Reference no: EM132517329

Privacy Impact Assessment Report

1 Introduction
1.1 Purpose
This Privacy Impact Assessment (PIA) Report:

• identifies possible impacts on:
o the privacy of individuals' personal information;
o confidentiality of patient information;
o legislative compliance requirements; and
• recommends options for mitigating or minimising any negative impacts.

1.2 Applicable legislation
This PIA analyses the impacts of collecting, storing, using and disclosing personal information for the purposes of <the project> against the privacy principles set out in the Information Privacy Act 2009 (Qld) (IP Act) and the confidentiality obligations in part 7 of the Hospital and Health Boards Act 2011 (Qld) (HHB Act) relating to the disclosure of confidential information (i.e. patient information).

If there is other legislation that explicitly requires, permits or limits the collection, use or disclosure of personal information and/or confidential information that relates to this project, you should also cite the legislation and relevant sections within that act.

1.3 Project description
Explain the project and what it intends to achieve by addressing the following key points:

• what the project will deliver
• why the project is needed
• the benefits to the agency or the community; and
• whether the project is part of a program of related projects.

The term ‘project' is used broadly in this context. It is intended to cover the full range of activities and initiatives that may have privacy or confidentiality implications, such as new systems, processes or practices for handling personal information, confidential information,new legislation or policies, orinformation sharing initiatives.

1.4 Scope of the PIA
If applicable, explain what part or stage of the project the PIA covers and, if necessary, what it does not cover.

1.5 Review
In the case of a large or complex project, the PIA may need to be reviewed a number of times throughout the project's lifecycle to ensure that its findings continue to be relevant. If applicable, outline any dates or milestones that will be used as a checkpoint to review whether anything significant has changed since this PIA was last completed, reviewed and/or updated.

Information flows
This section explains how personal information and/or confidential information will flow through the agency's systems and processes as a result of the output or deliverable to be produced by the project. It describes:
a) what personal information will be collected, used and disclosed
b) what confidential information will be disclosed
c) who will have access to this information; and
d) how it will be stored and protected.
Describe what personal information and/or confidential information is involved and document the flow of this information through the proposed systems and processes. This includes how the information will be handled after the project's output or deliverable has been implemented and responsibility has been handed over to the relevant business unit. For example:
• What is the nature of the information being collected and who is it collected from?For example, is the information collected directly from the individual, or will it be sourced from an internal system or from outside the HHS/agency (such as another HHS?)?
• How will the information be collected?
• How will it be stored and what safeguards will be put in place to protect it?
• Who will have access to the information?
• What will the personal information be used for and by whom?
• Will the personal information be routinely disclosed and if so, to whom will it be given and for what purpose?
• How can individuals seek access or amendment to their personal information?
• How long will the information need to be retained?

Attachment:- Privacy Impact Assessment Report.rar