Privacy and Security policy

HSNet Privacy and Security Policy

November 2018

Policy Statement

This Human Services Network (HSNet) Privacy and Security Policy applies to activities related to making, sending and receiving eReferrals through HSNet, uploading information onto HSNet and sharing information located in HSNet groups. Agencies using HSNet are obliged to comply with requirements set out in this policy and the HSNet Disclaimer Policy HSNet Disclaimer Policy when they use the system.

This policy applies from the moment an agency identifies a request to refer a client to another human service agency or non-government organisation and continues until the receiving agency accepts the client’s information. It does not cover any other information that an agency collects or holds on its clients, or what may happen to the information once it is received by the agency. Any other use of the client’s information must be covered by an agency’s own privacy policies.

This policy also applies to all members uploading or sharing information from restricted (private) and public groups on HSNet.

This HSNet Privacy and Security Policy and the HSNet Disclaimer Policy, both dated November 2018, replace all other prior HSNet policies (see Factsheet New HSNet User Policies for details).


The HSNet Privacy and Security Policy operates within the:

Agencies using HSNet and its tools will also continue to comply with other relevant legislation and codes of practice including, but not limited to:

Privacy Principles for e-Referrals

The following Principles guide day-to-day management of information in the HSNet system:

  • Clients, or their legally recognised representative, must provide informed consent to their personal information being collected, disclosed or exchanged between agencies for the purpose of activating a referral and providing multi-agency support to the client (refer to the HSNet Guides);
  • The agency will only collect personal information that is relevant to the function of the agency and the provision of the agency’s services;
  • Clients of the agency are informed about why personal information is collected and to whom or what agency it is to be disclosed; 
  • The agency takes all steps to ensure that client information is accurate, current and complete; 
  • The agency has security safeguards that protect client records from loss, unauthorised access, misuse, modification, disclosure and procedures that ensure appropriate disposal of client information;
  • Clients of the agency are told how they can get access to their records containing personal information;
  • The agency has a policy covering:
    • the nature and purpose of client record keeping
    • how long client records are kept
    • who has access to client records
    • how clients can get access to their own records;
  • Clients of the agency are entitled to have access to their records;
  • Clients of the agency are able to correct any information held by the agency that is incorrect, incomplete or misleading;
  • Client information is not used by the agency for any other purpose except with client consent unless necessary to prevent harm to life or health;
  • Client information is not disclosed by the agency to another person or agency without consent unless necessary to prevent harm to life or health;
  • The agency does not use the same client identifying numbers or codes that are used by other agencies;
  • The agency only uses client identifying numbers or codes if necessary for the efficient functioning of the agency;
  • Clients of the agency have the option of not identifying themselves, or of denying consent for exchange of information;
  • Sensitive information, such as health records, is collected by the agency with client consent unless necessary to prevent harm to life or health;
  • The agency takes reasonable steps to de–identify health information before it is disclosed for data collection or research purposes;
  • Information is collected directly from the client by the agency unless the client is a minor, under guardianship or has given consent for someone else to provide the information such as the parent;
  • Health information collected by the agency can only be included in a system to link health records with consent.

How to deal with complaints about privacy breaches

Complaints in relation to a privacy breach can be made to HSNet, or to the agency making the referral for management through their local complaints handling processes.

Users may also lodge a complaint with the Office of the NSW Privacy Commissioner (1800 472 679 / [email protected]).

Uploading information

When uploading information to HSNet through e-Referral or in Groups, the person sharing or uploading the information must ensure that:

  • they are authorised to provide the material and/or information;
  • the material and/or information is not defamatory or a malicious falsehood in relation to any product, service, person or corporation;
  • the material and/or information is not the “passing off” of any product or service and does not constitute unfair competition;
  • the material and/or information does not infringe any intellectual property right including, but not limited to, trade marks, service marks or business names (whether registered or unregistered), confidential information and copyright;
  • the material does not infringe any moral rights;
  • the material and/or information does not infringe any legislation, law or regulations of the Commonwealth of Australia and the State of New South Wales and any other parliament competent to legislate in relation to the website or any law in any country where the material and/or information is or will be available electronically to users of HSNet;
  • the material and/or information is not false, political, racist, unlawful, threatening, abusive, indecent, pornographic, violent, discriminatory or defamatory or likely to offend users of this site;
  • information classification labels are applied by the information owner in accordance with the NSW Government information classification labelling and handling guidelines;
  • the information owner has considered their internal policies and legislative requirements and asserts that the Owner is an appropriate repository for this information.

Removal of information

In relation to any material or information able to be viewed by other users, the Owner may remove any material or information, including but not limited to, links to other sites on the internet, at any time without giving any explanation or justification for removing the material and/or information.

Information management

Each participating agency or NGO will be responsible for the protection, storage, analysis and dissemination of the client data or uploaded material.  Further information is available in the HSNet Guides.


HSNet makes no warranties that the materials available on or through this website are free of infection by computer viruses or other contamination.

HSNet recommends that agencies and users of the site read and apply the Stay Smart Online principles published by the Australian Government.

HSNet accepts no responsibility for the uploading or sharing of confidential content stored in groups on the HSNet site.

In the interests of members’ privacy and the security of information, content located within HSNet private groups cannot be exported or shared to any HSNet public group, regardless of shared membership.

Before proceeding to share content from a private group, users should consider the confidentiality of the content and whether they are authorised to share it. HSNet recommends that the private group moderator(s) of a private group are consulted before content is shared.

Business Processes

The HSNet Guides have been developed to guide staff in the application of this policy. These Guides and other useful resources are located under the Support link at the bottom of each HSNet website page.


Agency - a general description of departments, organisations and other service providers, which may be government or non-government.

Appeal - part of a complaints procedure that gives a consumer the right to ask for a decision made by an agency to be reviewed, when the consumer feels the decision is unfair.

Assessment - involves a more detailed inquiry into the client’s needs, following the intake process.  The assessor will analyse and interpret information obtained at the point of referral.

Authorised eReferral Agency - an agency outlet that is authorised to make, send or receive eReferrals.

Authorised eReferral User - a person nominated by the eReferral agency to make, send or receive referrals electronically. An agency may have one or many authorised users. To be an authorised user the person must also be a member of HSNet.

Client - a person, including a carer, who receives or seeks a service from an agency. Clients may also be referred to as customers.

Complaint - may be made by a client, staff employed by an agency or an agency who is dissatisfied about an agency’s service connected with HSNet. It relates to any part of the program with which they have dealt with.

Intake or Screening - the process by which an agency obtains information from a person to help determine whether they are eligible to receive services, and what support or assistance they may need.

Owner – the owner of information contained on the HSNet website is the Department of Communities and Justice (DCJ) on behalf of the State of NSW.

Personal information - information held by an agency about a client that could identify that person.

Referral - a request, to which the client consents, from one agency to another for that client to be assessed for a service.

Receiving Agency - an agency service outlet which receives a referral from a referring agency service outlet.

Referring Agency - an agency, which initiates a referral to a receiving agency.

eReferral Consent - permission given by a client or their representative to collect and disclose personal information for the purpose of an electronic referral to another agency.  Permission does not include subsequent referrals by other agencies without client consent.

Site – refers to the HSNet website

Website – refers to the HSNet website