Click to start searching

Work health and safety laws

How to protect the health, safety and welfare of your employees and volunteers.

Content last updated 04/10/2022

Managing vaccines in the workplace

On this page

Can your organisation make a COVID-19 vaccine mandatory for employees or volunteers?

Some state and territory public health directions mandating COVID-19 vaccination for certain categories of workers remain in place.

More information

See the Fairwork Ombudsman website for links to state and territory information on vaccine mandates that remain in place.

In the absence of directions mandating COVID-19 vaccination, organisations should make sure that any decision to make vaccination a condition of employment or a condition of entry to the workplace is supported by a robust risk assessment. Organisations must be satisfied that vaccination is a reasonably practicable measure to minimise the risks of COVID-19 in the workplace.

Whether vaccination will be ‘reasonably practicable’ will ultimately depend on your organisation’s circumstances. Consider factors such as:

  • the level of COVID-19 transmission in the community
  • the effectiveness of the vaccine at reducing the risk of transmission and serious illness
  • the nature of your organisation’s workplace and how that impacts COVID-19 exposure
  • the degree of harm that might result from contracting COVID-19, taking into account any special vulnerabilities of your organisation’s workers or service users
  • the availability and effectiveness of other safety measures, such as social distancing, mask wearing and testing, and
  • particularities of the worker and their position

Organisations should avoid blanket requirements to be vaccinated because this could discriminate against certain workers, for example an employee with a medical reason for not being vaccinated.

Your organisation may have a legal obligation to consult with its workers about whether to introduce or change a mandatory vaccination requirement. Consultation should be genuine, meaningful, and done before a final decision is made. Your organisation’s approach to COVID-19 vaccinations must be continually reviewed. What is ‘reasonably practicable’ at one point in time, may not be considered ‘reasonably practicable’ six months later.

For more information, download our flowcharts:

Can you require an employee to get vaccinated
What can you do if an employee refuses to vaccinated

When advertising new employee roles, should organisations include a requirement for COVID-19 vaccination?

Organisations should carefully consider including a requirement for COVID-19 vaccination when advertising new employee roles.

An employer may make employment conditional on any number of factors, including that a prospective employee be fully vaccinated against COVID-19, if the condition is not unlawfully discriminatory.

Where a public health order requires certain employees to be vaccinated against COVID-19, organisations should make COVID-19 vaccination a condition of employment when advertising new roles. This step will help ensure compliance with the public health order and allow prospective employees to consider whether they are suited for the role in circumstances where they will be required to receive a COVID-19 vaccine.

In the absence of a public health order requiring employees to be vaccinated, organisations may still be required to implement a mandatory vaccination policy to comply with their work health and safety obligations. In these circumstances, organisations should also consider making COVID-19 vaccination a condition of employment when advertising new roles.

When considering whether to include a requirement that a prospective employee be fully vaccinated against COVID-19, protected attributes to consider are disability (health condition), pregnancy status and, potentially, religion or social origin. So, if an organisation makes employment conditional on a potential employee's vaccination status, it must have the capacity to provide exemptions in appropriate circumstances, (such as, for example, where a prospective employee is immunocompromised or has another medical contra-indication).

Employers must also consider their privacy obligations before requiring prospective employees to disclose their vaccination status.

Should organisations vary employment contracts to add a provision for mandatory vaccine directions?

Yes, organisations should consider varying template employment contracts for prospective employees to include provisions for mandatory vaccination, subject to appropriate exemptions as outlined above. Provided the contractual term is relevant to the proper performance of the role in question, it’s lawful and reasonable to include it. This would include performing the role safely as vaccinations are a valid control to help minimise the risk of contracting COVID-19 at work.

Organisations should also consider varying contracts for existing employees, but this may be more difficult, because it can’t be done without agreement from the employee. Employee agreement may not be forthcoming in all cases.


  • the policies have been the subject of consultation with staff and are based on a risk management approach, and
  • the policy terms are supported by the work health and safety obligations of the organisation and its staff,

the policies are likely to be upheld as lawful and reasonable directions.

This would include, in appropriate cases, a mandatory vaccination policy, subject to any necessary exceptions required to avoid contravention of anti-discrimination laws.

Where there is a public health order in place requiring particular employees to be vaccinated, it’s likely that a direction for those employees to be vaccinated will be both lawful and reasonable.

What evidence of vaccine status should organisations require from employees?

Where there is a public health order requiring certain employees to be vaccinated, organisations are entitled (and may be required) to obtain evidence from the employees of their vaccination status.

The position is less clear if no such public health order applies.

Under the Privacy Act 1988 (Cth), if the collection of information about an employee's vaccination status is not required or authorised by law - such as a public health order – the information being collected must be reasonably necessary for one or more of the organisation's functions and the employee must consent.

