collection & Use – information is collected only for legitimate purposes and used appropriately
   ii. Consent & Transparency – clients and staff are informed about how their information is collected and
used
   iii. Data Accuracy & Integrity – maintain accurate, complete, and up-to-date records
   iv. Access & Correction – clients have the right to access and correct their personal information
   v. Risk Management – identify, mitigate, and manage privacy and information security risks

5. Roles & Responsibilities


5.1 Sole Director
a. Responsibilities:
   i. Oversight of organisational compliance with privacy and information security legislation
   ii. Approval of policies, procedures, and incident management frameworks
   iii. Escalating breaches or systemic issues to regulators where required


5.2 Manager

a. Responsibilities:
   i. Ensure staff compliance with this policy
   ii. Monitor information security systems and protocols
   iii. Report and manage breaches, incidents, or risks related to privacy


5.3 Program Manager (Case Manager)
a. Responsibilities:
   i. Ensure client records and service documentation are maintained securely and accurately
   ii. Limit access to client information on a need-to-know basis
   iii. Support staff and contractors in understanding their privacy obligations


5.4 Staff & Contractors
a. Responsibilities:
   i. Comply with this policy and all privacy legislation
   ii. Protect client and organisational information at all times
   iii. Report breaches or potential risks immediately

6. Procedures


a. Collection of Information:
   i. Collect only relevant information necessary for care, service delivery, or operational requirements
   ii. Obtain informed consent from clients or legal guardians
   iii. Document collection practices for audit purposes
b. Storage & Access:
   i. Maintain electronic records in secure, password-protected systems
   ii. Store paper records in locked cabinets with controlled access
   iii. Limit access to authorised personnel only
c. Use & Disclosure:
   i. Use information solely for the purpose it was collected
   ii. Share information with consent, or where legally required
   iii. Maintain confidentiality when discussing client or organisational matters


d. Retention & Disposal:
   i. Retain records in accordance with the Record Keeping, Documentation & Data Retention Policy
   ii. Dispose of records securely when no longer required
   iii. Document disposal activities for audit purposes
e. Incident Management:
   i. Report privacy breaches immediately to Manager or Director

    ii. Investigate and remediate breaches in accordance with regulatory requirements
   iii. Implement corrective actions to prevent recurrence

7. Breaches & Corrective Actions


a. Breaches of privacy or confidentiality may result in:
   i. Remedial training or coaching
   ii. Formal disciplinary action, up to and including termination
   iii. Notification to regulators under Aged Care Act 2025 or NDIS Act 2013

bottom of page