Click to start searching

Work health and safety laws

How to protect the health, safety and welfare of your employees and volunteers.

Content last updated 31/03/2022

Managing vaccines in the workplace

On this page

Can your organisation make a COVID-19 vaccine mandatory for employees or volunteers?

States and territories have issued public health directions mandating COVID-19 vaccination for residential aged care workers as well as many other categories of workers.

As state and federal governments roll out guidance on the issue of mandating vaccination, organisations should be cautious about requiring vaccination as a condition of employment. The safety benefits need to be balanced with other legal issues including:

  • Unfair dismissal claims - Employers might have difficulties defending unfair dismissal claims in situations where their workplace can be reasonably regarded as COVID-safe by using other means such as social distancing, masks or even personal protective equipment.  
  • Discrimination claims - Employers need to consider whether vaccination should be an inherent requirement of the employment and what would be considered a reasonable basis for refusal; watch out for discrimination on the basis of medical or religious grounds. 
  • Workers compensation claims - Employers may face workers’ compensation claims from employees who experience harmful side effects from the COVID vaccine if the vaccine is taken as an employment directive in work environments where vaccination is not mandatory.

For more information, download our flowcharts: 

Can you require an employee to get vaccinated
What can you do if an employee refuses to vaccinated

What about volunteers?

If your organisation has volunteers, your approach to the COVID-19 vaccine may depend on factors like who your service-users are, the size of your volunteer workforce, other COVID-19 precautions in place, and how volunteer work is currently being performed. If you want to put mandatory requirements in place (for example, making vaccination a requirement for volunteering), you should get legal advice.


Each organisation will have to take an approach based on its own circumstances and in line with government advice. 

For more information about volunteers and the COVID-19 vaccine, download our fact sheet below which considers the questions:

  • Can your organisation make COVID-19 vaccination mandatory for your volunteers?
  • What evidence of vaccination should you accept from your volunteers?
  • Can your organisation end a volunteer relationship if a volunteer refuses to be vaccinated? Are there any risks in doing this?
  • What information should your organisation provide to your volunteers about the COVID-19 vaccine program?
Fact sheet: Volunteers and COVID-19 vaccine (124.5KB)

What are the key employment-related legal requirements and considerations for COVID-19 vaccines?

When advertising new roles, should organisations include a requirement for COVID-19 vaccination?

Yes, organisations should consider including a requirement for COVID-19 vaccination when advertising new roles.

Where a public health order requires certain employees to be vaccinated against COVID-19, organisations should make COVID-19 vaccination a condition of employment when advertising new roles. This step will help ensure compliance with the public health order and allow prospective employees to consider whether they are suited for the role in circumstances where they will be required to receive a COVID-19 vaccine.

In the absence of a public health order requiring employees to be vaccinated, organisations may still be required to implement a mandatory vaccination policy to comply with their work health and safety obligations. In these circumstances, organisations should also consider making COVID-19 vaccination a condition of employment when advertising new roles.

An employer may make employment conditional on any number of factors, including that prospective employees be fully vaccinated against COVID-19, provided the condition is not unlawfully discriminatory. Attributes which are protected under discrimination law which may apply to a person's vaccination status include disability (health condition), pregnancy status and, potentially, religion. So, if an organisation makes employment conditional on a potential employee's vaccination status, it must have the capacity to provide exemptions in appropriate circumstances, (such as, for example, where a prospective employee is immunocompromised or has another medical contra-indication).

Employers must, however, consider their privacy obligations before requiring prospective employees to disclose their vaccination status. The Privacy Act 1988 (Cth) (Privacy Act) covers organisations with an annual turnover of more than $3 million.

The Privacy Act prohibits the collection of health information (which includes a person's vaccination status) unless it is reasonably necessary for one or more of the employer's functions or activities and the employees consent to its collection, or the collection is required or authorised by law, such as in accordance with a public health order or, potentially, to ensure compliance with statutory obligations under work health and safety legislation.


