Using Compliance Documents

BusinessEducation

Listen

All Episodes

Audio playback

What Privacy Really Means Under the NDIS

Explore how NDIS providers safeguard participant information through daily actions, not just paperwork. Will and Winter break down privacy, confidentiality, and consent, highlighting real-world examples and simple steps for compliance.

This show was created with Jellypod, the AI Podcast Studio. Create your own podcast with Jellypod today.

Is this your podcast and want to remove this banner? Click here.

Chapter 1

What Privacy Really Means

Will, EnableUs Community

Hey everyone, welcome back to Using Compliance Documents. I'm Will, and I'm here with Winter. Today, we're diving into what privacy actually means under the NDIS. And, honestly, it's not just about ticking boxes or having a dusty policy in a folder somewhere.

Winter, EnableUs Community

Yeah, exactly. I think a lot of people hear "privacy" and just picture, like, a form you sign and forget about. But under the NDIS, privacy is so much more than paperwork. It's about how we treat participant information every single day—how we collect it, store it, and even talk about it.

Will, EnableUs Community

Right. And there's a difference between privacy and confidentiality, too. I always mix these up, but—so, privacy is more about the systems, like how info is collected and stored, and confidentiality is about, well, respecting that info in your day-to-day, right?

Winter, EnableUs Community

Yeah, that's it. Privacy is the structure, confidentiality is the behaviour. Like, you might have a locked cabinet for files, but if you chat about a participant in a café, that's a confidentiality issue—even if you never wrote anything down.

Will, EnableUs Community

Oh, that reminds me—there was this provider I knew, who, uh, accidentally started talking about a participant's support plan with a colleague while they were grabbing coffee. They didn't use the participant's name, but someone nearby recognised the details. It was a total accident, but that's exactly the kind of thing that can breach confidentiality, even if you think you're being careful.

Winter, EnableUs Community

Yeah, and it's so easy to slip up. Even just mentioning an NDIS number or a support plan in the wrong place can be risky. Personal information is anything that could identify someone—names, addresses, health info, all of it. And under the NDIS, we're legally required to protect that stuff, not just for compliance, but to show respect for the people we support.

Will, EnableUs Community

Exactly. It's about trust, not just rules. If you wouldn't want your own details shared, you shouldn't do it to someone else. And, honestly, the NDIS expects us to have clear policies, get proper consent, and make sure staff are trained up—not just once, but every year.

Chapter 2

Consent: Beyond the Signature

Winter, EnableUs Community

So, let's talk about consent, because that's another one people get wrong. It's not just a signature on a form. Consent under the NDIS has to be active, informed, and ongoing. That means participants actually understand what they're agreeing to, and they can change their mind at any time.

Will, EnableUs Community

Yeah, and it's gotta be specific, too. Like, you can't just say, "Sign here so we can share your info." You need to explain what info, who it's going to, and why. I mean, sometimes it's for sharing reports with a support coordinator, or maybe using a photo for marketing, but you can't just assume one signature covers everything forever.

Winter, EnableUs Community

Totally. I had a case where a participant was happy for us to share their progress notes with their therapist at first, but then halfway through the service, they changed their mind. We had to update the consent form and make sure everyone on the team knew about the change. It was a bit of a scramble, but it showed how important it is to check in regularly, not just at the start.

Will, EnableUs Community

Yeah, and I think a lot of people forget that consent isn't permanent. Like, you can't just file it away and never look at it again. If circumstances change, or if the participant wants to withdraw consent, you have to respect that. And, honestly, it's better to have a quick chat and explain the form, rather than just shoving it in front of someone and hoping for a signature.

Winter, EnableUs Community

Exactly. And it's not just about covering yourself legally—it's about making sure participants feel safe and respected. If they know they can say no, or change their mind, that's real empowerment. And it helps avoid those awkward situations where you realise you've shared something you shouldn't have.

Chapter 3

Embedding Trust in Daily Practice

Will, EnableUs Community

So, how do you actually make all this part of your daily routine? It's not just about having a policy on the shelf. You need secure storage—like, proper password protection for digital files, locked cabinets for paper ones, and only letting the right people access them.

Winter, EnableUs Community

Yeah, and staff training is huge. It's not a one-and-done thing. Everyone needs to know the rules, and you have to refresh that training every year. Plus, onboarding for new staff should always include privacy and consent basics, so no one falls through the cracks.

Will, EnableUs Community

And if something does go wrong—like, say, a privacy breach—you've gotta act fast. Report it internally, tell the participant what happened, and if it's serious, let the NDIS Commission know. Then, review what went wrong and fix it so it doesn't happen again. It's all about being transparent and honest, even when it's uncomfortable.

Winter, EnableUs Community

I heard about a provider who really nailed this. They did regular policy reviews, made sure every new staff member got a proper privacy induction, and even uploaded all their forms to a secure portal so nothing got lost. When a minor breach happened, they owned up straight away, explained it to the participant, and updated their process. It actually built more trust, not less, because people could see they took privacy seriously.

Will, EnableUs Community

Yeah, that's the thing—privacy isn't just about avoiding trouble, it's about building trust. If participants know their info is safe, they're more likely to open up and get the support they need. And, honestly, that's what it's all about.

Winter, EnableUs Community

Absolutely. So, next time you're handling participant data, just ask yourself—would I feel safe if this was my information? If the answer's yes, you're probably on the right track.

Will, EnableUs Community

Alright, that's it for today. Thanks for joining us on Using Compliance Documents. We'll be back soon with more tips and stories to help you keep your services safe and compliant.

Winter, EnableUs Community

Thanks, Will. And thanks everyone for listening. Catch you next time!

Will, EnableUs Community

See ya, Winter. Bye everyone!