A paradigm shift in aged care
The protection of personal information has never been more critical, particularly within the aged care sector. Aged care providers already collect and manage vast amounts of personal and sensitive information within a complex landscape of legislative obligations. The new Aged Care Act, commencing on 1 November 2025, will see significant changes in privacy and information management. Evinact can help you understand and prepare for the upcoming changes.
Why the changes
Many of the changes are in response to the 2021 Royal Commission into Aged Care Quality and Safety.
Aged care providers will have additional information management obligations requiring them to securely collect, use, store, and disclose personal information in accordance with privacy laws, support coordinated care and protect the rights and confidentiality of individuals receiving care.
Implications for aged care providers
The new legislation may present compliance challenges for many aged care providers, including:
- Systems adaptation – Upgrading information management systems to support robust privacy protections.
- Workforce readiness – Ensuring all staff understand new obligations around rights, privacy, and data security in daily practice.
- Risk management – Implementing risk-based compliance frameworks that can adapt to evolving regulatory interpretations.
In addition, the recent reforms to the Privacy Act 1988 now require aged care providers to take ‘reasonable steps’, including technical and organisational measures, to protect personal information.
Evinact can help
Evinact has developed an Obligations Matrix for aged care providers to help them identify key legal and regulatory requirements and highlight any gaps or areas requiring improvement. This is essential to ensure providers establish and maintain trust with residents, families, and stakeholders.
The matrix is tailored and easy-to-use, translating complex legislative and regulatory requirements into actionable insights.
How it helps
Designed specifically for aged-care providers, the matrix:
- Maps the applicable legislative provisions and standards (e.g. Privacy Act 1988, Aged Care Quality Standards, My Health Records Act 2012, etc.)
- Outlines how the specific obligation applies to the organisation
- Provides plain-language interpretations so responsibilities can be clearly understood
- Assesses whether obligations are met fully, partially, or not met through stakeholder consultation and review of relevant documentation
- Identifies existing processes, policies, and controls that demonstrate compliance
- Identifies gaps and improvement opportunities for targeted risk reduction.
It is a living tool that empowers aged care providers to:
- Demonstrate compliance to regulators
- Strengthen risk management practices and reduce exposure to privacy breaches
- Support continuous improvement in line with best-practice governance.
Evinact’s Obligations Matrix provides the structure and insight you need to take control of your privacy compliance journey.
Work with us
Our deep understanding of the aged care sector has enabled our customers to improve compliance, reduce risk and enhance service delivery to make a real and tangible difference in the lives of ageing Australians.
Our efforts include previous work with several aged care providers, where we helped them strengthen governance and risk management and implemented robust privacy and information management frameworks tailored to the unique challenges of the aged care sector.
