Can Your Boss Call Your Doctor to Check Your Sick Note?

In recent Australian data, the most common amount of sick leave taken in a year was about 14 days per employee, and more than half of employers now think absenteeism is under‑reported.

At the same time, surveys suggest many Aussies admit to taking at least one “fake sickie” in the past year.

Put those together and you can see why some managers are suspicious when a medical certificate lands in their inbox – and why more employees are asking a nervous question:

"“Can my boss actually call my doctor to check my sick note?”"

If you’ve ever felt a knot in your stomach when HR asks for “more information”, you’re not alone. Sick leave sits right at the intersection of your livelihood and your private health information – including sensitive areas like mental health, reproductive health, or sexual health. It’s completely reasonable to want clear answers about your sick leave privacy rights.

In this article, we’ll break it all down in plain English, from an Australian perspective:

• When and how an employer can verify a medical certificate
• What Fair Work Australia sick leave rules actually say
• How doctor–patient confidentiality and privacy laws protect you
• What happens with fake medical certificates (and why they’re a terrible idea)
• Practical scripts you can use when your boss pushes for details

We’re writing this as an Australian telehealth provider – at NextClinic, we help thousands of people each year with online medical certificates, telehealth consults and prescriptions. We see these questions come up all the time, so this guide is based on both official guidance and everyday realities in Aussie workplaces.

This is general information, not legal advice – if you’re in a complex dispute, it’s always worth getting specific legal help. But by the end, you should feel far more confident about where your boundaries are, and how to stand up for them politely but firmly.

Looking for a 1 or 2 day medical certificates?

Starting from $19.90

Request Now

Looking for a 1 or 2 day medical certificates?

Starting from $19.90

Request Now

The Short Answer: Can Your Boss Call Your Doctor?

Let’s start with the blunt, practical answer.

1. Your employer can dial the number – but that doesn’t mean they can get your information.

There’s nothing stopping a manager from physically calling a clinic. But:

• Your doctor (or telehealth service) is bound by strict privacy and doctor–patient confidentiality rules.
• Without your consent, they generally can’t reveal your medical information, and in most cases they won’t.

2. Fair Work’s view is crystal clear on “digging for more”.

The Fair Work Ombudsman’s guidance on notice and medical certificates says:

• Employers can ask you to provide evidence (like a medical certificate or stat dec) for sick leave.
• However, Fair Work explicitly states it isn’t considered reasonable for an employer to attend your medical appointment or contact your doctor to get further information about your condition.

In other words: the default expectation under Fair Work is that your certificate itself is enough, and employers shouldn’t be phoning your GP to quiz them about you.

*3. Verifying authenticity is different from prying into health details.*

In rare situations (for example, suspected fraud), an employer might try to verify that a medical certificate is genuine – e.g. checking that:

• The clinic exists
• The doctor is registered
• A certificate was actually issued on that date

Even then, your doctor should not be disclosing anything beyond what’s already on the certificate without your consent. And many clinics will simply refuse to confirm anything unless they’ve got your okay in writing, precisely because of privacy rules.

4. For most ordinary sick days, it never gets that far.

In day‑to‑day practice, if you:

• Notify your employer properly
• Provide a valid medical certificate when requested

…that’s usually the end of the matter. Most employers accept the evidence as long as it looks professional and they have no strong reason to suspect a fake medical certificate.

We’ll dig into the finer details – but if you only remember one thing, let it be this:

"*Your boss is entitled to reasonable evidence that you were unfit for work. They are not entitled to a blow‑by‑blow account of your medical history.*"

Why Are Employers So Suspicious About Sick Leave?

To understand why some bosses push boundaries, it helps to see it from their side for a moment.

• A major absence report found the most common amount of sick leave taken in 2022 was 14 days per employee, up about 23% since 2019.
• Over half of surveyed organisations now believe absence is under‑reported.
• Broader ABS‑based analysis shows that in winter, more than 8% of the workforce may be working reduced hours or absent due to illness, injury or personal reasons at any one time.

On top of that, consumer surveys suggest around two‑thirds of Australians admit to taking at least one “fake sickie” in the previous 12 months (often for reasons like burnout, family issues, or needing a day to reset).

So employers are juggling:

• Genuine illness (including mental health and long COVID)
• Carer’s responsibilities
• Occasional people pushing their luck
• Operational pressure when large chunks of the roster are off

That doesn’t mean they get a free pass to invade your privacy. But it explains why some HR teams focus heavily on “employer verify medical certificate” processes, and why a handful overstep by trying to contact doctors directly.

Good policy respects both sides:

• Employers get reasonable evidence so they can approve sick leave fairly.
• Employees retain privacy and dignity, especially around sensitive conditions (like sexual health issues, fertility treatment or mental health).

Your Sick Leave Rights Under Fair Work Australia

Under the National Employment Standards (NES):

• Full‑time employees are generally entitled to 10 days of paid personal/carer’s leave (often just called sick leave) per year, with part‑timers getting this on a pro‑rata basis.
• This covers both your own illness/injury and caring responsibilities.
• Unused paid personal leave carries over year to year.

Fair Work’s guidance on sick and carer’s leave makes a few key points:

1. You must let your employer know you’re sick as soon as practicable.

This can be after the leave has started, but shouldn’t be unreasonably delayed.

1. Your boss can ask for evidence – even for one day off.

There’s no legal rule that says “you get two sick days without a certificate”. Many workplaces choose that as a policy, but under the Fair Work Act 2009 s.107, an employer is allowed to ask for evidence for any length of absence, including a single day.

1. Evidence must be “reasonable” and convince a fair‑minded person.

Fair Work gives examples of acceptable evidence, including:

• A medical certificate
• A statutory declaration

They emphasise that the type and level of evidence must be reasonable in the circumstances.

1. You don’t usually have to give detailed medical data.

A standard certificate simply says you were “unfit for work” for a period, without listing your diagnosis. That’s normally enough.

At NextClinic, our certificates follow exactly this approach. We’ve also written a broader explainer on entitlements and evidence in our post [Sick Leave & Employee Privacy Rights](https://nextclinic.com.au/blog/sick-leave-and-employee-privacy-rights) if you’d like to go deeper into Fair Work Australia sick leave rules.

The key takeaway: your employer can ask for proof that you were genuinely unwell, but they don’t get to dissect what, exactly, was wrong with you.

Doctor–Patient Confidentiality 101 (And Why It Matters Here)

Now let’s talk about the other half of the equation: your doctor’s obligations.

The Victorian Government’s Better Health Channel (a reputable public health resource) explains that:

• There are laws that set out how your medical records can be shared.
• Health professionals cannot discuss your health information with anyone else without your consent, except in a small number of specific situations (like serious threats to life or public health, or certain law‑enforcement circumstances).
• “Doctor–patient confidentiality” means that, with only a few exceptions, what you tell your doctor must be kept private between you and the health service.

The Office of the Australian Information Commissioner (OAIC) reinforces that health information is “sensitive information” under privacy law. Health services face strict rules about how they collect, use and disclose it – and you can complain to the OAIC if your health information is mishandled.

What does that mean in practice?

• Your GP or telehealth doctor cannot lawfully hand over your full medical records to your employer just because the employer calls.
• They normally can’t even confirm details beyond what you’ve already authorised, unless a specific legal exception applies.
• Sensitive topics – like sexual health, contraception, gender‑affirming care, mental health, pregnancy, termination, or STI treatment – sit under the same strong confidentiality umbrella as any other diagnosis.

There are limited situations where a doctor might share information without your consent – for example, to prevent a serious and imminent threat to someone’s life, or because a specific law requires a report. But those scenarios are rare in ordinary workplace sick leave disputes.

So if your manager casually says, “We’ll just call your doctor to check,” it’s important to understand:

"Your doctor’s default position must be to protect your confidentiality, not to satisfy your employer’s curiosity."

What Fair Work Says About Employers Contacting Doctors

Fair Work’s “Notice and medical certificates” guidance is surprisingly direct on this point. It says that:

• It’s not considered reasonable for an employer to go with you to a medical appointment, unless you specifically ask them to.
• It’s also not considered reasonable for an employer to contact your doctor to seek further information beyond the evidence you’ve already provided.

