The COVID-19 vaccine is voluntary and free. As safe and effective vaccines become available, the Government will vaccinate as many people in Australian as possible for COVID-19. If you choose not to have a COVID-19 vaccine, your eligibility for Government payments won’t be affected. Find out more about COVID-19 vaccines and getting vaccinated for COVID-19.
This notice explains how we (the Australian Government Department of Health and Aged Care) manage your personal information, consistent with our obligations under the Privacy Act 1988 and the Australian Immunisation Register Act 2015, when you choose to receive a COVID-19 vaccination.
Personal information is entered into the Australian Immunisation Register
When you receive your vaccination, your personal information will be entered into the Australian Immunisation Register (the Register) by your vaccination provider. The provider will enter your:
- name
- date of birth
- contact details
- gender
- Medicare number (if any)
- healthcare identifier (if any).
Collection of your personal information for this purpose is required under the Australian Immunisation Register Act. This means that the collection will meet the requirements of the Privacy Act. The Register records vaccines given to all people in Australia. It is already in existence and use. Find out more information about the Australian Immunisation Register Act.
When receiving a COVID-19 vaccine at a Pharmacy
If you receive a COVID-19 vaccination through a Community Pharmacy, you may also be asked to provide consent for your personal information to be sent to the Pharmacy Program Administrator (PPA). This is to allow Pharmacies to claim payments for the vaccines they administer.
The information provided to the PPA may include:
- your name
- your date of birth
- your Medicare number (if any)
- whether your first or second dose [and if second, whether both were received at the same pharmacy].
The PPA will use your information to manage Pharmacy payment claims, for general reporting to us, and for Pharmacy compliance monitoring. We may share your personal information with the PPA for the purposes of compliance or fraud investigations.
The PPA will handle your data in compliance with the Privacy Act and in line with our strong privacy requirements. You can read their Privacy Policy online.
We will use and disclose your personal information to:
- monitor vaccination coverage and effectiveness across Australia
- collect, analyse and publish statistics and other information about vaccination coverage
- identify any parts of Australia at risk during disease outbreaks because of the number of unvaccinated individuals in those parts
- advise an individual when they are, or were, due to receive a vaccine
- provide evidence of vaccination status.
These and other purposes are listed in the Australian Immunisation Register Act. We only use and disclose personal information contained in the Register in accordance with the Australian Immunisation Register Act and the Privacy Act.
State and territory health entities may securely access information in the Register where it is permitted by the Australian Immunisation Register Act.
Reporting on the COVID-19 vaccine rollout
We will use information from the Register that we have de‑identified to generate reports that include monitoring:
- dose wastage, delivery, and service capacity
- vaccine coverage across Australia with reference to vaccine brand, location, stock availability, and statistical population data.
The de-identified data will be transferred into a Vaccine Data Solution (Data Solution), that is, a software solution for monitoring coverage and logistics for COVID‑19 vaccines. The Data Solution will then generate these reports. Those reports will only contain de‑identified information.
We may disclose these reports to other entities, including state and territory government agencies, if it is necessary for the rollout of COVID-19 vaccines.
How your information is stored
Information in the Register is regularly uploaded from Services Australia’s IT environment and is stored in our Enterprise Data Warehouse. The Enterprise Data Warehouse is an established platform that supports the Department of Health and Aged Care’s storage of data in a secure environment within Australia. No personal information is stored or sent overseas.
De-identified data from the Enterprise Data Warehouse will be transferred to the Data Solution. The Data Solution (containing only de-identified information) will be hosted on cloud services provided by Amazon Web Services and using software provided by Salesforce. The Data Solution will be hosted in Australia.
The Pharmacy Program Administrator will store personal information collected as part of the COVID-19 vaccine rollout in their secure, on-shore IT environment. They may provide personal information to us for the purposes of compliance and payment claiming. They may provide aggregate and de-identified reports (such as number of people who received vaccines at pharmacies in an area) to us on request.
Can I opt out from being included in the Register?
Once you have been vaccinated, including where you have been vaccinated against COVID-19, you cannot opt out of your information being put into the Register where the Australian Immunisation Register Act requires reporting of the information.
However, you can opt out of having your personal information further disclosed from the Register. You can find further information about this on Services Australia’s website, where you will also find the opt-out form.
You can access or correct your information
You can access your immunisation history contained on the Australian Immunisation Register through your Medicare Online account, through myGov, the Medicare Express Plus app, or your My Health Record.
Alternatively, you can contact Services Australia to access your information on the Register. This includes by calling the Australian Immunisation Register line on 1800 653 809 (Monday to Friday 8am to 5pm).
If your details on the Register are incorrect you should contact Services Australia.
Complaints
If you wish to make a complaint about the way your personal information has been managed, you can lodge a complaint with us using the details listed below. Please provide as much information as possible so we can investigate and respond.
We will:
- let you know that we have received your complaint
- do our best to respond within 30 days of receiving your complaint. If we can’t respond within this timeframe we will let you know.
If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner.