Can My Employer Access My Medical Records? — Privacy Rights Australia (2026)
Your employer generally cannot access your medical records without your consent. Know your privacy rights, what medical information employers can request, and when they cross the line.
Can your employer access your medical records?
No — your employer cannot access your medical records without your explicit, informed consent. Under the Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs), health information is classified as sensitive information and receives the highest level of protection. Your employer cannot: contact your doctor without your permission, access your medical history through Medicare or private health records, require you to disclose your complete medical history, or share your health information with other staff. A medical certificate confirming you are unfit for work is generally all an employer is entitled to receive.
What medical information CAN your employer ask for?
Your employer can request: (1) A medical certificate or statutory declaration to support a sick leave absence — this only needs to state that you were unfit for work, not the specific diagnosis. (2) A fitness-for-duty assessment if there are genuine concerns about your ability to perform the inherent requirements of your role safely — for example, in safety-critical roles like operating heavy machinery. (3) A pre-employment medical assessment relevant to the inherent requirements of the job. (4) Information you voluntarily provide. Even in these cases, the employer should only collect the minimum information necessary and must store it securely.
When does a medical request cross the line?
Your employer crosses the line if they: (1) Demand to know your specific diagnosis when a medical certificate is sufficient. (2) Contact your doctor or specialist directly without your written consent. (3) Share your health information with colleagues, managers, or third parties without your consent. (4) Use your health information to discriminate against you (e.g., refusing a promotion because of a disability or chronic condition). (5) Require medical examinations that are not genuinely related to the inherent requirements of your role. (6) Pressure you into disclosing mental health conditions or treatments. If any of these occur, it may breach the Privacy Act, anti-discrimination law, or both.
Your rights under anti-discrimination law
Under the Disability Discrimination Act 1992 (Cth) and equivalent state laws, it is unlawful for an employer to discriminate against you because of a disability or health condition — including mental health conditions. This means your employer cannot: reduce your hours, change your duties, deny promotions, or dismiss you because of a health condition, unless the condition genuinely prevents you from performing the inherent requirements of the role and reasonable adjustments are not possible. If you believe your medical privacy has been breached or you have been discriminated against because of a health condition, you can lodge a complaint with the Australian Human Rights Commission or your state anti-discrimination body.
What to do if your employer breaches your medical privacy
Step 1: Document the breach — what information was accessed or disclosed, by whom, and when. Step 2: Raise the issue with your employer's HR department or privacy officer in writing. Step 3: If the breach involved your doctor or a health provider disclosing information without consent, lodge a complaint with the Office of the Australian Information Commissioner (OAIC). Step 4: If the breach resulted in adverse action (demotion, dismissal, hours reduction), contact the Fair Work Ombudsman or consider a general protections claim. Step 5: For discrimination complaints, contact the Australian Human Rights Commission on 1300 656 419.
Try these free tools
Official resources
General information and estimates only — not legal, financial, or tax advice. Always verify with the Fair Work Ombudsman (13 13 94) or a qualified professional.
Related articles
Step-by-step guide if your employer isn't paying super. How to check via myGov, report to the ATO, and what enforcement powers exist for unpaid super.
Can My Employer Change My Roster Without Notice? (Know Your Rights)Your employer must give 7 days' notice for roster changes under most awards. Here's when you can say NO — plus what to do if they change your hours without asking.
12 Things That MUST Be on Your Payslip — or Your Employer Is Breaking the LawAustralian employers face fines up to $19,800 per payslip violation. Check the 12 mandatory items your payslip must include — free 30-second compliance checker inside.
Being Bullied at Work? Here's What to Do (Step-by-Step Guide)If you're experiencing workplace bullying in Australia, you have legal protections. Step-by-step: how to document it, report it, apply for a stop bullying order, and get help.