That’s a powerful line to have up your sleeve in conversations with HR.

It doesn’t mean an employer can never communicate with a doctor – for example, in workers’ compensation claims, formal medical capacity assessments, or agreed return‑to‑work programs, carefully structured information sharing can be appropriate.

But for ordinary sick leave, the regulator’s default expectation is:

• You provide a medical certificate or stat dec showing you were unfit for work.
• Your employer accepts that as adequate evidence in good faith, unless they have very strong reasons to suspect dishonesty or fraud.

This is why many employment lawyers advise that employers should exercise extreme caution before trying to go around the employee and speak directly to their doctor.

Verifying a Medical Certificate the Right Way

Sometimes the legitimate concern isn’t “What illness did you have?” but “Is this certificate even real?”

In those rare cases, there are better ways for an employer to verify a medical certificate than ringing up the GP’s rooms and asking for all your personal details.

What employers can reasonably check

If an employer genuinely suspects a fake medical certificate, reasonable verification steps might include:

• Checking that the clinic name, address and phone number are real
• Confirming that the doctor is registered (through the AHPRA “Register of practitioners”)
• Looking for obvious red flags:
  • No provider number
  • Suspicious email/website
  • Strange formatting or spelling errors

Some employers may contact the clinic and say something like, “We’ve received a medical certificate for [Employee Name] dated [X–Y]. Can you confirm that this document was issued by your practice?”

Even then, because of privacy law, many clinics will:

• Decline to confirm anything without your express consent, or
• Only confirm extremely limited information (for example, that a certificate number or QR code matches their records), without saying anything about your condition.

The OAIC’s guidance on handling health information makes it clear that health services can only disclose your information if it’s for the same purpose it was collected, required by law, necessary to prevent serious harm, or you consent.

How we handle verification at NextClinic

At NextClinic, we’ve designed our system so that employers can verify authenticity without breaching your privacy:

• Our medical certificates include:
  • Clinic details and doctor’s AHPRA registration number
  • Dates you’re unfit for work or study
  • A QR code that lets employers confirm the certificate was legitimately issued, without seeing your medical history.

If your employer wants to verify your medical certificate, they can simply scan the QR code or contact us using the details on the certificate. We can confirm whether a particular certificate number is genuine – but not discuss your diagnosis.

That’s the right balance: employers can trust the document, while your doctor–patient confidentiality stays intact.

Do I Have to Tell My Boss What’s Actually Wrong With Me?

In most cases, no – you don’t have to disclose your specific diagnosis.

Both Fair Work’s guidance and mainstream health information sources support the idea that:

• A medical certificate just needs to show you were “not fit for work” for a certain period.
• It doesn’t have to spell out the illness behind it.

That applies whether your sick leave relates to:

• The flu or gastro
• A mental health condition like anxiety or depression
• A sexual health issue (for example, complications from an STI or pelvic pain)
• Reproductive health – such as fertility treatment, endometriosis flare‑ups, or recovery after a termination

At NextClinic, our own medical certificates are deliberately minimalist:

• They state that you were unfit for work or study on specified dates.
• They include the doctor’s details and registration number.
• They do not list your diagnosis, in line with medical confidentiality and good practice.

Of course, you’re free to share more if you’re comfortable. Some people choose to be open about mental health or chronic illness because it helps colleagues understand what they’re dealing with.

But that’s your choice – not a legal obligation for everyday personal/carer’s leave.

The main exception is where:

• Your condition may affect your ability to safely perform inherent requirements of your role, especially in safety‑sensitive jobs (e.g. pilots, heavy vehicle drivers, high‑risk machinery).
• You’re seeking reasonable adjustments under anti‑discrimination laws.

Even then, much of the focus should be on what you can and can’t safely do, rather than forcing you to disclose intimate details if they’re not necessary.

When Employers Can Ask for More Detail

There are situations where an employer can legitimately ask for more than a standard one‑line certificate – but it’s still bounded by reasonableness and privacy law.

