Medical certificates or statutory declarations for routine personal leave applications

Purpose

This advice explains how ACT Public Sector (ACTPS) staff and agencies should handle documentary evidence that has been submitted in support of routine personal leave applications. This helps to:

• Meet legal recordkeeping requirements
• Protect staff privacy and avoid keeping unnecessary personal health information
• Support administrative efficiency across the ACTPS.

Scope

This advice applies to:

• All ACTPS agencies
• All staff responsible for approving routine personal leave applications

This advice:

• Relates only to documentary evidence submitted in support of routine personal leave applications
• Does not apply to documentary evidence in support of any other type of leave or processes such as compensation or rehabilitation.

As defined in the ACTPS Personal Leave Guidelines, documentary evidence includes medical or attendance certificates, carer’s certificates, and statutory declarations.

Do we need to keep medical certificates as a record?

No. The ACTPS should not keep medical certificates or statutory declarations for routine personal leave requests. These documents:

• Are submitted for the purpose of supporting leave applications
• Should not be used for any other purpose (such as tracking staff behaviour)
• Should be returned to the staff member or securely destroyed under Normal Administrative Practice (NAP).

Medical certificates or statutory declarations are a means of verifying that an individual is entitled to personal leave. By approving a routine personal leave request, the supervisor is confirming that they have viewed the documentary evidence and done their due diligence regarding the request. Evidence of a supervisor’s approval is the only record that needs to be captured and retained.

What if we want to keep medical certificates for other purposes?

When a staff member submits a medical certificate for a routine personal leave application it should not be used for any other purpose. Keeping such documents without a clear purpose creates privacy risks for individuals and the agency.

These documents often contain health information as defined in the Health Records (Privacy and Access) Act 1997 and therefore must be managed in accordance with the privacy principles under that Act. Note that under principle 1 health information:

• must not be collected unless it is directly related to a function or activity of the collector, and
• must be destroyed if it is no longer needed for that purpose.

If an agency retains a medical certificate or statutory declaration, they must be able to demonstrate why it is required and how they will ensure compliance with the health privacy principles. In addition, they must seek consent of the staff member. Evidence of that consent must be captured as a record and stored with the document in a secure file. Agencies should seek advice from their Privacy Officer to ensure documents are managed appropriately.

How should these records be managed?

1. Medical certificates or statutory declarations submitted in support of routine personal leave applications:
   • Return the document to the staff member, or
   • Delete the message or securely destroy the document.
2. Evidence that a supervisor has viewed documentary evidence in support of a routine personal leave application:
   • Capture this in a system such as HR21, where a tick box indicates that the evidence has been viewed, or
   • Ensure a signed or otherwise approved attendance record is captured on file, or
   • Make a file note to record the decision and that evidence has been viewed.
   • Store the documentary evidence and evidence of consent together, and
   • Restrict access to these files by keeping physical files in locked storage, or applying access restrictions to digital files, and
   • Ensure the record is managed in accordance with the health privacy principles.
3. If a staff member has consented to documentary evidence being retained, and the collection of that documentary evidence is necessary for or directly related to the function or activity being undertaken:
   • Store the documentary evidence and evidence of consent together, and
   • Restrict access to these files by keeping physical files in locked storage, or applying access restrictions to digital files, and
   • Ensure the record is managed in accordance with the health privacy principles.

What about existing files?

In the past agencies have had different processes for managing personal leave applications. This means there are many legacy medical certificates and statutory declarations in:

• Staff files (physical and digital)
• Email accounts
• Personal or shared folders.

If it is not feasible to review existing files, agencies should take a risk-based approach to managing these documents. Access to personal and health information should be carefully controlled to ensure that only authorised staff can view the information (e.g. the staff member, their supervisor, and records management staff). Access controls can be used in systems such as Content Manager or Objective. Folders on share drives should be locked down. Physical files should be stored in a locked cabinet or restricted file room.

Legacy documents – actions for agencies

• Destroy legacy documents under NAP, where possible.
• Ensure strict access controls on staff files.
• Run regular records disposal activities.
• Review staff files when they are due for destruction.

Reference

Australian Capital Territory. (1997). Health Records (Privacy and Access) Act 1997. Retrieved from https://www.legislation.act.gov.au/View/a/1997-125/current/html/1997-125.html

Australian Capital Territory. (2014). Information Privacy Act 2014. Retrieved from https://www.legislation.act.gov.au/View/a/2014-24/current/html/2014-24.html

Australian Capital Territory. Chief Minister, Treasury & Economic Development Directorate. (2025). Personal Leave Guidelines: Including personal leave in special, extraordinary and unforeseen circumstances. Retrieved from https://www.cmtedd.act.gov.au/__data/assets/pdf_file/0005/2999867/Personal-Leave-Guidelines.pdf

Territory Records Office. (2024). Assess – Identity verification 2024 (Version 1.1). Retrieved from https://www.territoryrecords.act.gov.au/__data/assets/pdf_file/0006/2608485/Assess-Identity-Verification-2024-FINAL-v-1.1.pdf

Territory Records Office. (2024). Assess – Normal Administrative Practice (NAP) 2024 (Version 002). Retrieved from https://www.territoryrecords.act.gov.au/__data/assets/pdf_file/0007/1218391/Assess-Normal-Administrative-Practice-NAP-2024-002.pdf

The Handling of medical certificates or statutory declarations for personal leave applications Records Advice is licensed under Creative Commons — Attribution 4.0 International — CC BY 4.0. You are free to re-use the work under that licence with attribution.

Please give attribution to: © Australian Capital Territory, 2026

The licence does not apply to the ACT Coat of Arms, the ACT Government logo and branding, images, artwork, photographs or any material protected by trademark.