A recent decision of the Fair Work Commission (FWC) has highlighted the privacy considerations for employers when implementing vaccination policies in the workplace, particularly in this COVID-19 environment.
Across Australia, many employers have been required to introduce (or at least consider introducing) vaccination policies as a result of Public Health Orders or Directions issued by Federal, State and Territory Governments.
These types of policies require employees to disclose to their employer sensitive information such as medical information relating to their vaccination status (i.e., proof of their vaccination or evidence of a medical contraindication which prevents the employee from being vaccinated).
There are limitations on the sensitive information that an employer is able to collect about an employee and, in situations where such collection is allowed, employers have obligations on how it can be disclosed, used and stored. These are set out in the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs).
In the decision of Shepheard v Calvary Health Care T/A Little Company of Mary Health Care Limited [2022] FWC 92, the FWC was required to consider these privacy concerns in the context of an application for unfair dismissal made by a care service employee at an aged care facility.
Between July and September 2021, the aged care facility issued a vaccination policy to reflect an Public Health Order (PHO) which prevented employees of an aged care facility from entering or remaining on the premises unless they received at least one dose of a COVID-19 vaccine.
The PHO also required operators of aged care facilities to take all reasonable steps to ensure that anyone subject to the requirements of the PHO complied with the requirements and, also, that anyone subject to the requirements provided the operator with “vaccination evidence” if the operator so required.
The PHO also contains an exemption for any person who was unable to be vaccinated due to a medical contraindication as long as the person was able to present an approved certificate which specified the medical contraindication.
The aged care service employee did not provide any evidence that she had received at least one dose of a COVID-19 vaccine or any evidence to support the existence of a medical contraindication. Instead, she raised a concern (amongst other concerns) that the employer’s request for medical information was a breach of an individual’s right to privacy under the Privacy Act.
Ultimately, the employee was dismissed from her employment as her refusal to disclose the medical information required by the PHO meant that she was prohibited from entering the workplace and she could not undertake her role.
The FWC considered this to be a valid reason for the employee’s dismissal. It noted that a PHO, once in force and applicable to a particular workplace, must be complied with unless or until it is declared invalid or unlawful by a court of competent jurisdiction (a question which the FWC did not have jurisdiction to determine). Accordingly, the employer had no option but to comply with the PHO and could not provide the employee with any duties to undertake.
The FWC further noted that, whilst the APPs prevent an employer from collecting sensitive information (such as medical information) about an individual without the individual’s consent, there is an exception that allows the collection of such information if it is required or authorised by or under an Australian law, which is defined to include an “Act of the Commonwealth or of a State or Territory”. The FWC considered that this exception applied in these circumstances.
The FWC found, even if there was a breach of the Privacy Act (which it did not consider there was), this had to be balanced against other considerations. The fact remained that the employer and employee were required to comply with PHO and the employee did not have any capacity to perform any work because she was prohibited from entering the workplace.
Accordingly, the employee’s application for unfair dismissal was dismissed.
This decision enforces the position that an employee’s refusal to comply with a PHO (or workplace policy reflecting a PHO) will likely be found to be a valid reason for dismissal, particularly in circumstances where such refusal means that the employee is not able to perform their role.
With respect to privacy concerns, an employer’s obligations under the Privacy Act and the APPs are just one of the many competing obligations that it must consider when seeking to enforce a PHO or workplace policy. Employers must ensure that collection of sensitive information (in this case, medical information) from employees is done incompliance with applicable privacy legislation and the FWC’s comments in this decision support the view that this can be done.
Legal advice should be sought to ensure that such policies are compliant with the relevant legislation.
Information provided in this blog is not legal advice and should not be relied upon as such. Workplace Law does not accept liability for any loss or damage arising from reliance on the content of this blog, or from links on this website to any external website. Where applicable, liability is limited by a scheme approved under Professional Standards Legislation.
