- Individuals are entitled to a reasonable expectation of privacy in public places.
- Mental health services must take reasonable steps to inform individuals about the use of surveillance devices.
- Surveillance use must be consistent with applicable laws and standards.
- The right of individuals to access their personal information should be respected.
- Surveillance use must always be necessary, proportionate and for a legitimate purpose related to the activities of the designated mental health service. Surveillance never replaces clinical observation.
- Mental health services must assess the impact of the proposed surveillance, across all age groups, before it is undertaken.
- Surveillance activities should be governed by policies, operating procedures and agreements.
- All staff should undergo privacy training prior to implementing surveillance procedures.
- Reasonable steps should be taken to secure equipment and protect information gathered through surveillance activities.
- Disclosure of information gathered through the surveillance activities should only occur where necessary for the stated purpose, or for a law enforcement purpose.
- Information gathered through surveillance activities should be deleted once it is no longer required.
- Effective review and audit mechanisms should be in place to ensure legal requirements and policies are complied with and that the use of surveillance meets its intended objectives.
In accordance with s. 121(1)(a) of the Mental Health Act 2014 the Chief Psychiatrist's functions includes providing standards, guidelines and practice directions to mental health service providers.
This guideline provides expectations around the use of surveillance in designated mental health services.
People admitted to inpatient units on a compulsory basis are often termed 'patients'. Those receiving treatment voluntarily are often termed 'consumers'. For consistency, the term 'patient' is used throughout this document to refer to people in both categories.
The Surveillance Devices Act 1999 regulates the installation, use and maintenance of surveillance devices:
- optical and visual surveillance devices, including closed-circuit television (CCTV)
- audio surveillance devices.
The National standards for mental health services (2010) require that mental health policies align with the principles of recovery-oriented mental health practice. In this context, recovery means: having choices, opportunities and taking risks; living a personally meaningful, purposeful and satisfying life; understanding one's abilities and disabilities; being treated with dignity and respect; being engaged and empowered in therapeutic relationships; participating in the exchange of honest, effective information and communication; gaining and retaining hope; and maintaining a positive sense of self.
This guideline provides designated mental health services with a set of best practice principles for using surveillance technologies in a manner that supports privacy, recovery and least restrictive approaches to care.
This guideline has been developed for overt surveillance activities only (that is, using devices with the knowledge of those under surveillance - for example, CCTV). Covert surveillance is not covered by this guideline (that is, surveillance that takes place without the patient's knowledge - for example, using body-worn cameras).
Common purposes for surveillance within designated mental health services include:
- crime prevention and deterrence
- enhancing the personal safety of patients and staff on mental health units.
CCTV may be useful for monitoring:
- stairways, reception lobbies and service corridors
- external areas such as perimeters, the main entrance and other entry and egress points.
CCTV must not:
- reduce the therapeutic interaction between staff and patients
- be used as an alternative to direct and active clinical observation by staff as this may have a negative impact on therapeutic rapport and infringe on a patient's right to privacy.
Surveillance to promote safety and security has a different purpose and intention from therapeutic observation and engagement. 'Therapeutic observation' means the purposeful gathering of information from people receiving care to inform clinical decision making and supported decision making by patients. The word purposeful implies that observation is undertaken with the intent of obtaining specific information and distinguishes this skill from passive surveillance. Therapeutic observation requires engaging with people, including sitting with them, listening to them, understanding their verbal and non-verbal cues, asking pertinent questions and developing an understanding of the most pressing issues in their everyday lives and cannot ever be conducted from behind a barrier or via CCTV.
(Nursing observation through therapeutic engagement in psychiatric inpatient care, Department of Health Guideline, 2013)
In accordance with the Charter of Human Rights and Responsibilities Act 2006, individuals have the right to not have their privacy unlawfully or arbitrarily interfered with by public authorities including designated mental health services. Further, it is an offence under s. 7(1) of the Surveillance Devices Act for a person to knowingly install, use or maintain optical surveillance devices to record or observe a private activity without the express or implied consent of each party to the activity. In the Act, the term 'private activity' means an activity during which the parties desire it to be observed only by themselves.
Surveillance must not be used in areas where individuals may reasonably expect privacy. This includes:
- shower areas
- change rooms
Where could patients in the mental health service reasonably expect privacy in relation to both the place and the activity undertaken?
Where there are shared bathroom facilities, how could safety and security be assured without using surveillance?
Whenever a mental health service collects personal information about an individual, be that a patient, carer, family member or other member of staff, steps must be taken to notify the individual(s) accordingly (Health Records Act 2001). Information about the use of surveillance devices must be conveyed in a manner in which an individual, according to their specific circumstances, can best understand. Where an individual is represented by a guardian or is a child, information must be provided to the guardian of the individual or the parent or guardian of the child where the individual or child does not fully understand the information conveyed. Individuals should be made aware of the following:
- the purpose for which the information is collected
- to whom the information may be disclosed
- that the individual has the right to access information held about them
- the process for submitting a complaint.
Making individuals aware that their information is being collected is critical because individuals have a right to make enquiries or submit a complaint if they feel their privacy has been breached.
When surveillance is used in public areas, the operator should ensure that appropriate signage is placed around the area to inform individuals that they may be under surveillance. Where possible the individual (or parent or guardian of the individual, including if the individual is a child) should be notified before entering the site of surveillance so they can choose whether or not to enter that area.
How are patients, parents, guardians, carers and families informed and consulted about the surveillance program?
At what point during an admission is the individual informed about the surveillance program?
Where are the signs notifying individuals about the surveillance program?
Are signs visible before entering the area under surveillance?
Where mental health services collect personal information, the Mental Health Principles under the Mental Health Act, the Charter of Human Rights and Responsibilities Act, the Health Records Act (including the Health Privacy Principles) and the Surveillance Devices Act apply.
- Section 13 of the Charter of Human Rights and Responsibilities Act provides that a person has the right not to have his or her privacy unlawfully or arbitrarily interfered with by public authorities, including designated mental health services.
- Section 17(2) of the Charter of Human Rights and Responsibilities Act provides that public authorities, including designated mental health services, must ensure that every child has the right to protection in their best interests as is needed by the child by reason of being a child.
- The Health Records Act applies to footage captured by surveillance devices used within mental health services. This footage, which in most circumstances would generally be deemed to be 'health information' within the meaning of the Act, must be handled in accordance with the requirements of the Health Records Act.
- Health Privacy Principle 1 in Schedule 1 to the Health Records Act HRA sets out circumstances in which health information may be lawfully collected.
- The Surveillance Devices Act applies to optical surveillance devices. It is an offence under s. 7(1) of the Act for a person to knowingly install, use or maintain optical surveillance devices to record or observe a private activity without the express or implied consent of each party to the activity.
- Section 3(1) of the Surveillance Devices Act defines the term 'private activity' to mean an activity during which the parties desire it to be observed only by themselves.
Mental Health Principles
All designated mental health services must have regard to the Mental Health Principles under s. 11(1) of the Mental Health Act. Principles relevant to surveillance include the following
- Persons receiving mental health services should be provided assessment and treatment in the least restrictive way possible, with voluntary assessment and treatment preferred.
- Persons receiving mental health services should be provided those services with the aim of bringing about the best possible therapeutic outcomes and promoting recovery and full participation in community life.
- Persons receiving mental health services should be involved in all decisions about their assessment, treatment and recovery and be supported to make, or participate in, those decisions, and their views and preferences should be respected.
- Persons receiving mental health services should be allowed to make decisions about their assessment, treatment and recovery that involve a degree of risk.
- Persons receiving mental health services should have their rights, dignity and autonomy respected and promoted.
- Children, young persons and other dependents of persons receiving mental health services should have their needs, wellbeing and safety recognised and protected.
- Carers (including children) for persons receiving mental health services should be involved in decisions about assessment, treatment and recovery, whenever this is possible.
- Carers (including children) for persons receiving mental health services should have their role recognised, respected and supported.
A fundamental principle of privacy is that individuals have a right to seek access to the personal information a mental health service holds about them. In some circumstances it may not be appropriate for the mental health service to disclose the information -- for example, if it were to breach the privacy of another individual or if the information relates to legal proceedings between the individual and the mental health service. However, mental health clinicians should seek to accommodate an individual's access request to the extent possible.
The Freedom of Information Act 1982 is the primary piece of Victorian legislation that covers individuals' right of access to information held about them. Further information can be obtained from the Office of the .
The benefits of surveillance must substantially outweigh any intrusion of privacy. In the interests of safety, security and crime prevention, the need for surveillance may be considered appropriate in public, common areas, including entrances and exits to mental health services.
Mental health services should be able to clearly define the problem they are trying to solve by using surveillance technologies and be able to justify why they are necessary to address that problem.
What is the problem that you are trying to address?
Are there other less intrusive ways that could be used, rather than surveillance?
It is important that only the minimum amount of information is collected and stored. Guidelines issued by the Commissioner for Privacy and Data Protectionrecommend limiting the amount of visual information, where possible, by limiting the duration of surveillance and mindful positioning of cameras. Consider also recording, which is less intrusive, as opposed to constant monitoring.
Using remotely managed CCTV in areas such as de-escalation areas including seclusion rooms is not recommended because the images do not accurately provide a status of the patient's physical health and must not replace direct physical supervision by staff.
Staff must be present and directly monitor patients in high-risk areas such as seclusion rooms and high dependency or intensive care units. CCTV can only be used to augment, but never replace, monitoring (such as in blind spots).
When a staff member is not physically present in a locked area, such as in a high dependency or intensive care unit, then this is considered to be seclusion. CCTV is not an alternative to staff presence.
Clinical observation of a person in seclusion requires monitoring of breathing, movement, alertness, responsiveness and levels of agitation. This necessitates engaging with the person directly (not via CCTV).
In accordance with s. 112(2) of the Mental Health Act a registered nurse or registered medical practitioner must clinically observe a person in seclusion as often as is appropriate, having regard to the person's condition, but not less frequently than every 15 minutes.
(Chief Psychiatrist Guideline: restrictive interventions in designated mental health services, July 2015)
To align with the principles of the Victorian framework for recovery-oriented practice it is recommended that designated mental health services consult with staff, patients, carers and families to determine whether surveillance is an appropriate option. Other stakeholders that are relevant when developing local policies include health service executives, legal services and Victoria Police.
Mental health services considering installing surveillance equipment should conduct the following:
- a privacy impact assessment
- security risk assessment
- human rights impact assessment.
These assessments will help to identify and mitigate against risks to safety and security, in accordance with the Charter of Human Rights and Responsibilities Act.
Before implementing surveillance activities mental health services should develop clear internal policies and procedures. These will ensure that staff are aware of their individual obligations and understand how the information captured should be handled. These documents should be developed with and be communicated to relevant staff, consumers, carers and families and be easily accessible at all times.
Policies and procedures for surveillance should include the following as a minimum:
- the purpose of the surveillance program
- what information is collected and how it is used and stored
- the length of time the information will be retained (see item 11)
- who is permitted to access the information
- the roles that are responsible for managing surveillance activities
- the protocols to be followed for ensuring the security of information captured
- relevant legislation that governs the surveillance program
- who the appropriate contact is within the mental health service should staff, patients, families or carers have questions about the surveillance program
- processes for receiving complaints and managing privacy breaches related to surveillance.
If the mental health service engages a contracted service provider to manage the surveillance program, it must ensure that the contract sets out the governance arrangements for each party and expresses the privacy obligations of each party under the Health Records Act.
Staff who operate, oversee or handle information captured by surveillance systems should undergo training in surveillance and privacy in mental health services. This is to ensure that relevant policies, procedures and legislation are adhered to. This also helps to enhance staff confidence and supports patients' rights, recovery and outcomes through providing an ethical, appropriate and patient-centred approach.
Data security is a critical component of any surveillance program. In accordance with the Health Records Act, mental health services have an obligation to protect health information from being misused, lost, accessed, modified or unlawfully disclosed. The Health Records Act does not specify how this should be done, only that organisations must take reasonable steps.
A central principle of privacy law is that personal information collected for one purpose should not then be disclosed for another purpose. Generally, mental health services should only disclose information in a way that is consistent with the notice provided to individuals. If a mental health service can foresee a purpose for which it will need to disclose an individual's personal information, it should communicate this to the individual at the time of collection or as soon as practicable thereafter.
Mental health services should plan what processes will be implemented to destroy personal information once it is no longer required. These should include how it will be destroyed and whether de-identification is viable. Further information regarding retention and disposal obligations can be obtained from the Public Record Office Victoria. Retaining personal information captured by surveillance devices for any longer than is necessary can increase an organisation's risk of a privacy breach.
Mental health services should have mechanisms in place to review and evaluate their surveillance program to ensure it is effective in meeting the objectives and purpose it set out to achieve. Evaluations should be conducted on a regular basis and revisions made as required. Revisions are especially important when there have been changes to related legislation, policies and procedures. Evaluations can be undertaken internally, but independent audit is also an advisable option. Involving patients, carers and families and others who the surveillance program affects is a critical part of the review process.
When reviewing and evaluating surveillance programs, seek to ensure that the expectations of the surveillance program are agreed between staff and patients.
- Designated mental health service has developed a surveillance policy that describes their legal and professional obligations.
- Individuals entering the designated mental health service are informed of the surveillance policy.
- Staff undergo training in good practice principles relating to surveillance.
- Designated mental health services assess and review the impact of implementing a surveillance policy and procedures.
2 Commissioner for Privacy and Data Protection 2017, Guidelines to surveillance and privacy in the Victorian public sector, Victorian State Government, Melbourne.
Reviewed 01 September 2023