Like all other healthcare organisations, providers of National Disability Insurance Scheme (NDIS) services are legally bound to keep their clients' medical records and health information safe and private.

There is an inherent vulnerability in seeking healthcare. A visit to a clinic can involve removing clothing, being prodded, scanned, and possibly photographed. Receiving personal care might mean having another person undress, wash and shower you.

Through all of this, the NDIS participant trusts that the workers caring for them have their privacy and dignity in mind. Any breach of this privacy will justifiably upset the participant and could result in them taking legal action against the worker/or the provider.

Privacy and Dignity in the NDIS Practice Standards

Privacy and dignity is a requirement of the NDIS Practice Standards under Core Module 1: Rights and Responsibilities.

This Practice Standard aims to ensure that NDIS participants receive supports that respect their dignity and right to privacy (NDIS 2021).

NDIS providers must meet the following quality indicators:

• Providers implement consistent policies and procedures that respect and protect participants’ personal privacy and dignity.
• Participants are informed of confidentiality policies. This information is delivered using the language, mode of communication and terms that participants are able to understand.
• Participants understand and agree to the personal information that may be collected and for what purposes. This might include recorded audio or visual material.

(NDIS 2021)

Health and Personal Information About Participants

Health information is any information regarding a person’s health or disability, and any information that relates to a health service they have received or will receive (Better Health Channel 2015).

The National Disability Insurance Agency (NDIA) may collect and access participants’ health information, as well as other personal information, if it is ‘reasonably necessary, or directly related to’ the NDIA’s functions and activities. This information is used to:

1. Deliver the NDIS
2. Make decisions about the NDIS
3. Operate the NDIS (e.g. conduct general business functions).

(NDIA 2024)

The information collected by the NDIA about a participant might include:

• Identity (name, date of birth, gender, signature, identity documents)
• Images, photos and video recordings
• Addresses
• Contact information
• Communication preferences
• Correspondences
• Background and circumstances (e.g. education, employment)
• Information about family members, authorised representatives, nominees and treating professionals
• Health information (e.g. disability, NDIS plan goals, support needs, treatments, treating practitioners)
• Cultural and/or linguistic background
• Criminal history
• Identifiers (e.g. Centrelink Customer Reference Number (CRN))
• Bank details
• Payments.

(NDIA 2024)

Consent

Participants must consent to having their information collected, unless:

• The collection of information is authorised or required by law, or
• The collection of information is permitted under the Privacy Act 1988.

(NDIA 2024)

Disclosure of Information

In some cases, the NDIA might need to disclose a participant’s personal information. Where possible, this information will be de-identified before disclosure. Examples of when disclosure may occur include:

• Delivering the NDIS or related functions (e.g. for quality assurance, training or education or to facilitate the improvement of services)
• Referring participants to external providers, or sharing information with other parties (e.g. support coordinators, plan managers, recovery coaches) when this is required for services included in the participant’s NDIS plan
• Investigating and checking security risks
• Managing financial risks such as fraud
• Engaging contractors to provide NDIS services on behalf of the NDIA.

(NDIA 2024)

Person-centred Care

Read: Person-centred Supports: NDIS Rights and Responsibilities

Privacy and dignity are guiding principles of person-centred care. The provision of effective, person-centred care hinges upon the following:

• Clear respect for participants’ values, preferences and expressed needs
• Coordination and integration of care
• Information, communication and education
• Physical comfort
• Emotional support and attempts to alleviate fear and anxiety
• Involvement of family, friends and carers
• Transition and continuity
• Access to care.

(SA Health 2014)

Participant Dignity

Beyond communication, workers should be mindful of the steps they take to ensure participants’ privacy and modesty are protected, e.g., closing screens, making sure participants are covered and keeping their voices down when discussing private and personal issues (RCN 2008).

This may also mean carrying out self-care tasks such as bathing, dressing and feeding with sensitivity.

Respect for the Values and Preferences of Participants

Ways to let participants know that their preferences matter could include:

• Ensuring gender accommodation is available, or when not possible, providing participants with support and safety needs in a mixed-gender environment
• Ensuring that workers introduce themselves and explain their role to participants
• Asking participants what name they prefer to be called
• Identifying people such as carers, family or friends, in conjunction with participants
• Showing an awareness of different views, beliefs, cultures and languages
• Considering participants’ preferences in all decision-making and goal-setting for care and treatment
• Providing person-centred care
• Ensuring participants are treated with dignity and respect and showing sensitivity towards their cultural values and needs
• Keeping participants informed and involving participants, family and/or carers in decision-making
• Maintaining participants’ privacy
• Being respectful of participants’ religious or faith traditions, and ensuring that interpreters and cultural, religious or faith supports are available if needed.

(SA Health 2014)

Involving participants as much as possible in their care is an easy way to reassure them that their privacy and dignity are being considered.

Participants will want to know who is looking after them, when, why and how. Maintaining ongoing discussions with participants is essential (SA Health 2014).