1. Purpose of Policy
Health Insurance Fund of Australia (‘HIF’ or ‘the Company’) to collect, handle and secure
personal information. Further, the Policy addresses the rights of a member to access and correct
their personal information or lodge a complaint regarding the handling of their personal
2. Context and Background
The Policy aligns with the Australian Privacy Principles (‘APPs’) contained within the Privacy
Act 1988 (Cth) (‘Privacy Act’). The APPs provide a regulatory framework for the collection, use
and disclosure, quality, security, access and correction of personal information.
The Policy is a core component of HIF’s Risk Management Framework (‘RMF’) and applies to
(a) current, new and past members of HIF; and
(b) contractors, suppliers and any individual or third party organisation that HIF may engage in
the course of conducting business.
3.1. Personal Information
According to the Privacy Act, personal information is defined as:
Information or an opinion about an identified individual, or an individual who is reasonably
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.
Some examples of personal information are name, date of birth and contact information.
3.2. Sensitive Information
According to the Privacy Act, sensitive information is defined as:
(a) Information or an opinion about an individual’s:
(i) Racial or ethnic origin; or
(ii) Political opinion; or
(iii) Membership of a political association; or
(iv) Religious beliefs or affiliations; or
(v) Philosophical beliefs; or
(vi) Membership of a professional or trade association; or
(vii) Membership of a trade union; or
(viii) Sexual orientation or practices; or
(ix) Criminal record
(b) Health information about an individual; or
(c) Genetic information about an individual that is not otherwise health information; or
(d) Biometric information that is to be used for the purpose of automated biometric
verification or biometric identification; or
(e) Biometric templates.
Sensitive information is a subset of personal information. Unless otherwise stated, any
reference to personal information in the Policy includes sensitive information.
4.1. Collection of personal information
HIF will collect personal information about members and third parties in a fair, lawful,
reasonable, and unintrusive manner.
HIF may collect personal information under the following circumstances:
(a) directly from a member upon engaging with HIF distribution channels such as: the
website (including the online member centre (‘OMC’)), web chat, email, telephone calls,
the mobile application, social media, mail, surveys and face-to-face interactions. The
information will be collected with consent and only if the information is reasonably
necessary to perform one or more of HIF’s functions, or where it is required by law and
in compliance with the APPs;
(b) from another member on the same health insurance policy, or a person authorised to
provide personal information on behalf of an individual;
(c) from third parties, including travel and pet insurance partners and outsourced partners;
(d) from health service providers and hospitals; and
(e) from a previous insurer, when a transfer has been requested to move private health
insurance arrangements from that fund to HIF.
By becoming or remaining a member of HIF, or by otherwise providing personal information
to HIF, members confirm that they have consented to HIF collecting, using and disclosing
personal information in accordance with the Policy. This extends to all individuals covered
under a health insurance policy.
4.2. Collection and use of personal information online
All personal information collected via the HIF website is done so with explicit and immediate
consent. Individuals are not required to provide HIF with personal information when visiting
our website, unless when completing a formal application for membership; enquiring about
or making amendments to their existing health insurance policy; or when making claims
under their existing health insurance policy.
When an individual computer visits the HIF website or downloads information from it, the
site will send a cookie to the computer. This is a small piece of information that informs HIF
that the individual computer has accessed the website. The cookie alone will not be able to
identify an individual, rather the cookie makes a record of the visit and may record the
internet address, domain name, date and time of the visit, as well as the type of internet
browser being used. HIF may use this information for statistical and website development
adjusted to reject cookies.
Online Member Centre
When a member utilises the OMC, HIF may keep a record of log in, transaction and account
history. When a member registers to use the OMC, the member accepts and is bound by
4.3. Types of personal information collected and held
The types of personal information HIF may collect, and hold include:
(a) contact information (such as name, email address and phone numbers);
(b) government identifiers (such as Medicare details);
(c) financial information (such as credit card and bank account details, income tier for the
purposes of the Australian Government Rebate on private health insurance); and
(d) previous health information (such as your past health insurance claims).
HIF may also collect and hold sensitive information, including information about an
individual’s health and medical history, where this directly relates to our primary purpose of
managing private health insurance policies or paying claims.
