We respect your privacy and recognise the importance of keeping your personal information confidential, as bound by the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (as amended).

Our Privacy Policy has been compiled to outline how your personal information is handled, and the steps we take to ensure your privacy.

Download our Privacy Policy

Privacy Policy

1. Purpose of Policy

The purpose of the Privacy Policy (‘the Policy’) is to define the process undertaken by the

Health Insurance Fund of Australia (‘HIF’ or ‘the Company’) to collect, handle and secure

personal information. Further, the Policy addresses the rights of a member to access and correct

their personal information or lodge a complaint regarding the handling of their personal



2. Context and Background

The Policy aligns with the Australian Privacy Principles (‘APPs’) contained within the Privacy

Act 1988 (Cth) (‘Privacy Act’). The APPs provide a regulatory framework for the collection, use

and disclosure, quality, security, access and correction of personal information.


The Policy is a core component of HIF’s Risk Management Framework (‘RMF’) and applies to


(a) current, new and past members of HIF; and

(b) contractors, suppliers and any individual or third party organisation that HIF may engage in

the course of conducting business.


3. Definitions

3.1. Personal Information

According to the Privacy Act, personal information is defined as:

Information or an opinion about an identified individual, or an individual who is reasonably


(a) whether the information or opinion is true or not; and

(b) whether the information or opinion is recorded in a material form or not.

Some examples of personal information are name, date of birth and contact information.


3.2. Sensitive Information

According to the Privacy Act, sensitive information is defined as:

(a) Information or an opinion about an individual’s:

(i) Racial or ethnic origin; or

(ii) Political opinion; or

(iii) Membership of a political association; or

(iv) Religious beliefs or affiliations; or

(v) Philosophical beliefs; or

(vi) Membership of a professional or trade association; or

(vii) Membership of a trade union; or

(viii) Sexual orientation or practices; or

(ix) Criminal record

(b) Health information about an individual; or

(c) Genetic information about an individual that is not otherwise health information; or

(d) Biometric information that is to be used for the purpose of automated biometric

verification or biometric identification; or

(e) Biometric templates.

Sensitive information is a subset of personal information. Unless otherwise stated, any

reference to personal information in the Policy includes sensitive information.


4. Policy

4.1. Collection of personal information

HIF will collect personal information about members and third parties in a fair, lawful,

reasonable, and unintrusive manner.

HIF may collect personal information under the following circumstances:

(a) directly from a member upon engaging with HIF distribution channels such as: the

website (including the online member centre (‘OMC’)), web chat, email, telephone calls,

the mobile application, social media, mail, surveys and face-to-face interactions. The

information will be collected with consent and only if the information is reasonably

necessary to perform one or more of HIF’s functions, or where it is required by law and

in compliance with the APPs;

(b) from another member on the same health insurance policy, or a person authorised to

provide personal information on behalf of an individual;

(c) from third parties, including travel and pet insurance partners and outsourced partners;

(d) from health service providers and hospitals; and

(e) from a previous insurer, when a transfer has been requested to move private health

insurance arrangements from that fund to HIF.

By becoming or remaining a member of HIF, or by otherwise providing personal information

to HIF, members confirm that they have consented to HIF collecting, using and disclosing

personal information in accordance with the Policy. This extends to all individuals covered

under a health insurance policy.


4.2. Collection and use of personal information online


All personal information collected via the HIF website is done so with explicit and immediate

consent. Individuals are not required to provide HIF with personal information when visiting

our website, unless when completing a formal application for membership; enquiring about

or making amendments to their existing health insurance policy; or when making claims

under their existing health insurance policy.

When an individual computer visits the HIF website or downloads information from it, the

site will send a cookie to the computer. This is a small piece of information that informs HIF

that the individual computer has accessed the website. The cookie alone will not be able to

identify an individual, rather the cookie makes a record of the visit and may record the

internet address, domain name, date and time of the visit, as well as the type of internet

browser being used. HIF may use this information for statistical and website development

purposes only. If an individual does not want to use cookies, browser settings may be

adjusted to reject cookies.


Online Member Centre

When a member utilises the OMC, HIF may keep a record of log in, transaction and account

history. When a member registers to use the OMC, the member accepts and is bound by

the terms of use. Full terms and conditions of the OMC are available at www.hif.com.au.


4.3. Types of personal information collected and held

The types of personal information HIF may collect, and hold include:

(a) contact information (such as name, email address and phone numbers);

(b) government identifiers (such as Medicare details);

(c) financial information (such as credit card and bank account details, income tier for the

purposes of the Australian Government Rebate on private health insurance); and

(d) previous health information (such as your past health insurance claims).