This information does not consider the position of organisations that are public sector agencies within the meaning of the Privacy and Personal Information Protection Act 1998 (NSW).

Should organisations vary employment contracts to add a provision for mandatory vaccine directions?

Yes, organisations should consider varying template employment contracts for prospective employees to include provisions for mandatory vaccination, subject to appropriate exemptions as outlined above. Provided the contractual term is relevant to the proper performance of the role in question, it’s lawful and reasonable to include it. This would include performing the role safely as vaccinations are a valid control to help minimise the risk of contracting COVID-19 at work.

Organisations should also consider varying contracts for existing employees, but this may be more difficult, because it can’t be done without agreement from the employee. Employee agreement may not be forthcoming in all cases.

In practice, organisations are more likely to consider introducing policies on vaccinations for existing staff. Provided:

  • the policies have been the subject of consultation with staff and are based on a risk management approach, and
  • the policy terms are supported by the work health and safety obligations of the organisation and its staff,

the policies are likely to be upheld as lawful and reasonable directions.

This would include, in appropriate cases, a mandatory vaccination policy, subject to any necessary exceptions required to avoid contravention of anti-discrimination laws.

Where there is a public health order in place requiring particular employees to be vaccinated, it’s likely that a direction for those employees to be vaccinated will be both lawful and reasonable.

What evidence of vaccine status should organisations require from employees?

Where there is a public health order requiring certain employees to be vaccinated, organisations are entitled (and may be required) to obtain evidence from the employees of their vaccination status.

The position is less clear if no such public health order applies.

Under the Privacy Act 1988 (Cth) (Privacy Act), if the collection of information about an employee's vaccination status is not required or authorised by law - such as a public health order – collection of the information must be reasonably necessary for one or more of the organisation's functions and the employee must consent.

Compliance with work health and safety obligations is a core function of any organisation that conducts a business or undertaking. If knowledge of an employee's vaccination status is reasonably necessary to achieve such compliance – and arguably it is for employees working with vulnerable people, or who are exposed to the general public or to other workers indoors – an organisation is entitled to ask for that information.

If an employee fails or refuses to provide the information, an organisation may, depending on the circumstances, be justified in taking disciplinary action up to and possibly including dismissal, on the basis that the employee's conduct is jeopardising the health and safety of the employee and others at work. If the collection of vaccination information about individuals is reasonably necessary for the prevention and management of COVID-19 in workplaces or public areas under the agency's control, then that collection should be permissible. However, it will generally not be justified to collect vaccination status information (which is referrable to a particular individual) purely for statistical or monitoring purposes.

Evidence of COVID-19 vaccination should include either the COVID-19 digital certificate or immunisation history, (both are accessible through employee Medicare accounts).

Once details about an employee's vaccination status is collected, the employee records exemption under the Privacy Act will apply. This means that, instead of the Australian Privacy Principles governing the use and disclosure of the information, it will be dealt with under the general law, including workplace relations legislation, which contain less stringent privacy obligations.

For most organisations, the most relevant workplace relations law is likely to be the Fair Work Act 2009 (Cth). The Fair Work Act sets out limited privacy protection for employees and primarily, in respect of employee records, regulates the maintenance of access to and duty to correct employee records for inspection and auditing purposes.

Should organisations record the vaccination status of their service users and what evidence of vaccination should they require?

The collection of a service user's vaccination status will be subject to the Privacy Act 1988 (Cth) (Privacy Act). So an organisation should only collect vaccine information where it is reasonably necessary for one or more of the organisation's functions or activities, or if it is required or authorised by law.

In the absence of a public health order requiring service users to be vaccinated, organisations should consider whether requiring proof of, and recording, vaccination status is reasonably necessary for one or more of the organisation's functions or activities and whether it is lawful under anti-discrimination legislation. Given the uncertainty, organisations should perform a risk assessment before introducing a mandatory vaccination policy for its service users.

As with employees, if evidence of a service user's COVID-19 vaccination status is required, that evidence should include either the COVID-19 digital certificate or immunisation history (both are accessible through Medicare accounts).

