Property Australia

Retirement living risk landscape evolves rapidly


As retirement living operators continue to respond to the coronavirus crisis, the sector’s legal, risk and governance landscape evolves rapidly, says Russell Kennedy Lawyers principal Rohan Harris.

  Top three takeaways:

  • Australia’s 2,300-plus retirement villages are home to 180,000 seniors
  • Retirement living operators should review policies and procedures to address not only infection control, but privacy, disclosure and data breaches
  • “A generic ‘off the shelf’ privacy policy won’t be good enough,” advises Russell Kennedy principal Rohan Harris.


When COVID-19 upended life as we knew it, the retirement living sector immediately stepped up to keep the virus away from its 180,000 residents.

Now, as the pandemic enters a new phase, the sector remains hypervigilant and committed to the care of residents. But a series of far-reaching legal and governance challenges are on the horizon.

COVID-19 has highlighted the “tension” between independent living and the responsibility of retirement living operators to protect the health and safety of residents, and the reputation of their villages, Harris explains.

“It raises the questions of how a village would cope, from either a governance or a liquidity perspective, with a mass exodus of residents as a result of a major infection incident – particularly with ongoing discussion around buy-back reforms. Smaller operators or stand-alone villages are particularly exposed,” he says.

“Many operators were already struggling to cope with existing compliance burdens – COVID-19 has added another layer on top of this.”

Most retirement living operators have reviewed and revised their policies and procedures to ensure they are equipped to deal with the spread of an infectious disease.

But Harris’ colleague Donna Rayner, also a principal with Russell Kennedy, says one of the biggest risks for operators is complying with the various – and varying – state and territory health directions or orders, and communicating these appropriately with residents and staff.

This has increased the operational burden on retirement village staff and may require extra investment in technology and training, says solicitor Sylvia Mansour.

How operators manage privacy and the obligation to disclose personal information also looms much larger in a post-pandemic world.

Rayner says contracts must include a requirement for residents to self-report any infectious disease, not just COVID-19, for example.

“We expect that having specific privacy and health disclosure clauses included in resident contracts will become more common, as well as privacy policies that permit the disclosure of personal information in the event of an emergency or infectious disease situation.”

“Retaining personal health information increases the onus on retirement village operators for inadvertent disclosure and data breaches,” Harris adds.

“With greater data to maintain, there might be a need for operators to review their systems to house this resident information and upskill staff around these systems.”

Harris urges retirement village operators to review their privacy policies and consent forms now. “A generic ‘off the shelf’ privacy policy won’t be good enough,” he says.

Looking ahead, Harris suggests the crisis could accelerate the integrated care model, “as retirement village operators take on greater responsibility for the health and wellbeing of residents”.

For now, operators should begin considering integrated care models – “including partnerships with health providers” – to mitigate risks and seize the upside of disruption.