PURPOSE
The purpose of this Privacy Policy is to set out how The Vaccination Hub collects, uses, discloses, stores, secures, and manages personal information and health information in the course of providing immunisation coordination, vaccination services, clinical governance support, and associated healthcare operations.
The Vaccination Hub is committed to ensuring that all personal information and health information is handled in accordance with the Privacy Act 1988 (Cth),the Australian Privacy Principles (APPs), and all other applicable Commonwealth and State legislative requirements.
This Privacy Policy applies to all services delivered by The Vaccination Hub, including services provided in partnership with:
aged care providers
residential aged care facilities
approved providers
pharmacy partners
primary healthcare providers
public health units
workplace vaccination programs
contracted clinical service providers
technology and integration partners
SCOPE
This policy applies to all information collected by The Vaccination Hub in relation to:
residents
patients
vaccine recipients
substitute decision-makers
next of kin
provider representatives
clinical contractors
employees
contractors
partner organisations
website and booking platform users
This includes both personal information and sensitive health information as defined under the Privacy Act1988 (Cth).
INFORMATION COLLECTED
The Vaccination Hub collects only information reasonably necessary to provide safe, lawful, and effective services. Information collected may include:
full legal name
date of birth
residential address
aged care facility details
room number or resident identifier
Medicare number
contact details, including phone and email
emergency contact details
next of kin details
substitute decision-maker details
consent records
medical history relevant to vaccination
immunisation history
allergy history
adverse event history
current medications where clinically relevant
vaccination encounter records
vaccine brand and type
batch number
expiry date
administration site
date and time of administration
healthcare provider details
facility reporting data
service agreement and billing information
payment details where required
PURPOSE OF COLLECTION
Information is collected for the purposes of:
coordinating vaccination services
determining vaccine eligibility
assessing clinical suitability
obtaining and recording consent
scheduling clinics and appointments
recording vaccination encounters
managing adverse event follow-up
ensuring continuity of clinical care
meeting legal and regulatory reporting obligations
reporting to the Australian Immunisation Register(AIR)
supporting provider compliance under the Aged Care Act 2024
supporting quality and accreditation audits
facilitating provider reporting dashboards
generating governance and compliance reports
managing payments and invoicing
supporting integration with provider clinical systems
responding to complaints, incidents, and investigations
Where required information is not provided, The Vaccination Hub may be unable to safely deliver services or meet legislative obligations.
USE AND DISCLOSURE OF INFORMATION
Personal information and health information may be disclosed only where reasonably necessary for service delivery, legal compliance, or clinical safety. Disclosure may occur to:
aged care providers
approved providers
authorised facility staff
pharmacists
nurses
medical practitioners
pharmacy partners
public health units
Commonwealth and State Government health departments
the Australian Immunisation Register (AIR)
software integration partners
secure hosting providers
authorised subcontractors
legal or regulatory authorities where required by law
All disclosures are limited to the minimum information necessary to fulfil the relevant purpose. Third-party providers engaged by The Vaccination Hub are required to comply with confidentiality, privacy, and data security obligations equivalent to Australian legislative standards.
CONFIDENTIALITY AND STAFF OBLIGATIONS
All employees, contractors, pharmacists, nurses, administrative personnel, and third-party service providers engaged by The Vaccination Hub are subject to strict confidentiality obligations. Technology partners are required to meet appropriate cybersecurity and privacy standards.
Conditions of engagement include:
signed confidentiality agreements
privacy compliance obligations
professional confidentiality duties
restricted access based on role requirements
mandatory privacy and data handling training
secure credential management
ongoing compliance monitoring
Any breach of confidentiality, unauthorised disclosure, or inappropriate access to information may result in disciplinary action, termination of engagement, and notification to relevant authorities where required.
DATA STORAGE AND SECURITY
TVH takes reasonable steps to protect all personal and health information from:
unauthorised access
misuse
loss
interference
modification
disclosure
Security controls include:
secure cloud-based infrastructure
Australian-hosted systems where available
role-based access controls
password protection
multi-factor authentication where supported
encrypted data transmission
secure backup processes
firewall and malware protection
access logs and audit trails
restricted administrative permissions
secure physical document storage
controlled destruction of hard copy records
DATA RETENTION
Records are retained for the period required under applicable healthcare, aged care, financial, and privacy legislation. When records are no longer required, secure destruction or permanent de-identification is undertaken in accordance with legislative and professional standards.
ACCESS AND CORRECTION
Requests for access to or correction of information held by The Vaccination Hub may be made in writing by:
the individual concerned
an authorised representative
substitute decision-maker
approved provider representative where authorised
Reasonable steps will be taken to provide access or correct inaccurate, incomplete, or
outdated information.
PRIVACY COMPLAINTS
Any privacy concern, complaint, or suspected breach may be submitted in writing to The Vaccination Hub. All complaints will be investigated promptly and managed in accordance with internal incident and privacy breach procedures. Where required, notifiable data breach obligations under Australian law will be followed.
POLICY REVIEW
This policy is subject to annual review and may be updated to reflect legislative, operational, or technological changes. The most current version of this policy is the version approved and issued by The Vaccination Hub.