Compliance review report - Gold Coast Hospital and Health Service
This report details the results of a review of the Gold Coast Hospital and Health Service’s (GCHHS) compliance with key obligations of the Right to Information Act 2009 (Qld) and the Information Privacy Act 2009 (Qld).
We found that GCHHS is overall meeting its legislative obligations well. Key findings are that GCHHS:
- encourages participation and two-way dialogue with the community through its Consumer Advisory Group, social media and other engagement platforms
- provides in-house general awareness training on right to information (RTI) and information privacy (IP), but could incorporate this training into its mandatory suite of training for new staff
- is establishing a Data Governance Steering Committee to provide advice and steer the health service’s information management capability and capacity
- has limited measures for monitoring the performance of right to information and information privacy at the strategic and executive level
- is working on an information communication and technology data asset control register to establish a single point of truth for its data holdings
- complies with the requirements for a publication scheme and disclosure log, although some documents in the publication scheme were out of date
- handles RTI and IP applications in accordance with the Acts in most aspects
- has a published privacy plan detailing the types of information it collects, and how it holds, uses and discloses this information, but could improve its process for collecting sensitive information
- has good documented processes and responsibilities in place for storing, accessing and releasing camera surveillance footage.
Our compliance review report makes six recommendations for improvement. We will monitor GCHHS’s progress in implementing these recommendations.