HIF may also collect and hold sensitive information, including information about an

individual’s health and medical history, where this directly relates to our primary purpose of

managing private health insurance policies or paying claims.

HIF will only collect, utilise or disclose government identifiers, such as Medicare numbers,

in a way that is consistent with its original purpose. HIF will not adopt, as its own identifier,

an identifier of an individual that has been assigned to an individual by the Commonwealth

Government or any of its service provider agencies.


4.4. What happens in the event that personal information is not provided

Individuals have the right not to identify themselves or may use a pseudonymous identity

when contacting HIF for general information. However, under these circumstances, it may

not be practical for HIF to provide relevant information pertaining to its products and

services, nor carry out functions such as processing claims, paying benefits, confirming

lifetime health cover loading or applying the Australian Government Rebate on private

health insurance.


4.5. Use of personal information

The personal information HIF collects may be used to:

(a) process health insurance policy applications and manage health insurance policies on

an ongoing basis;

(b) identify individuals and manage requests for information about a product or service;

(c) process and audit payments and claims;

(d) pay benefits on claims;

(e) perform business related activities and functions such as management and

development of products, services, processes and systems;

(f) collect and analyse information relating to the quality of care;

(g) contact members about insurance products (including pet and travel insurance);

(h) conduct marketing and social media activities, including competitions and promotions

(when a member has opted in for such an activity);

(i) train and coach employees and representatives, unless otherwise advised not to;

(j) assist with legal, clinical or commercial complaints or issues;

(k) investigate and manage potentially fraudulent activities; and

(l) comply with legal obligations.


Members are able to nominate a preferred method of communication when engaging with

HIF. Nominating communication preferences can be facilitated via the OMC or phone or



4.6. Using personal information for direct marketing purposes

HIF collects and uses personal information for direct marketing purposes in order to promote

and offer insurance products and services, including any competitions and promotions. In

relation to competitions and promotions, HIF may contact members by mail, email, SMS,

via the mobile application, or through targeted marketing on social media platforms.

Members are able to discontinue, or opt out of, receiving any marketing or promotional

material they may not wish to receive.

Members will receive service-related communications despite having opted out of direct

marketing activities. Service-related communications are essential communications in

relation to HIF’s products and services and include important information, including

detrimental changes to products and services, premium change letters and policy details.

Members cannot opt out of service-related communications as this is essential for HIF to

fulfil its legal obligations.


4.7. Disclosing personal information in Australia

To provide products and services and to maintain relationships with members, HIF may

disclose personal information to persons or organisations, including:

(a) persons covered by a policy, in the course of administering the policy and paying


(b) a nominated agent, adviser, broker, representative or other persons authorised by, or

responsible for, the member;

(c) to others, including HIF agents, consultants, contractors and service providers, and

those that act as data processors and auditors;

(d) health service providers;

(e) facilitators of HIF arrangements with providers, including their strategic partners;

(f) government agencies;

(g) actuaries;

(h) payment system operators and financial institutions;

(i) service providers engaged by HIF, or acting on our behalf, to deliver services and

technologies relevant to the delivery of member services;

(j) third party insurers HIF is authorised to represent if a member purchases other

insurance products from HIF;

(k) third party operators of websites, social networking and messaging applications to

facilitate online advertising, surveys and analytics;

(l) an employer, if a member is covered under a corporate agreement, in order to administer

related discounts, payment arrangements and any other benefits available under that


(m) to others, including health funds, service providers, other related third parties who assist

in the detection and investigation of fraud;

(n) regulatory bodies and government agencies; and

(o) other parties HIF is authorised, or required by law, to disclose information to.


4.8. Disclosing personal information overseas

HIF may transfer personal information to an overseas recipient, expressly nominated by a

member, for the purposes of providing a transfer certificate or claims history. In such

instances, HIF may not be able to ensure adequate protection of information in relation to

such overseas recipients.


HIF may use service providers who either host or store personal information overseas,

which means that personal information may be transferred between countries to those

service providers, for the purposes outlined in the Policy. Under these circumstances, HIF

will take reasonable steps to ensure that the service provider does not breach the APPs in

relation to the personal information being transferred.


4.9. Family and couples’ policies

For family and couples’ health insurance policies, HIF will collect information about

dependants (partner and children) from the member who sets up the policy (also known as

the primary member). If a primary member provides HIF with information about a partner or

a dependant who is 16 years of age or over, the primary member acknowledges that they

are creating, or have created, the health insurance policy on behalf of the co-insureds and


(a) the primary member has authority to agree to the relevant terms;

(b) the primary member has made relevant dependants aware of the information set out in

the Policy and informed the dependants of how they can obtain access to the Policy;


(c) the primary member has consent to provide personal information to HIF, for HIF to use

that personal information for the purposes set out in the Policy, and as otherwise

permitted by Australian law.