Examples include:

1. Long or repeated absences

If you’ve been off for a long time (or very frequently) with limited information, your employer might:

• Request a more detailed fitness‑for‑work report, or
• Ask your treating doctor to clarify your capacity (not your diagnosis) – e.g. “Can this employee work full‑time/part‑time? Any restrictions on lifting, night shifts, driving, safety‑critical tasks?”

This is usually framed around:

• Fulfilling health and safety duties
• Deciding whether you can safely return to your role
• Considering adjustments (e.g. different duties, reduced hours)

2. Workers’ compensation or serious injury/illness claims

For workers’ comp and complex long‑term conditions, there are specific legal processes where:

• Medical reports and forms are shared with insurers and employers
• You may be asked to consent to release of certain medical information

Even then, your treating doctor should still:

• Share only what is relevant and necessary
• Protect unrelated sensitive information where possible

If you’re ever unsure, it’s perfectly okay to ask your GP:

"“Exactly what will you be sending my employer or insurer? Is there anything in my file that doesn’t need to be included?”"

Doctors are used to navigating these boundaries and can often tailor reports accordingly.

Fake Medical Certificates: Why They’re Never Worth It

Given all this, some people think: “Well, if my boss can’t really check, maybe I’ll just download a template and tweak it…”

Please don’t.

Australian regulators and state agencies treat falsifying medical certificates as a potential form of fraud. For example, the NSW workers’ compensation regulator lists “falsifying medical certificates” as a key indicator of workers’ compensation fraud.

Getting caught with a fake medical certificate can lead to:

• Disciplinary action or dismissal

Dishonesty that undermines trust is regularly treated as serious misconduct in Fair Work cases, and forging documents almost always falls into that category.

• Legal consequences

Depending on how and where you use the document, it can potentially amount to criminal fraud or forgery under state law, with fines or even imprisonment in more serious scenarios.

• Reputational damage

Once employers or colleagues know you’ve faked a medical certificate, trust is extremely hard to rebuild. That can stick with you for years, affecting references and future job prospects.

We’ve written about this in detail in our own posts, including [What Happens if You Fake a Medical Certificate?](https://nextclinic.com.au/blog/what-happens-if-you-fake-a-medical-certificate) and [Faking Medical Certificates: Risks and Consequences](https://nextclinic.com.au/blog/faking-medical-certificates-risks-and-consequences).

The irony is: in 2026, there’s no need to take that risk. Getting a legitimate certificate is usually quick, inexpensive and much safer for your career – especially through trusted telehealth services.

Scripts You Can Use to Protect Your Privacy

Knowing your rights is one thing; saying them out loud to your boss is another.

Here are some simple phrases you can borrow.

1. When your boss asks, “So what was actually wrong with you?”

"“It was a personal medical issue. I’ve provided the medical certificate as required, and I’m fit to work again now.”"

If they push:

"“Under Fair Work, a medical certificate is sufficient evidence of my sick leave. I’d prefer to keep the specific details between me and my doctor.”"

2. When HR says, “We’d like to call your doctor for more information.”

"“I’m not comfortable with my doctor being contacted for extra information beyond the certificate. Fair Work’s guidance is that it’s not generally reasonable for employers to contact a doctor for further details. If you need additional clarification, I’m happy to ask my doctor for a further short note about my capacity for work, rather than my medical history.”"

3. When you’re asked to sign a broad consent form

"“Before I sign anything, can you let me know exactly what information will be requested from my doctor, and for what purpose? I’d like to limit any consent to what’s strictly necessary – for example, information about my current work capacity rather than my full medical record.”"

You can then speak to your GP and say:

"“My employer has asked for information. I’m okay with you commenting on my capacity for work, but I don’t want unrelated conditions or past history disclosed.”"

Most doctors will absolutely respect that boundary.

Telehealth, Online Certificates and Employer Trust

A common follow‑up worry is:

"“Will my boss take an online medical certificate seriously – or will that make them more likely to call the doctor?”"

The short answer is: yes, they should take it seriously.

Fair Work doesn’t distinguish between in‑person and telehealth consultations – a proper medical certificate issued by a registered doctor is valid evidence either way.

At NextClinic:

• All certificates are issued by AHPRA‑registered Australian doctors.
• Our certificates include:
  • Clinic details and doctor identifiers
  • Dates you’re unfit for work or study
  • A secure QR code for verification
• We don’t charge you if our doctor decides it’s not appropriate to issue a certificate based on your answers.