Compliance with work health and safety obligations is a core function of any organisation that conducts a business or undertaking. If knowledge of an employee's vaccination status is reasonably necessary to achieve such compliance – and arguably it is for employees working with vulnerable people, or who are exposed to the general public or to other workers indoors – an organisation is entitled to ask for that information.

If an employee fails or refuses to provide the information, an organisation may, depending on the circumstances, be justified in taking disciplinary action up to and possibly including dismissal, on the basis that the employee's conduct is jeopardising the health and safety of the employee and others at work. If the vaccination information about individuals is reasonably necessary for the prevention and management of COVID-19 in workplaces or public areas under the agency's control, then that collection should be permissible. However, it will generally not be justified to collect vaccination status information (which is referrable to a particular individual) purely for statistical or monitoring purposes.

Evidence of COVID-19 vaccination should include either the COVID-19 digital certificate or immunisation history, (both are accessible through employee Medicare accounts).

Once details about an employee's vaccination status is collected, the employee records exemption under the Privacy Act will apply. This means that, instead of the Australian Privacy Principles governing the use and disclosure of the information, it will be dealt with under the general law, including workplace relations legislation, which contain less stringent privacy obligations.

For most organisations, the most relevant workplace relations law is likely to be the Fair Work Act 2009 (Cth). The Fair Work Act sets out limited privacy protection for employees and primarily, in respect of employee records, regulates the maintenance of access to and duty to correct employee records for inspection and auditing purposes.


In Victoria, the Occupational Health and Safety Amendment (COVID-19 Vaccination Information) Regulations 2022 regulates the collection and holding of vaccine information. The regulations are in effect until 12 July 2023.

What about requiring and recording the vaccination status of your organisation's service users?

The collection of a service user's vaccination status will be subject to the Privacy Act 1988 (Cth). So an organisation should only collect vaccine information where it is reasonably necessary for one or more of the organisation's functions or activities, or if it is required or authorised by law.

In the absence of a public health order requiring service users to be vaccinated, organisations should consider whether requiring proof of, and recording, vaccination status is reasonably necessary for one or more of the organisation's functions or activities and whether it is lawful under anti-discrimination legislation. Given the uncertainty, organisations should perform a risk assessment before introducing a mandatory vaccination policy for its service users.

As with employees, if evidence of a service user's COVID-19 vaccination status is required, that evidence should include either the COVID-19 digital certificate or immunisation history (both are accessible through Medicare accounts).

However, unlike employees, if details of a service user's vaccination status are collected, that information will continue to be covered by the Privacy Act and the Australian Privacy Principles.

What should an organisation do if an employee hasn’t had their vaccination dose by the deadline in a public health order or other workplace direction? 

If the employee hasn’t had their vaccination dose by the deadline because they have a medical condition, they need to provide suitable medical contraindication evidence (more information below) before the deadline. If the employee has failed to do this, the organisation may need to seek legal advice about taking disciplinary action against the employee.

If the employee hasn’t had their vaccination dose by the deadline because of a protected attribute under anti-discrimination laws, the organisation may need to consider alternative work arrangements, such as asking the employee to perform different duties or to work from home (more information below). However, at this stage, the only exemption to comply with vaccination mandates contemplated in current public health orders is due to a medical contraindication.

Outside these circumstances, organisations may need to take disciplinary action against employees who refuse to be vaccinated pursuant to a public health order or other lawful workplace direction.

What process should an organisation follow if an employee doesn’t comply with a mandatory vaccination direction? Is the employment termination process set out in the public health order?

Public health orders do not prescribe a process for taking disciplinary action against employees who refuse to be vaccinated.

Employers will need to consider the terms, obligations and rights under any applicable employment law instruments (such as an enterprise agreement, modern award or employment contract) in deciding if and how to discipline an employee who refuses to be vaccinated, including their obligations with respect to consultation.

It may be open to employers to stand employees aside without pay in circumstances where they are not ready, willing and able to perform work in accordance with the public health order. It may also be open to employers to provide employees with alternate duties until they are vaccinated, however they are not required to do so. As a final step, employers may consider terminating the employment of an employee for failure or refusal to comply with the public health order or any other lawful and reasonable direction for the employee to be vaccinated.

Employers should consider employees' reasons for refusal to be vaccinated on a case by case basis and request supporting evidence of any reasons for refusal.

Where possible, employers should consider seeking legal advice about how to respond to an employee who refuses to comply with a mandatory vaccine direction.

Are board members covered by public health orders?

Depending on the relevant public health order and the nature of the person’s position in an organisation, it’s possible for a board member to be subject to a mandatory vaccine direction under a public health order.

If an employee has provided medical contraindication evidence exempting them from being vaccinated, is the organisation required to change the employee’s duties?

In most circumstances, yes.  To comply with work, health and safety laws as well as anti-discrimination laws, organisations may have to make reasonable adjustments to an employee’s role if they have provided medical contraindication evidence indicating that they cannot be vaccinated against COVID-19.  

