What Is Employee Assistance? A Legal Guide For Australian Businesses

Running a business in Australia means juggling growth, compliance and culture. More employers are now adding employee assistance to that list - not just as a nice-to-have, but as a smart, preventative way to support mental health at work and manage risk.

So what is employee assistance, do you legally need to offer it, and how do you set it up the right way?

In this guide, we unpack what Employee Assistance Programs (EAPs) are, why they matter, the legal framework that applies (including WHS psychosocial duties), privacy and confidentiality issues, the contracts and policies you’ll need, and practical rollout tips - all in plain English.

What Is Employee Assistance?

In Australian workplaces, employee assistance generally refers to confidential counselling and wellbeing support made available to staff (and sometimes immediate family members). Most businesses offer this via a formal Employee Assistance Program (EAP) delivered by qualified third‑party professionals such as psychologists or counsellors.

Common support includes short‑term counselling, mental health and stress management, conflict resolution, financial or legal referral services, and critical incident support. The objective is to help employees access early, confidential support so issues don’t escalate into absenteeism, burnout or safety incidents.

Two quick clarifications:

• There is no separate statutory “mental health leave” in Australian employment law. Employees may be entitled to personal/carer’s leave (sick leave) under the Fair Work framework, but “mental health leave” isn’t a distinct legal category.
• EAPs are one tool in a broader approach to health, safety and inclusion. They should sit alongside fair workload practices, supportive leadership, safe systems of work and clear procedures for bullying, harassment and complaints.

Is Employee Assistance Mandatory In Australia?

There’s no general legal requirement to offer a formal EAP. However, employers do have a legal duty to protect both physical and psychological health.

Under work health and safety legislation, you must take reasonably practicable steps to eliminate or minimise risks to health and safety, including psychosocial hazards (such as high job demands, poor support, bullying, harassment or exposure to traumatic events). This is part of your overarching duty of care as an employer.

While a formal EAP isn’t mandated, providing confidential counselling access will often be viewed as a reasonable control, especially in higher‑risk or high‑stress environments. It also demonstrates you’re taking proactive steps to support wellbeing, which may help manage legal risk in addition to improving culture and performance.

Legal Framework: WHS, Psychosocial Hazards And Mental Health

If you’re considering an EAP, it helps to understand how it fits within your overall WHS obligations and employment law risks.

Work Health And Safety (WHS) Duties

WHS laws require you to provide and maintain a work environment that is safe and without risks to health so far as is reasonably practicable. This includes psychological safety.

• Identify psychosocial hazards: Think workload, role clarity, support, workplace relationships, exposure to trauma, remote or isolated work, violence and aggression.
• Assess and control risks: Consider practical controls such as clear role design, manager training, reasonable adjustments, reporting pathways, and EAP access.
• Consult workers: Meaningfully consult staff on hazards and controls - this helps identify risks early and ensures controls are workable.
• Monitor and review: Track indicators (e.g. absenteeism, turnover, complaints) and adjust your controls as needed.

Many jurisdictions have introduced or updated regulations and Codes of Practice addressing psychosocial hazards. In practice, regulators expect a planned approach - not just a single program. An EAP complements, but does not replace, safe systems of work.

Fair Work And Workplace Conduct

Managing mental health intersects with other duties: anti‑bullying and harassment obligations, managing performance fairly, and providing safe systems of work. Building capability and support for managers is crucial - for example, training on reasonable management action, flexible work requests and early conversations about support. For further context, see obligations around employee mental health under Fair Work.

Privacy, Confidentiality And Data Security

Privacy and trust are central to any EAP. If employees don’t believe the service is confidential, utilisation will be low - and legal risk may rise if data is mishandled.

How Privacy Law Applies

Australian privacy law (including the Privacy Act 1988 (Cth) and, where relevant, state and territory health privacy laws) regulates how personal information - especially health information - is collected, used and disclosed.

• Employee records exemption: The Privacy Act includes an exemption for certain employee records held by the employer and used directly in the employment relationship. Importantly, this exemption is limited. Health information held by an external EAP provider is typically not covered by the employer’s exemption, and the provider will be subject to privacy obligations when handling that data.
• Voluntary and confidential: Participation in an EAP should be voluntary and confidential, with clear limits explained upfront (e.g. risk of serious harm, legal obligations or mandatory reporting scenarios).
• Data minimisation: Only collect what’s reasonably necessary to deliver and administer the program.
• De‑identified reporting: Employers should usually receive only aggregate, de‑identified usage data (e.g. number of sessions), not individuals’ content.

Make sure your internal documents align with your actual practices, including a clear, accessible Privacy Policy that explains third‑party provider arrangements and how staff information is handled.

Security, Breach Response And Access Controls

Choose providers with strong information security, encryption and access controls. Internally, restrict access to any program administration data to those who need it for legitimate purposes. Have a tested plan for managing incidents, including a Data Breach Response Plan that sets out roles, assessment steps and notification processes.

Contracts, Policies And Documents To Put In Place

Getting the paperwork right protects employees’ privacy and your business. It also sets expectations with providers and your team.

