Book a ClinicLogin

PURPOSE

The purpose of this Privacy Policy is to set out how The Vaccination Hub collects, uses, discloses, stores, secures, and manages personal information and health information in the course of providing immunisation coordination, vaccination services, clinical governance support, and associated healthcare operations.

The Vaccination Hub is committed to ensuring that all personal information and health information is handled in accordance with the Privacy Act 1988 (Cth),the Australian Privacy Principles (APPs), and all other applicable Commonwealth and State legislative requirements.

This Privacy Policy applies to all services delivered by The Vaccination Hub, including services provided in partnership with:

  • aged care providers
  • residential aged care facilities
  • approved providers
  • pharmacy partners
  • primary healthcare providers
  • public health units
  • workplace vaccination programs
  • contracted clinical service providers
  • technology and integration partners

SCOPE

This policy applies to all information collected by The Vaccination Hub in relation to:

  • residents
  • patients
  • vaccine recipients
  • substitute decision-makers
  • next of kin
  • provider representatives
  • clinical contractors
  • employees
  • contractors
  • partner organisations
  • website and booking platform users

This includes both personal information and sensitive health information as defined under the Privacy Act1988 (Cth).

INFORMATION COLLECTED

The Vaccination Hub collects only information reasonably necessary to provide safe, lawful, and effective services. Information collected may include:

  • full legal name
  • date of birth
  • residential address
  • aged care facility details
  • room number or resident identifier
  • Medicare number
  • contact details, including phone and email
  • emergency contact details
  • next of kin details
  • substitute decision-maker details
  • consent records
  • medical history relevant to vaccination
  • immunisation history
  • allergy history
  • adverse event history
  • current medications where clinically relevant
  • vaccination encounter records
  • vaccine brand and type
  • batch number
  • expiry date
  • administration site
  • date and time of administration
  • healthcare provider details
  • facility reporting data
  • service agreement and billing information
  • payment details where required

PURPOSE OF COLLECTION

Information is collected for the purposes of:

  • coordinating vaccination services
  • determining vaccine eligibility
  • assessing clinical suitability
  • obtaining and recording consent
  • scheduling clinics and appointments
  • recording vaccination encounters
  • managing adverse event follow-up
  • ensuring continuity of clinical care
  • meeting legal and regulatory reporting obligations
  • reporting to the Australian Immunisation Register(AIR)
  • supporting provider compliance under the Aged Care Act 2024
  • supporting quality and accreditation audits
  • facilitating provider reporting dashboards
  • generating governance and compliance reports
  • managing payments and invoicing
  • supporting integration with provider clinical systems
  • responding to complaints, incidents, and investigations

Where required information is not provided, The Vaccination Hub may be unable to safely deliver services or meet legislative obligations.

USE AND DISCLOSURE OF INFORMATION

Personal information and health information may be disclosed only where reasonably necessary for service delivery, legal compliance, or clinical safety. Disclosure may occur to:

  • aged care providers
  • approved providers
  • authorised facility staff
  • pharmacists
  • nurses
  • medical practitioners
  • pharmacy partners
  • public health units
  • Commonwealth and State Government health departments
  • the Australian Immunisation Register (AIR)
  • software integration partners
  • secure hosting providers
  • authorised subcontractors
  • legal or regulatory authorities where required by law

All disclosures are limited to the minimum information necessary to fulfil the relevant purpose. Third-party providers engaged by The Vaccination Hub are required to comply with confidentiality, privacy, and data security obligations equivalent to Australian legislative standards.

CONFIDENTIALITY AND STAFF OBLIGATIONS

All employees, contractors, pharmacists, nurses, administrative personnel, and third-party service providers engaged by The Vaccination Hub are subject to strict confidentiality obligations. Technology partners are required to meet appropriate cybersecurity and privacy standards.

  • Conditions of engagement include:
  • signed confidentiality agreements
  • privacy compliance obligations
  • professional confidentiality duties
  • restricted access based on role requirements
  • mandatory privacy and data handling training
  • secure credential management
  • ongoing compliance monitoring

Any breach of confidentiality, unauthorised disclosure, or inappropriate access to information may result in disciplinary action, termination of engagement, and notification to relevant authorities where required.

DATA STORAGE AND SECURITY

TVH takes reasonable steps to protect all personal and health information from:

  • unauthorised access
  • misuse
  • loss
  • interference
  • modification
  • disclosure

Security controls include:

  • secure cloud-based infrastructure
  • Australian-hosted systems where available
  • role-based access controls
  • password protection
  • multi-factor authentication where supported
  • encrypted data transmission
  • secure backup processes
  • firewall and malware protection
  • access logs and audit trails
  • restricted administrative permissions
  • secure physical document storage
  • controlled destruction of hard copy records

DATA RETENTION

Records are retained for the period required under applicable healthcare, aged care, financial, and privacy legislation. When records are no longer required, secure destruction or permanent de-identification is undertaken in accordance with legislative and professional standards.

ACCESS AND CORRECTION

Requests for access to or correction of information held by The Vaccination Hub may be made in writing by:

  • the individual concerned
  • an authorised representative
  • substitute decision-maker
  • approved provider representative where authorised

Reasonable steps will be taken to provide access or correct inaccurate, incomplete, or
outdated information.

PRIVACY COMPLAINTS

Any privacy concern, complaint, or suspected breach may be submitted in writing to The Vaccination Hub. All complaints will be investigated promptly and managed in accordance with internal incident and privacy breach procedures. Where required, notifiable data breach obligations under Australian law will be followed.

POLICY REVIEW

This policy is subject to annual review and may be updated to reflect legislative, operational, or technological changes. The most current version of this policy is the version approved and issued by The Vaccination Hub.

Ready to Prioritise the Wellbeing of Your People?

Book a Clinic