However, unlike employees, if details of a service user's vaccination status are collected, that information will continue to be covered by the Privacy Act and the Australian Privacy Principles.

What are the key considerations for mandatory vaccine directions?

Employment-related information

What should an organisation do if an employee hasn’t had their first vaccination dose by the deadline in a public health order or other workplace direction? 

It depends on why they’ve missed the deadline.

If the employee has not had their first vaccination dose by the deadline because they could not secure a vaccine appointment in time, the organisation may need to consider short-term alternative work arrangements, such as asking the employee to perform different duties or to work from home. Organisations should also make employees aware of any priority vaccine bookings available and set a revised deadline for the employee to be vaccinated.

If the employee has not had their first vaccination dose by the deadline because they have a medical condition, they need to provide suitable medical contraindication evidence (more information below) before the deadline. If the employee has failed to do this, the organisation may need to seek legal advice about taking disciplinary action against the employee.

If the employee has not had their first vaccination dose by the deadline because of a protected attribute under anti-discrimination laws, the organisation may need to consider alternative work arrangements, such as asking the employee to perform different duties or to work from home (more information below). However, at this stage, the only exemption to comply with vaccination mandates contemplated in current public health orders is due to a medical contraindication.

Outside these circumstances, organisations may need to take disciplinary action against employees who refuse to be vaccinated pursuant to a public health order or other lawful workplace direction.

What process should an organisation follow if an employee doesn’t comply with a mandatory vaccination direction? Is the employment termination process set out in the public health order?

Public health orders do not prescribe a process for taking disciplinary action against employees who refuse to be vaccinated.

Employers will need to consider the terms, obligations and rights under any applicable employment law instruments (such as an enterprise agreement, modern award or employment contract) in deciding if and how to discipline an employee who refuses to be vaccinated, including their obligations with respect to consultation.

It may be open to employers to stand employees aside without pay in circumstances where they are not ready, willing and able to perform work in accordance with the public health order. It may also be open to employers to provide employees with alternate duties until they are vaccinated, however they are not required to do so. As a final step, employers may consider terminating the employment of an employee for failure or refusal to comply with the public health order or any other lawful and reasonable direction for the employee to be vaccinated.

Employers should consider employees' reasons for refusal to be vaccinated on a case by case basis and request supporting evidence of any reasons for refusal.

Where possible, employers should consider seeking legal advice about how to respond to an employee who refuses to comply with a mandatory vaccine direction.

Are board members covered by public health orders?

It depends. Depending on the relevant public health order and the nature of the person’s position in an organisation, it’s possible for a board member to be subject to a mandatory vaccine direction under a public health order.

If an employee has provided medical contraindication evidence exempting them from being vaccinated, is the organisation required to change the employee’s duties?

In most circumstances, yes.  To comply with work, health and safety (WHS) as well as anti-discrimination laws, organisations may have to make reasonable adjustments to an employee’s role if they have provided medical contraindication evidence indicating that they cannot be vaccinated against COVID-19.  Factors to take into account when considering whether an adjustment is reasonable include: 

  • the effectiveness of the adjustment in assisting an employee with disability to perform their job 
  • the practicality of the adjustment 
  • the extent of any disruption caused to business operations
  • the financial or other costs of the adjustment
  • the extent of the organisation’s financial and other resources
  • the availability of financial or other assistance to help make the adjustment (for example, the Employment Assistance Fund), and
  • the nature of business activities and size of the organisation 

Employers will not be required to adjust an employee’s position if the costs or difficulties of making the adjustment would place an unjustifiable hardship on the organisation. If the organisation can’t make reasonable adjustments for an employee, it should clearly document its reasons.  Organisations should seek legal advice about refusing to adjust an employee’s position because of a medical condition. 

Can an organisation be liable if an employee has an adverse reaction to the vaccine if vaccinations were mandated by a public health order or other workplace direction?

Yes, technically it's possible, but will only be relevant for a serious reaction to COVID-19.   

If an employee has an adverse reaction to a COVID-19 vaccination, they may be able to make a workers compensation claim. The employee will need to prove they suffered an injury, and that there is a sufficient connection between that injury and their employment. It’s more likely that a claim will be covered if the employee was directed to be vaccinated by their employer, or required to do so under a public health order.  

The federal government is introducing a COVID-19 Vaccine Claims Scheme. The scheme will compensate a person for a serious adverse reaction after having an approved COVID-19 vaccine.   

The new scheme won’t stop an employee from making a workers compensation claim. However, it’s likely that the scheme will provide a quicker and simpler way for employees to access compensation (which may make it less likely for them to make any other sort of claim). 

More information

See the Health Department webpage for more information.

What help can organisations access if an employee makes an unfair dismissal application? 

It can be difficult to secure legal support once an unfair dismissal application has been made. Where possible, employers should consider getting legal advice before termination of employment.

Organisations may have access to legal support through in-house counsel, peak bodies, insurers, and external law firms and human resources bodies.

For eligible community organisations, Justice Connect may be able to secure pro bono advice about issuing a mandatory vaccine direction and managing associated disciplinary action.

What about the users of an organisation’s services?

Can an organisation refuse to provide services to an unvaccinated service user?

It depends. Under the work, health and safety (WHS) laws, employers have a duty to eliminate or, if not reasonably practicable, minimise the risk of exposure of employees to COVID-19 in the workplace.   

To fulfill this obligation, organisations need to consider a range of relevant factors to determine what is reasonably practicable, including: 

  • What type of services are being delivered and how does this impact COVID-19 exposure? 
  • Does the service require face-to-face delivery? Can the services be provided in another way?  
  • Where are services being delivered and how does this impact the likelihood of an employee being infected with COVID-19? 
  • To what extent is COVID-19 prevalent in the communities of an organisation’s service users? 
  • What other COVID-19 control measures is the organisation using? 

Organisations need to be cautious about imposing a blanket rule requiring vaccination as a condition to access its services. There may be a medical reason why a person is unable to receive a vaccine or chooses not to, including the protected attributes of pregnancy or disability under state or federal anti-discrimination laws.   

Organisations should also consider any funding agreement provisions that restrict how and when an organisation can limit eligibility for its services. 

Can an organisation refuse a service user’s request to only be seen by vaccinated staff or only be grouped with other vaccinated service users?

A service user should not have access to the vaccination status of a staff member, nor the vaccination status of any other service user. A person’s vaccination status is sensitive health information and must be treated in accordance with applicable privacy laws.

If the service user’s request is based on a protected attribute under anti-discrimination law, the service provider has an obligation to make ‘reasonable adjustments’ to the provision of their services that do not impose an unjustifiable hardship of the service provider. For example, if the service user is unvaccinated for medical reasons, the service provider may consider giving them priority access to vaccinated staff.

In responding to this request, the organisation must comply with applicable privacy laws.

If a service user contracts COVID-19 while in an organisation’s care, could the organisation be liable if it didn’t require its employees to get vaccinated?

Yes, technically this is possible, but it will depend on a number of factors.   An organisation has duties to its service users under the law of negligence and under work health and safety laws. If an organisation fails to meet those duties and this causes an injury to a service user, the organisation could be liable. The service user would need to prove that they contracted COVID-19 because of the organisation’s breach of duty.   A court may decide that an organisation has failed to meet its duties if: 

  • there is a high likelihood of a service user contracting COVID-19 from an organisation's employees 
  • the service users are at greater risk of more serious illness with COVID-19  
  • the organisation did not implement reasonably practicable control measures to minimise the spread of COVID-19 (such as physical distancing and reduced capacity indoors, provision of PPE including masks, and minimising face-to-face contact with service users) 
  • it was necessary in the circumstances to require employees to be vaccinated (or there was a public health order requiring that they be vaccinated) but the organisation didn’t do so

The content on this webpage was last updated in March 2022 and is not legal advice. See full disclaimer and copyright notice.

Apply for free legal help

Provide feedback