Agreement With Your EAP Provider

Most businesses engage a third‑party provider. Your contract should clearly set out:

• Scope of services and service levels: Availability (e.g. 24/7 support), session limits, modalities (phone, online, in‑person) and critical incident responses.
• Privacy and confidentiality: Detailed obligations for handling health information, de‑identification for reporting, and limits to disclosure.
• Data security and breaches: Technical and organisational measures, audit rights where appropriate, and breach notification processes.
• Pricing and term: Per‑use, subscription or hybrid models; renewal and termination mechanics.
• Credentials and insurance: Provider qualifications, supervision, professional indemnity and public liability coverage.

Employment Contracts And Workplace Policies

Even if you’re not making EAPs a term of employment, it’s helpful to update your documents so information is easy to find and consistent.

• Employment Contracts: Clarify the availability of workplace support (without over‑promising entitlements) and link to the staff handbook or policy suite for details.
• Workplace Policies: Include a wellbeing or EAP policy explaining eligibility, access, confidentiality limits and crisis pathways. Align this with bullying/harassment and grievance procedures.
• Manager guidance: Provide short, practical guidance for managers on referrals, early conversations and confidentiality boundaries.
• Privacy documents: Ensure your Privacy Policy aligns with how EAP information is managed (including third‑party arrangements) and consider internal protocols for sensitive information.

Other Helpful Documents

• Confidentiality provisions for any personnel who may administer aspects of the program (e.g. HR who receive usage reports).
• Internal comms plan and FAQs to build trust, explain confidentiality and encourage early help‑seeking.
• Training materials for leaders covering psychosocial risks, reasonable adjustments and referral pathways.

If you need tailored policies or agreements, our team can help map the right mix for your size and risk profile - from wellbeing policies through to an Employee Privacy Handbook for larger teams.

Rolling Out An EAP: Practical Tips And Common Pitfalls

A well‑designed EAP can be a key part of your WHS and culture strategy - but it’s not a silver bullet. These tips will help you avoid common missteps.

Make It Easy, Clear And Confidential

• Communicate the “how”: Provide simple access steps, phone numbers and online links. Make materials easy to find and mobile‑friendly.
• Lead with confidentiality: Explain limits plainly (e.g. risk of harm) and reassure staff that managers won’t see content of sessions.
• Normalise use: Encourage leaders to speak positively about support and model help‑seeking behaviours.

Integrate With WHS - Don’t “Outsource” Safety

• Address root causes: EAPs support individuals, but they won’t fix high workloads, poor role clarity or toxic behaviours. Tackle these as psychosocial risks through your WHS system.
• Train your managers: Give leaders tools to have early, supportive conversations and to distinguish performance management from bullying.
• Track the right indicators: Use de‑identified utilisation and other metrics (absenteeism, turnover, complaints) to inform broader controls.

Get The Legals Right From Day One

• Use a robust provider contract with privacy, security and reporting clearly defined.
• Align policies and employee communications, so what you say matches what you do.
• Prepare for incidents: Keep your Data Breach Response Plan current and rehearse it.

What If You’re A Small Business Without A Formal EAP?

Plenty of smaller businesses start with practical, lower‑cost steps. You might negotiate a limited package with a provider (e.g. a set number of sessions), share information about community helplines, or support flexibility and time off using standard leave entitlements. The key is to document your approach, address psychosocial risks through your WHS system, and make pathways for help clear.

Whichever path you choose, ensure your conduct and culture obligations are covered - from respectful workplace expectations to fair complaint handling. If issues escalate, it helps to have support for workplace harassment and discrimination claims as part of your risk planning.

What Legal Documents Will You Typically Need?

Here’s a quick checklist you can use as you build or review your employee assistance arrangements. Not every business needs everything on this list, but many will need several of them.

• EAP Provider Agreement: Sets scope, service levels, privacy, security, de‑identified reporting, fees and insurance requirements.
• Employment Contract: References workplace support in a way that’s clear but doesn’t over‑promise, and directs staff to policies for details. Consider an Employment Contract template that suits your workforce.
• Workplace Policies: A concise wellbeing/EAP policy, bullying and harassment policy, grievance procedure, and a Workplace Policy framework to house them.
• Privacy Policy: Explains how personal and health information is handled, including any third‑party providers. Keep your Privacy Policy consistent with actual practice.
• Confidentiality Provisions: For any internal administrators who may access de‑identified reports or program data.
• Data Breach Response Plan: A documented process for assessing and responding to suspected or actual data breaches, including roles and notifications.

If you’re rolling out employee assistance as part of broader change (e.g. a new benefits program or restructure), consider whether you also need to update your approach to changing employment contracts or consultative processes.

Key Takeaways

• Employee assistance (often via an EAP) gives staff confidential access to counselling and wellbeing support; it’s a practical way to encourage early help‑seeking and manage risk.
• There’s no blanket legal requirement to offer an EAP, but you do have WHS duties to manage psychosocial risks - an EAP is often a reasonable control within a broader safety system.
• Privacy is critical: the employee records exemption is limited, third‑party providers handle sensitive health information, and de‑identified reporting to employers is the norm.
• Put strong foundations in place: a clear provider contract, aligned policies, an accurate Privacy Policy and a tested Data Breach Response Plan.
• EAPs complement (not replace) safe systems of work. Train managers, address root causes of stress, and consult staff as part of your WHS obligations.
• Small businesses can start simple; the priority is clear pathways to support and a documented, risk‑based WHS approach to psychological health.

If you’d like a consultation on setting up employee assistance or reviewing your workplace agreements, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.