Can my employer view my certificate without my permission?

Not at all. Your employer cannot access your medical certificate or records without your explicit consent.

How do I share it safely?

One of the most reliable ways is to log in to your secure patient portal, download the PDF, and email it directly to your HR department. Alternatively, provide them with the unique verification code/QR code on the document.

What if I change my mind about consent?

If you have already sent the certificate to your employer, you cannot withdraw it; however, you may still decline to disclose your medical history beyond the information in the certificate.

Can I share my certificate with my partner?

Of course. You can reveal your medical record information to anyone you wish. Nevertheless, we won't disclose your certificate to your spouse without your consent in ????????writing.

Sharing Your Certificate: Consent & Security Guidelines

Introduction

After you get your medical certificate online, usually, you will have to send it to the person who will check it - your boss, HR department, or university administrator.

But A medical certificate is a formal document that contains essential health information and must be treated confidentially. You have rights under Australian law regarding the sharing of this information. Employees have the right to privacy in their medical records, and employers may not access them without the employee's consent.

This document is about how you can safely share your medical certificate, why it is essential to ask for consent, and how to keep your privacy when you send files over the internet.'

Sharing means giving access. If you want to know more about the owner of the records, please see our guide on Record Keeping and Patient Control.

Why Consent Is Required Before Sharing Medical Documents

The Privacy Act 1988 and the Australian Privacy Principles (APPs) define health information as data that must be protected more strictly than personal data.

The Principle of Consent

Your medical records are your property. No one from the medical field, including the doctor, can disclose your medical certificate to a third party (like your workplace supervisor or principal) without your permission.

Implied Consent: Consent for sharing medical certificates should be explicitly given, and you should only share the certificate with those authorised to view it.
No "Backdoor" Access: Employers must obtain your explicit consent to view or verify your certificate; unauthorised requests will be declined.

These are the things that we are most concerned about legally. Take a look at our Privacy Policy and Legal Compliance framework to know better about the protections given to you.

How to Share Certificates Securely with Employers or Schools

For security reasons, it's recommended that you avoid sending sensitive documents via regular mail. Here is the information on how you can share your digital certificate:

1. Use the Verification Link/QR Code

Many of the most up-to-date solutions allow you to send a secure link or QR code without directly attaching the PDF file, which can be intercepted or modified.

What makes it safe: The person who gets it is actually seeing the file on our secure server. Additionally, they don't have to wait for you to send the file; they can verify and authenticate it immediately.

2. Verify the Recipient

It's always worth making sure that the address you've typed is correct before you send an email.

It's more secure to send your certificate to the business email address than to a personal one. However, always check whether you are on a business email.

3. Keep a Copy

Before distributing the document, remember to keep a copy in your files.

An employer bases their decision on the document's integrity. Learn more about Digital Signature Verification and how it works.

Patient Rights and Responsibilities

The OAIC (Office of the Australian Information Commissioner) has issued rules that set out data subjects' rights in situations such as data sharing.

Your Rights

Right to Anonymity: It is not necessary for the certificate to identify the exact diagnosis (e.g. "Gastroenteritis"). Instead, use "Medical Condition". You are entitled to keep your sickness confidential.
Right to Withdraw: You may choose whether to share the certificate, but doing so may affect your eligibility for paid leave.

Your Responsibilities

Data Security: You must protect the document's security once you have saved it to your device. Don't post it on social media or use it on public computers.
Honesty: Do not make changes to the document before sharing it.

Would you be interested in learning about your access to files? Check out our article on Data Privacy and Access Rights.

Third-Party Access and Limitations

In addition to the first parties, who else might have the right to access your certificate?

Legitimate Third Parties

Employers: To approve leave.
Schools/Universities: For tracking attendance.
Insurers: Only during the time you are filing a claim (e.g. income protection) and you have already signed the consent to disclosure form.

Limitations

Employers are entitled to reasonable evidence of illness, but they cannot access:

Your full medical history
notes from your doctor's consultations
information on the medication prescribed

In case a third party asks for more than they are entitled to, holding on to your rights will be very helpful. Our Legal Compliance section might interest you.

How Prime Medic Ensures Secure Sharing

We incorporate security measures into the sharing step to prevent data leakage.

Encryption in Transit: Information is encrypted using SSL during the purchase of your certificate or an employer's verification via our portal.
Access Logs: Our software maintains a digital audit trail of certificate issuance and verification.
Identity Verification: We verify your identity before issuing the document, so no one else can request a certificate in your name.

Thanks to them, you are safe. In our Quality Compliance guide, you can learn more about our platform's security.