Mobile Phone Application – Privacy Policy
Introduction and Background
Access has developed a smartphone application, AVA (Access Virtual Assistant) for use by its support workers (SWs). This privacy policy describes what data AVA collects while being used by SWs in the course of their work for Access, why this information is required and how it is collected and stored.
Access Community Health (Access) strives for excellent service as a provider of healthcare and supports to our clients. Our business is to deliver appropriate, timely care and support to meet the assessed needs of our clients.
AVA was developed to electronically record visits made to clients by SWs. AVA records the time visits are started and ended and the associated location of the visit to authenticate the SW’s actual presence at the client’s home. In addition, AVA:
- facilitates the delivery of services to our clients by showing the SW their rostered visits for the day and updating this roster in real time as changes occur.
- records the start and end of each rostered visit.
- uses the recorded information to prepare an electronic timesheet reflecting the work for which the SW is to be paid.
- uses the recorded information to invoice the funders for the travel carried out by the SW in delivering the rostered services.
The AVA phone application displays the SW’s roster for the current day and the next day. Roster changes are reflected on the SW’s phone in ‘real time’ because the phone is essentially connected, via the internet, to Access systems.
Access does not provide mobile phones for SWs. Instead, SWs are required to use their personal devices.
What Data is Collected and Why
AVA gathers relevant data in regard to Location and Timing Data. This data is used to:
- Verify the User is physically in attendance at the client’s home (Location Data).
- Verify the User is in attendance for the rostered time of the visit (Timing Data)
This Data is used to prepare an electronic time sheet for the User that shows hours worked on site and travel time and travel distance between clients or between home and a client. This electronic record is transferred to the payroll system to enable remuneration of the SW.
In addition to facilitating the payment of Users for work done, the Data also enables Access to invoice its Funders which are, in the main, Government agencies.
The Data verifies SW attendance at the place of service delivery, usually the Client’s residence. This assists in identifying any service delivery failure, for example allowing Access to identify when a SW does not attend a scheduled visit giving Access the opportunity to arrange a replacement SW.
In order for AVA to function as required, Access collects and stores in its business systems the residential addresses of all its SWs and Clients. This information is also recorded in the form of a geolocation (i.e. the longitude and latitude) so that actual travel distances can be calculated for the purposes of correct payment for travel. In addition, this geolocated data allows for efficient matching of Clients and SWs when filling rosters.
Finally the Location data in aggregate can be used for internal analytical purposes.
How and When is the Data Collected.
No version of AVA collects any data when the SW has not signed into the app.
Once the SW has signed into the app, the only files on the phone the app has access to are its own internal AVA tables containing information about he visits the SW has been rostered to attend and other visit related data such as client names, addresses etc.
AVA will record network connection information when AVA is in use and this may include the IP address of the device, the name of the cellular network provider and the wifi network the device is connected to.
Versions of AVA published prior to this June this year ask that the SW grants access to the phone’s location while the app is in use and that location information gets recorded against some events, such as when starting and ending a visit.
Versions of AVA published after June 2023 now limits when the device’s location is retrieved by AVA only when logging in and out of a visit but also within the half hour before a visit to check if the SW’s arrival might be delayed or if the SW’s arrival might be overdue. A location is also retrieved if the SW asks AVA for directions to get to a client’s house.
A further reason to collect location specific data is so that Access is able to know where its SWs are for Health and Safety purposes.
Data is collected whether or not the support worker has a cellphone signal. If the User has a signal, then the collected information is uploaded automatically back to Access business systems in real time. If there is no signal, then the information is stored on the smartphone and only uploaded to Access when a signal is regained or when the support worker comes into range of a wifi network which may be at home or public library for example.
Management of Collected Data
The Data collected is encrypted at source on the User’s cellphone and remains encrypted in transmission to Access systems.
The Data is stored ‘in the cloud’ on Access’s own servers which are hosted and maintained in a third-party server farm in keeping with industry best practice security arrangements.
The information is stored within NZ in a cloud-based arrangement hosted by a third party provider of cloud based services. The information is available within Access only to those staff that have a need to view the data; specifically this will be payroll and various finance staff responsible for paying SWs or invoicing funders.
SWs can view the travel data held by Access and used as the basis of payment to SWs. This information is available by using the Reports menu option on AVA which links directly to the SW’s myRoster portal.
We currently do not actively monitor or track the movements of SWs, but we can use the capabilities of AVA to identify the whereabouts of workers whenever we need to investigate possible issues of non-attendance at work. We have developed a tool (“AVA Dashboard”) which helps us interpret and display the location data we have when carrying out investigations into individual SW behaviours. The AVA Dashboard was implemented in November 2019.
Contingencies
If there is a failure, such that AVA cannot be used by the support worker, then to ensure the support worker gets paid for the visit, the support worker will need to register their visit using the Failed Visit Record (FVR) process within myRoster.
Consent
All new clients and new employees are informed of AVA and related personal information being collected and used by Access at the time of respective service and employment commencement. Each individual provides their written consent to their personal information being collected and used for this purpose.
Where a client or employee does not provide consent to their personal information being collected and/or used by Access in regard to AVA (and as outlined in this policy), the relevant manager will need to consider whether this means that the related respective service or employment can continue. Any decision and/or action to address non-consent shall be documented and implications discussed with the client or employee in order to seek resolution.
All SWs are informed of this policy and receive training during orientation (in respect of using AVA). If SWs have any questions about how their information is collected and used, they should email app_help@access.org.nz or contact the Privacy Officer.
AVA information may be shared with third parties in accordance with the Privacy Act 1993, and/or where it is deemed necessary for the purposes of Access’ business (for example in response to a Police criminal investigation, or in respect of any request by a Coroner, WorkSafe, and/or the Health and Disability Commissioner).
Security
AVA information is encrypted at source on the SW mobile phone and remains encrypted in transmission to Access systems.
AVA information collected by Access is stored on Access’s own servers which are hosted and maintained in a third party server farm in keeping with industry best practice security arrangements.
Internal access to AVA information is managed to ensure that only relevant management and IT administration employees are able to access it.
Retention
Access will retain AVA information for 10 years (due to the health information contained in respect of client visits and related support service delivery).
Correction Requests
Access notes that any correction requests (per the Privacy Act 1993) relating to accuracy of location may be problematic given that the location data is sourced via the SW’s mobile phone operating system and likely cannot be corrected or changed.