Data Privacy Policy

This psychprofiler Data Privacy Policy sets out how psychprofiler manages personal information (including health information) provided by users.

Our data privacy policy provides more detail on the collection, storage, use and disclosure of the personal information we hold. It also contains information about what you can do if you are not satisfied with how your information has been treated.

psychprofiler is bound by the Australian Privacy Principles (APPs) contained in the Privacy Act 1988. Individual health records stored within psychprofiler may also be bound by State specific legislation.

The 13 APPs provide a privacy framework that regulates the way psychprofiler collects, stores, and disseminates information about an individual.  Information that is regulated by these APPs is only stored by psychprofiler in a digital format.

psychprofiler may, from time to time, review and update this Data Privacy Policy to take account of:

  • New laws and technologies;
  • Changes to psychprofiler operations and practices; and
  • To make sure psychprofiler remains appropriate to the services it provides.

Context

Oriented to the Diagnostic and Statistical Manual of Mental Disorders, Fifth Edition (DSM-5),
psychprofiler provides a screening instrument that can be used in the early identification of psychological / psychiatric / educational disorders. This early identification is crucial to determining more accurate classification and diagnosis, leading to better intervention and treatment for affected individuals.

psychprofiler has been carefully developed over the past 20 years, including validation against both a large mainstream sample and a clinical sample. It has undergone multiple further validations since it was updated from the original DSM-IV-TR version to the current DSM-5 criteria (APA, 2013).

psychprofileris designed to be readily accessible and affordable, costing only $5 for a single use, and coming down to as little as $2 per use via purchase of a multi-use licence.

psychprofiler is an online software tool.  However, regular users have the option of completing the paper questionnaire and entering the paper results into the online software tool.  The handling, storage, and destruction of the paper questionnaires are the responsibility of the users.

Using PsychProfiler

Access to psychprofiler is anonymous.  Login username is never required, only an individual token that is generated as a random value using a customised psychprofiler script.

A psychprofiler user can be located anywhere so long as they have access to the Internet and a web browser.

When commencing a psychprofiler analysis, users have the option of entering information about the person whose psychological profile is being submitted for analysis, and the person who is completing the analysis (e.g., Parent, Teacher, Observer).  Although this information is stored within the psychprofiler database, the information is NOT mandatory and is NOT validated.

Data classification and data security

psychprofiler handles your personal and questionnaire data as: Sensitive: Personal

Further, psychprofiler transports all its data in an encrypted format for data protection.  The protection is applied by using a security certificate that provides a 256-bit SSL encryption. This is shown by the psychprofiler website using https://… , indicating an SSL certificate is in place.

Tokens

Access to each analysis is obtained through a psychprofiler token. The token consists of more than 10 random alphanumeric characters assigned at the point of creation. The token is displayed on screen and is optionally emailed – usually to the psych consultant and/or the person completing the assessment.

Note: psychprofiler does not track allocation of token numbers against users.

Once a person enters their allocated token on the psychprofiler Web portal, they can enter their personal details and proceed to complete the questionnaire. If an individual is not able to complete the questionnaire, they are able to save the partially completed questionnaire and complete it later. Once the questionnaire is completed and submitted, the data is saved in ‘read-only’ format in the
psychprofiler database.

The risk to data privacy is the unintended release of the token by the user who acquired it.  This could occur in several ways, such as:

  • The user could intentionally issue the tokento someone else; or
  • The token could be obtained from illegitimate access to emails (e.g.,hacked email accounts) that containthe token number.

These risk factors are the responsibility of the user and outside the control of psychprofiler.  Even if the unintended release of the token were to occur it would be for one analysis result only (i.e., one data record for one questionnaire).  The unintended release of a token will NOT support access to multiple analysis results (multiple data records), even if multiple tokens are issued for the same person.

Analysis Results

After the questionnaire is submitted, the psychprofiler application will generate an analysis report. This report may be displayed on screen or may be emailed to the user or to the clinician.

Note:  The questionnaire may be setup in psychprofiler so the person responding to the questionnaire does NOT see the analysis results, with those results available only to the clinician.

The risk to data privacy is the unintended release of the analysis results by the recipient.  This could occur in several ways, such as:

  • The analysis results may be securely downloaded and displayed on screen.  The user may then elect to securely download a pdf copy of the analysis.  Management of the pdf file is now controlled by the user.
  • The analysis report could be obtained from illegitimate access to emails (e.g., hacked email accounts) that contain the report.

These risk factors are the responsibility of the user and outside the control of psychprofiler.  Even if the unintended release of the analysis report were to occur it would be for one analysis only.  The unintended release of ananalysis report will NOT support access to multiple analysis reports, even if there are multiple analysis reports for the same person.

No Bulk Access to data

Access to data entry and data view is by entering the token number for an individual analysis.  There is no means in psychprofiler for users to gain bulk access (multiple data records) to analysis results.

Access to the psychprofiler database is enabled by our service provider Web24 via a separate system that enforces secure credentials.

Storage and Backup

psychprofiler database is hosted and securely stored in a public cloud that is provided by the Web24. service provider.  All stored psychprofiler data remains within Australian borders at all times.

Full database backups are run daily by the Web24 service provider and retained for a period of 30 days.

Disaster recovery is also provided by the Web24 service provider.  Should a database failure occur necessitating recovery from a backup, downtime is estimated at two hours from advice of the failure until service is restored.

Archiving and deletion of data

psychprofiler does not archive data.  After a 12-month period psychprofiler data may be deleted without notice.

Should an organisation elect to delete all their psychprofiler records a formal request must be submitted to psychprofiler (for example a school may wish to delete all school psychprofiler data records).  psychprofiler will then verify the request is from a genuine source before actioning the request.

Note that each assessment is identified by token, or they may be identified by optional use of common fields such as school name.

If an organisation elects to delete their records but they have not entered any personal data (e.g., name, DOB, school), the only means would be for them to provide a list of token numbers for deletion.

External access to PsychProfiler data

psychprofiler does NOT release potentially identifying sensitive data to external providers except as per conditions below.  This includes psychologists, psychiatrists, doctors, psych clinics, universities and marketing agencies.

In general terms,psychprofiler will not disclose personal information to any third party other than in the course of providing medical services, and only with your consent.

psychprofiler is permitted to disclose information about an individual without their consent under the following circumstances:

  • Where the information is required by law;
  • Where the information is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent to assist in locating a missing person; or
  • Where the information is required to establish, exercise or defend an equitable claim for the purpose of a confidential dispute resolution process.

psychprofiler staff are required to respect the confidentiality of a patient’s personal information at all times.

Questions or Complaints

If you would like further information about the way psychprofiler manages the personal information it holds, or believe psychprofiler has breached the Australian Privacy Principles please make a written request to Contact the psychprofiler.

psychprofiler will investigate every request and will respond within a reasonable timeframe.  Unless there are unusual conditions (e.g., Christmas holiday period), an initial acknowledgement with estimated timeframes should be provided within two business days.  If appropriate, you may receive updates during the investigation.

If you are not satisfied with the response you receive from psychprofiler, you may wish to discuss the matter with the Office of the Australian Information Commissioner by telephoning 1300 363 992 or sending an email to: enquiries@oaic.gov.au

Changes to this data privacy policy

If psychprofiler decides to change the data privacy policy, the changes will be posted to our website.

If required by law, psychprofiler will obtain your permission for, or give you the opportunity to opt out of, any new uses of your data.