If the primary member lodges a claim on behalf of a dependant, HIF will act in reliance on

the above warranties given by the primary member, and accordingly assume consent has

been provided to the primary member to share information necessary for HIF to process

the claim.


All claims payments and general policy information will be sent to the primary member.

If the primary member and their partner become divorced or separated, HIF strongly

recommends the members take out separate policies to protect private information, as it

might not be practicable for HIF to keep personal information separate. If the primary

member and the dependant decide to stay on a couples or family policy post-divorce or

separation, the members acknowledge that personal information may be disclosed to their

ex-partner in the course of the maintenance and administration of the health insurance



4.10. Quality and security of personal information


HIF takes reasonable steps to ensure that personal information collected, used or disclosed is accurate, up to date, complete and relevant. HIF also takes reasonable steps to protect personal information from misuse, interference and loss, unauthorised access, modification or disclosure.


4.11. Access to personal information

HIF will, upon request by a member, give the member access to their personal information within a reasonable period after the request is made, and in the manner requested by the member, if it is reasonable and practicable to do so.

If a member contacts HIF for such a request, verification and identify checks will be completed prior to granting access to personal information.

Under certain circumstances, and in accordance with the Privacy Act, HIF is not required to give a member access to personal information to the extent that:

(a) providing access would pose a serious threat to the life, health or safety of other individuals; or

(b) providing access would have an unreasonable impact on the privacy of another individual; or

(c) the request for access is frivolous or vexatious; or

(d) the information relates to existing or anticipated legal proceedings, and would not be accessible by the process of discovery in those proceedings; or

(e) providing access would reveal the intentions of HIF in relation to negotiations with the individual in such a way as to prejudice those negotiations; or

(f) providing access would be unlawful; or

(g) denying access is required or authorised by an Australian law or a court / tribunal order; or

(h) HIF has reason to suspect that unlawful activity, or misconduct of a serious nature, has been, is being or may be engaged in, and giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or

(i) providing access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or

(j) providing access would reveal evaluative information in connection with a commercially sensitive decision making process.

If HIF refuses to provide a member with access to their personal information, or cannot provide access in the manner requested, the reasons for the refusal will be provided to the member in writing, except to the extent that it would be unreasonable to do so.


4.12. Correction of personal information

HIF will take reasonable steps to ensure that the personal information it holds about its members is accurate, up to date, complete, relevant and not misleading, if:

(a) HIF is satisfied that the personal information it holds is inaccurate, out of date,

incomplete, irrelevant or misleading; or

(b) A member requests HIF to correct their personal information.

Upon request by a member to correct their personal information, HIF will respond to the request within a reasonable period after the request is made.

If HIF corrects the personal information about a member that it previously disclosed to another organisation governed by the Privacy Act and that member requests HIF to notify the said organisation of the correction, HIF will take reasonable steps to give that notification unless it is impracticable or unlawful to do so. If HIF refuses to correct personal information as requested by a member, the reasons for the refusal will be provided to the member in writing, except to the extent that it would be unreasonable to do so.


4.13. Contacting HIF to enquire or complain about privacy related matters

If a member has concerns or queries about the manner in which personal information has been handled by HIF, or wishes to make a formal complaint, such concerns, queries or complaints must be provided in writing to the HIF Privacy Officer, as per the details below:


Written Enquiries: The Privacy Officer


GPO Box X2221


Website: https://www.hif.com.au/legal stuff

Email: privacyofficer@hif.com.au


If HIF does not respond within a reasonable time, or if the complaint is not resolved to the member’s satisfaction, members are entitled to make a complaint to the Office of the Australian Information Commissioner. Please visit their website for more details on how to contact them or make a complaint at https://www.oaic.gov.au/about-us/contact-us/.

HIF & data breaches: all you need to know.

Maintaining the privacy of personal and sensitive information has always been central to the relationship of trust and confidence between HIF and our members. 

In addition, there can be significant penalties for a breach, as well as the possibility of negative publicity and damage to a member’s reputation. Even a single breach of member privacy has the potential to cause serious harm and may be notifiable to the Australian Information Commissioner. 

We have put in place stringent controls to protect members’ personal data in the unlikely event that a member's details had accidentally been disclosed to an unauthorised person. 

We would have to respond if, for example, we discovered member details had accidentally been disclosed; your medical history had been sent to the wrong person; or a staff member had inappropriately accessed member records. 

If you have any queries about our privacy policy or how data breaches are handled, please don't hesitate to phone us on 1300 134 060 or email our team on hello@hif.com.au