We’ve covered this more fully in:

• [Online Medical Certificate](https://nextclinic.com.au/blog/online-medical-certificate) – how short‑term certificates work via telehealth
• [Medical Certificates for Remote Workers](https://nextclinic.com.au/blog/medical-certificates-for-remote-workers) – why employers should treat telehealth certificates the same as in‑person ones

For employers, reputable telehealth certificates actually reduce the temptation to pry, because:

• The document looks professional and easy to verify.
• They know there’s a structured clinical process behind it.
• There’s an auditable trail (QR code / reference number) if fraud is suspected – without needing to ask for your diagnosis.

Where to Go If Your Sick Leave Privacy Is Breached

If you genuinely feel your sick leave privacy rights have been violated – for example:

• A manager has contacted your doctor without consent and pressured them for details
• Your medical information is being spread around the office
• A legitimate medical certificate has been rejected without good reason

You’ve got a few options.

1. Internal processes
   • Check your workplace’s HR or privacy policy.
   • Raise the issue with HR, your HSR (health and safety representative), or a trusted senior manager.
   • Keep written records of what’s happened.
2. Fair Work Ombudsman (FWO)
   • The FWO can give advice and, in some cases, help resolve disputes about sick leave, evidence and unfair treatment.
3. Office of the Australian Information Commissioner (OAIC)
   • If a health service (including a telehealth provider) has mishandled your health information, you can complain to the OAIC.
4. State health complaint bodies
   • In Victoria, for example, the Health Complaints Commissioner can investigate privacy breaches by health services.
5. Your union or independent legal advice
   • If your job’s on the line or you’re facing disciplinary action, talk to your union (if you’re a member) or an employment lawyer for tailored advice.

Most issues can be sorted out well before that stage, but it’s useful to know the safety nets exist.

Key Takeaways – And a Challenge for This Week

Let’s recap the essentials:

• Your boss can’t just “ring your doctor for details”. Fair Work’s own guidance says it’s generally not reasonable for employers to contact your doctor for further information about your condition.
• Doctor–patient confidentiality is strong. Health professionals are legally and ethically bound to keep your information private, except in narrow circumstances like serious threats or specific legal obligations.
• A simple medical certificate is usually enough. Under Fair Work Australia sick leave rules, evidence just needs to convince a reasonable person that you were unfit for work – it doesn’t have to reveal your diagnosis.
• Fake medical certificates are a huge risk. They can amount to fraud, lead to dismissal, and seriously damage your future career – especially when legitimate telehealth options are quick and affordable.
• You’re allowed to set boundaries. You can politely decline to disclose sensitive details, limit any consent you give, and ask your doctor to focus on work capacity rather than your whole health history.

Your challenge for this week

Pick one small way to put these principles into practice:

• Maybe it’s rehearsing a simple privacy‑protecting line like,

“I’ve provided the medical certificate as required; I’d prefer to keep the details between me and my doctor.”

• Or reading your workplace’s sick leave policy so you know exactly what evidence they can (and can’t) ask for.
• Or, if you’re overdue for a proper rest day, using a legitimate telehealth service like ours to sort your medical certificate without putting your privacy at risk.

Whatever you choose, we’d love to hear about it.

Drop a comment:

• What situation have you faced with an employer querying your sick note?
• Which strategy or script from this article are you planning to use next time?

Your experiences help other Australians navigate the same tricky conversations – and they help us keep creating resources that genuinely support your health, your privacy and your work life.

References

• Sedgwick releases the 2023 absence management and wellbeing report for Australia | Sedgwick
• One act most Aussies admit to faking
• Confidentiality and privacy in healthcare | Better Health Channel
• Notice and medical certificates - Fair Work Ombudsman
• New benchmarking resource on employee absenteeism in Australia | Australian Industry Group
• Paid sick and carer's leave - Fair Work Ombudsman
• Health information | OAIC
• Handling health information | OAIC
• Doctor's Certificate Online | NextClinic
• Workers compensation fraud - SIRA

FAQs