Confidentiality Policy


This procedure is general in nature and is provided as a guide only. Please check for any changes to Terms of Business, NDIS Rules or other instructions.


This Template has considered the core NDIS Practice Standards. Organisations will need to adapt this template to suit their organisation. Organisations applying any of the supplementary NDIS Practice Standards will need to ensure they include any associated additional requirements in their procedures.


Policy statement


ARMAR HEALTHCARE  collects and stores information so it can provide a safe working environment, high quality services and meet its legal requirements.


ARMAR HEALTHCARE  manages personal information in accordance with relevant legislation and disposal guidelines.


This policy supports ARMAR HEALTHCARE  to apply National Standards Disability Services: Standard 1: Rights and into the future, National Disability Insurance Scheme Practice Standards: 1. Rights and Responsibilities (Privacy and Dignity); 3. Provision of Supports (Access to Supports)




This policy applies to all staff, contractors, volunteers or students/trainees. It includes confidentiality of information about the people ARMAR HEALTHCARE  support and the people who work with ARMAR HEALTHCARE . The Board is responsible for this policy.




  • Personal information is collected with consent and is used where the information is needed to provide services and meet compliance requirements.
  • Information is protected from misuse, loss and unauthorised access.
  • Information not needed by ARMAR HEALTHCARE is destroyed as soon as practicable in a way that complies with all legal and compliance requirements
  • Reasonable steps are taken to ensure information is complete, current and accurate.
  • Personal information is only ever released if required by law, agreed to through the informed consent of the individual or if a person requests to see their own personal file.
  • Personal information will not be disclosed to other parties or used for direct marketing without permission


Key actions/Procedures


People will be provided with this policy when they first use ARMAR HEALTHCARE  services. Management will provide the policy at the first meeting with the person and ensure they have understood it.  This action is recorded on the person’s file.

All staff are required to ensure objective, detailed, accurate and up-to-date records and information are maintained to meet legal, contractual and mandatory reporting requirements. All requests for correction are processed in conjunction with privacy legislation as soon as practicable. 

Information about a person sent or received via email is recorded in their file by the officer sending or receiving the email.

Staff who are authorised in their role to access personal information must not share their passwords and logins with others and sign a confidentiality agreement advising that they will take all reasonable steps to ensure information is protected from misuse, loss and unauthorised access.

Management administers secure access to electronic records.

In some circumstances access to personal information may be denied. There may be real concerns that access to certain information could pose a serious threat to the life, health or safety of an individual, or to public health or public safety or have an unreasonable impact on the privacy of other people. Management will consider all the circumstances and make this decision. Where access to information is not provided, management will provide a formal response explaining why access has been denied.

Complaints about perceived or suspected breaches of privacy will be dealt with using the Feedback and Complaints Policy and Procedure




Confidential Information: any information that identifies a person


Informed consent: voluntary agreement and/or action where the person making the decision has appropriate information, understands the consequences of the decision and capacity to make the decision






Related policy and procedures


List other organisational policies related to this matter

  • Confidentiality Agreement


Related legislation and standards

  • Carers’ Recognition Act 2010
  • Disability Services Act 1986
  • Equal Employment Opportunity Act 1987
  • Fair Work Act 2009
  • NDIS Act 2013
  • National Standards for Disability Services
  • NDIS Quality and Safeguarding Practice Standards 2018
  • Privacy Act 1988



Date of approval: [13/01/23]

Date of review: [13/01/24]

Signature of management: