We are committed to protecting your privacy as part of our duty of care.
We take the privacy of the information we hold very seriously.
All information provided to us by clients and providers is handled with care and respect. How we collect, secure, use and share information is governed by the Privacy Act and the Health Information Privacy Code.
We take additional steps to protect information provided to us by clients with sensitive claims.
Accessing client information
Client information is held in files on our case management system, Eos. Each client file contains information such as the client’s name, contact details, payment details, claim notes, reports, and medical records. Sensitive claims are also held and managed in this system.
Eos restricts access to certain types of information. This includes sensitive claim files, which are subject to restricted access. This means that only staff who absolutely need to access sensitive claims to do their job can do so.
Each claim file is divided into tabs, or compartments, so contact information and payments, for example, are in different parts of the file to reports and medical records relating to the client’s injury. When our people need to access a file, they only work in the tabs that hold the information they need to see to complete their task.
Our Recovery Partners who work directly with clients who have a sensitive claim will access a file as part of organising supports and services for that client. Other staff members only have access if they need it to carry out their role. For example:
- Contact centre staff will access information to resolve a query from a client, or the client’s provider, during a call;
- Our clinical team, who provide medical support for our Recovery Partners, will access a claim file when they have been asked for advice;
- Members of our Payments team may access a file to set up, process, or approve a payment;
- Recovery Administrators will access a file when necessary, for example, accessing the client and provider’s details so taxi services can be approved;
- Our Customer Resolution team will access information on a claim to help resolve a complaint or prepare for a review if a client wants to dispute a decision made by ACC.
There has been no change to our sensitive claims staff access policy since the implementation of the Next Generation Case Management model.
Requests for access to sensitive claims files must be approved by a staff member’s direct manager, who needs to determine access is both necessary and appropriate. Once approved it goes to a senior leader in the team that oversees sensitive claims work for a second check and approval.
We carry out a quarterly review to ensure that staff with access to sensitive claims still require it to fulfil the function of their role.
Staff in the Assisted Recovery and Partnered Recovery Mental Injury teams (who support clients with sensitive claims), and Contact Centre staff who handle sensitive claims queries, undertake significant training to ensure they understand the sensitivities around the information in the files, as well as confidentiality requirements.
Everyone who works at ACC signs our Code of Conduct, which sets out that employees are expected to maintain the highest standards of integrity, discretion and ethical conduct when performing their duties. Accessing information that an employee does not need to see can be considered serious misconduct.
All employees and contractors are also required to act in accordance with the ACC Code of Claimants’ Rights, which covers claimants’ rights to have their privacy respected. Any information that is handled by external suppliers or providers is subject to the same strict guidelines.
Further information on our handling, sharing and storing of personal health information can be found on our website.
This page includes a complaints function to ensure accountability of privacy, and a timely response to any concerns.
For more information about the growing rate of sensitive claims, and the support that is available through ACC below: