How we protect your privacy and ensure confidentiality

Clinical Care Confidentiality

PeopleSense by Altius is committed to protecting your privacy and maintaining the confidentiality and security of personal and health information. Counselling services are delivered in line with professional obligations set out in the code of conduct of the Psychology Board of Australia and Australian Health Practitioner Regulation Agency (Ahpra), and in accordance with the Altius Group - Privacy and Records Management Policy and Procedures. Information is collected only where relevant to your care and stored securely as part of your confidential clinical record.

Confidential information is not shared without your consent, except where required or authorised by law or where there is a serious risk to your safety or the safety of others. In Employee Assistance Program (EAP) services, de‑identified and aggregated information (such as overall service usage or demographic trends) may be shared with organisational clients for reporting purposes; no individual‑identifiable or clinical information is disclosed.

You may request access to your records at any time, except in limited circumstances where access is restricted by law to protect safety or privacy. Psychologists may also discuss aspects of their work in confidential, de‑identified supervision to support safe and ethical practice.

Confidentiality in Organisational Reporting

In addition to complying with clinical records handling and patient confidentiality, we also go to great lengths to ensure that your identity is never disclosed to an employer or other funding organisation, even by implication. Some of the key ways we do this are:

• We don't disclose client category data if fewer than 10 clients have used the service in a reporting period, such as a month or quarter. All we report is the count of clients and number of overall sessions attended.

• If your area of the organisation contains fewer than 20 team members, we won't collect that data or report on it. Your organisation provides us with headcounts for each area so we can ensure this.

• We never combine the data you share in ways that may allow you to be identified. For example, we won't provide data that combines gender and age. We only report on the profile of clients one attribute at a time.

• You can always choose "I prefer not to disclose" on any organisational profile attribute we may have been asked to collect.

• Your clinical profile data (your name, date of birth, address, contract details) are never used for reporting to your organisation and are considered part of your clinical record with us as a health provider. This is why we often separately ask for your age group range so we can report on age categories in general terms.

Security of Our Systems and Your Data

Altius Group, including Altius PeopleSense, is an ISO 27001 Certified Organisation. This represents the global standard in information security, and we have been certified and audited to this standard since 2024. In addition, we operate a 24/7 Cyber Operations Centre, have best practices in encrypted data storage and processing, as well as engaging in ongoing training and validation with our team to ensure policies are followed and we remain safe custodians of your data. Our data is held on Australian servers and is only processed onshore. Furthermore, we hold our partners to these standards ensuring your end-to-end reassurance of our practices.