Factors to take into account when considering whether an adjustment is reasonable include: 

  • the effectiveness of the adjustment in assisting an employee with disability to perform their job 
  • the practicality of the adjustment 
  • the extent of any disruption caused to business operations
  • the financial or other costs of the adjustment
  • the extent of the organisation’s financial and other resources
  • the availability of financial or other assistance to help make the adjustment (for example, the Employment Assistance Fund), and
  • the nature of business activities and size of the organisation 

Employers will not be required to adjust an employee’s position if the costs or difficulties of making the adjustment would place an unjustifiable hardship on the organisation. If the organisation can’t make reasonable adjustments for an employee, it should clearly document its reasons.  Organisations should seek legal advice about refusing to adjust an employee’s position because of a medical condition. 

Can an organisation be liable if an employee has an adverse reaction to the vaccine if vaccinations were mandated by a public health order or other workplace direction?

Yes, technically it's possible, but will only be relevant for a serious reaction to COVID-19.   

If an employee has an adverse reaction to a COVID-19 vaccination, they may be able to make a workers compensation claim. The employee will need to prove they suffered an injury, and that there is a sufficient connection between that injury and their employment. It’s more likely that a claim will be covered if the employee was directed to be vaccinated by their employer, or required to do so under a public health order.  

The Federal Government has introduced a COVID-19 Vaccine Claims Scheme. The scheme compensates a person for a serious adverse reaction after having an approved COVID-19 vaccine.   

This scheme won’t stop an employee from making a workers compensation claim. However, it’s likely that the scheme will provide a quicker and simpler way for employees to access compensation (which may make it less likely for them to make any other sort of claim). 

More information

See the Health Department webpage for more information.

What help can organisations access if an employee makes an unfair dismissal application? 

It can be difficult to secure legal support once an unfair dismissal application has been made. Where possible, employers should consider getting legal advice before termination of employment.

Organisations may have access to legal support through in-house counsel, peak bodies, insurers, and external law firms and human resources bodies.

For eligible community organisations, Justice Connect may be able to secure pro bono advice about issuing a mandatory vaccine direction and managing associated disciplinary action.

Can an organisation refuse to provide services to an unvaccinated service user?

It depends. Under the work, health and safety laws, employers have a duty to eliminate or, if not reasonably practicable, minimise the risk of exposure of employees to COVID-19 in the workplace.   

To fulfill this obligation, organisations need to consider a range of relevant factors to determine what is reasonably practicable, including: 

  • What type of services are being delivered and how does this impact COVID-19 exposure? 
  • Does the service require face-to-face delivery? Can the services be provided in another way?  
  • Where are services being delivered and how does this impact the likelihood of an employee being infected with COVID-19? 
  • To what extent is COVID-19 prevalent in the communities of an organisation’s service users? 
  • What other COVID-19 control measures is the organisation using? 

Organisations need to be cautious about imposing a blanket rule requiring vaccination as a condition to access its services. There may be a medical reason why a person is unable to receive a vaccine or chooses not to, including the protected attributes of pregnancy or disability under state or federal anti-discrimination laws.   

Organisations should also consider any funding agreement provisions that restrict how and when an organisation can limit eligibility for its services. 

Can an organisation refuse a service user’s request to only be seen by vaccinated staff or only be grouped with other vaccinated service users?

A service user should not have access to the vaccination status of a staff member, nor the vaccination status of any other service user. A person’s vaccination status is sensitive health information and must be treated in accordance with applicable privacy laws.

If the service user’s request is based on a protected attribute under anti-discrimination law, the service provider has an obligation to make ‘reasonable adjustments’ to the provision of their services that do not impose an unjustifiable hardship of the service provider. For example, if the service user is unvaccinated for medical reasons, the service provider may consider giving them priority access to vaccinated staff.

In responding to this request, the organisation must comply with applicable privacy laws.

If a service user contracts COVID-19 while in an organisation’s care, could the organisation be liable if it didn’t require its employees to get vaccinated?

Yes, technically this is possible, but it will depend on a number of factors.   An organisation has duties to its service users under the law of negligence and under work health and safety laws. If an organisation fails to meet those duties and this causes an injury to a service user, the organisation could be liable. The service user would need to prove that they contracted COVID-19 because of the organisation’s breach of duty.   

A court may decide that an organisation has failed to meet its duties if: 

  • there is a high likelihood of a service user contracting COVID-19 from an organisation's employees 
  • the service users are at greater risk of more serious illness with COVID-19  
  • the organisation did not implement reasonably practicable control measures to minimise the spread of COVID-19 (such as physical distancing and reduced capacity indoors, provision of PPE including masks, and minimising face-to-face contact with service users) 
  • it was necessary in the circumstances to require employees to be vaccinated (or there was a public health order requiring that they be vaccinated) but the organisation didn’t do so

The content on this webpage was last updated in October 2022 and is not legal advice. See full disclaimer and copyright notice.

Apply for free legal help

Provide feedback