What are an employer’s obligations regarding confidentially of employees’ pre-employment medical results? If our HR department has a copy of these results, can we provide them to our safety department if they request it? Is there anything saying what employers can and cannot do with personal information?
There are some legislative prohibitions on the internal use of a current or former employee’s health information, which can vary between states and territories.
Even where privacy legislation does not expressly limit the disclosure of health information, it is good practice to generally keep an employee’s personal health information confidential. Health information such as pre-employment medical results can be sensitive, and the employee may have an expectation that they will be kept confidential so far as is possible.
In addition, unnecessary access to health information can create a risk for an employer in the form of claims of discrimination or breaches of general protections under the Fair Work Act 2009 (Cth). Even where no discriminatory conduct was intended, mishandling of medical information may inadvertently raise a perception of discriminatory treatment that results in a claim.
The Privacy Act 1988 (Cth) (the Privacy Act) regulates the use of personal information, including health information, for both public and private organisations. However, most of the personal information held by an employer about an employee will fall within the employee records exemption under the Privacy Act. The employee records exemption applies to an act done by an organisation that interferes with the privacy of an individual if it directly relates to:
As a result, health information held by an employer is generally not subject to the Privacy Act. However New South Wales, the Australian Capital Territory and Victoria have separate legislation regulating the handling of health information. Employers in these jurisdictions are recommended to obtain specific advice.
Please see 'Employee health records' for further information.
To reduce the risk of claims, it is recommended to only provide health information about an employee to other departments or managers with the employee’s consent, and only where the health information is directly relevant to the employee’s duties, such as where:
Please note that the laws of discrimination and workers’ compensation are complex, and employers are recommended to seek advice where unsure about their employees’ entitlements.
To discuss this topic further, members are encouraged to please contact us or call the Ai Group Workplace Advice Line on 1300 55 66 77.
A 'Sample Employee Records Policy' is also available to assist organisations in formalising their approach to handling employee records.