Last Updated: [Current Date]

Participant Privacy Policy

Enhanced Living Pathways is committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth), NDIS Code of Conduct, and NDIS Practice Standards. This policy explains how we collect, use, disclose, and manage your personal and sensitive information.

1. Information We Collect

As an NDIS provider, we collect information necessary to deliver safe, quality supports:

Personal Details: Name, contact information, date of birth, NDIS number
NDIS Information: Plan details, goals, funded supports, plan manager details
Health Information: Disability information, health conditions, medication, support needs
Service Information: Service agreements, progress notes, incident reports
Financial Information: Invoices, payment details (for plan management clients)

2. How We Collect Information

We collect information through:

Initial assessments and intake processes
NDIS portal and plan documents
Directly from you, your family, or carers
From other providers (with your consent)
Service delivery records and progress notes

3. Use of Your Information

Your information is used to:

Assess your support needs and eligibility for services
Develop and deliver personalized supports
Meet NDIS reporting and compliance requirements
Invoice the NDIS or your plan manager
Ensure your health and safety
Improve our services through quality improvement activities

4. Disclosure of Information

We only disclose your information:

To the NDIA for plan management and reporting purposes
To other providers involved in your support (with your consent)
When required by law (e.g., mandatory reporting)
To emergency services in crisis situations
For quality assurance to approved auditors

5. Data Security

We implement robust security measures:

Secure electronic records with password protection and encryption
Locked physical records storage
Staff training in privacy and confidentiality
Regular security audits and updates
Data breach response plan

6. Your Rights

You have the right to:

Access your personal information
Correct inaccurate information
Withdraw consent for information sharing (where applicable)
Make a complaint about privacy breaches
Request anonymous service where possible

7. NDIS Specific Considerations

As an NDIS provider, we:

Comply with NDIS Code of Conduct regarding privacy
Follow NDIS Practice Standards for record keeping
Report notifiable incidents to the NDIS Commission
Maintain records for 7 years as required by NDIS legislation

8. Contact & Complaints

If you have privacy concerns:

Privacy Officer: [Name], [Email], [Phone]
Complaints will be addressed within 10 business days
You may also contact the NDIS Commission or OAIC