HIF will only collect, utilise or disclose government identifiers, such as Medicare numbers,
in a way that is consistent with its original purpose. HIF will not adopt, as its own identifier,
an identifier of an individual that has been assigned to an individual by the Commonwealth
Government or any of its service provider agencies.
4.4. What happens in the event that personal information is not provided
Individuals have the right not to identify themselves or may use a pseudonymous identity
when contacting HIF for general information. However, under these circumstances, it may
not be practical for HIF to provide relevant information pertaining to its products and
services, nor carry out functions such as processing claims, paying benefits, confirming
lifetime health cover loading or applying the Australian Government Rebate on private
4.5. Use of personal information
The personal information HIF collects may be used to:
(a) process health insurance policy applications and manage health insurance policies on
an ongoing basis;
(b) identify individuals and manage requests for information about a product or service;
(c) process and audit payments and claims;
(d) pay benefits on claims;
(e) perform business related activities and functions such as management and
development of products, services, processes and systems;
(f) collect and analyse information relating to the quality of care;
(g) contact members about insurance products (including pet and travel insurance);
(h) conduct marketing and social media activities, including competitions and promotions
(when a member has opted in for such an activity);
(i) train and coach employees and representatives, unless otherwise advised not to;
(j) assist with legal, clinical or commercial complaints or issues;
(k) investigate and manage potentially fraudulent activities; and
(l) comply with legal obligations.
Members are able to nominate a preferred method of communication when engaging with
HIF. Nominating communication preferences can be facilitated via the OMC or phone or
4.6. Using personal information for direct marketing purposes
HIF collects and uses personal information for direct marketing purposes in order to promote
and offer insurance products and services, including any competitions and promotions. In
relation to competitions and promotions, HIF may contact members by mail, email, SMS,
via the mobile application, or through targeted marketing on social media platforms.
Members are able to discontinue, or opt out of, receiving any marketing or promotional
material they may not wish to receive.
Members will receive service-related communications despite having opted out of direct
marketing activities. Service-related communications are essential communications in
relation to HIF’s products and services and include important information, including
detrimental changes to products and services, premium change letters and policy details.
Members cannot opt out of service-related communications as this is essential for HIF to
fulfil its legal obligations.
4.7. Disclosing personal information in Australia
To provide products and services and to maintain relationships with members, HIF may
disclose personal information to persons or organisations, including:
(a) persons covered by a policy, in the course of administering the policy and paying
(b) a nominated agent, adviser, broker, representative or other persons authorised by, or
responsible for, the member;
(c) to others, including HIF agents, consultants, contractors and service providers, and
those that act as data processors and auditors;
(d) health service providers;
(e) facilitators of HIF arrangements with providers, including their strategic partners;
(f) government agencies;
(h) payment system operators and financial institutions;
(i) service providers engaged by HIF, or acting on our behalf, to deliver services and
technologies relevant to the delivery of member services;
(j) third party insurers HIF is authorised to represent if a member purchases other
insurance products from HIF;
(k) third party operators of websites, social networking and messaging applications to
facilitate online advertising, surveys and analytics;
(l) an employer, if a member is covered under a corporate agreement, in order to administer
related discounts, payment arrangements and any other benefits available under that
(m) to others, including health funds, service providers, other related third parties who assist
in the detection and investigation of fraud;
(n) regulatory bodies and government agencies; and
(o) other parties HIF is authorised, or required by law, to disclose information to.
4.8. Disclosing personal information overseas
HIF may transfer personal information to an overseas recipient, expressly nominated by a
member, for the purposes of providing a transfer certificate or claims history. In such
instances, HIF may not be able to ensure adequate protection of information in relation to
such overseas recipients.
HIF may use service providers who either host or store personal information overseas,
which means that personal information may be transferred between countries to those
service providers, for the purposes outlined in the Policy. Under these circumstances, HIF
will take reasonable steps to ensure that the service provider does not breach the APPs in
relation to the personal information being transferred.
4.9. Family and couples’ policies
For family and couples’ health insurance policies, HIF will collect information about
dependants (partner and children) from the member who sets up the policy (also known as
the primary member). If a primary member provides HIF with information about a partner or
a dependant who is 16 years of age or over, the primary member acknowledges that they
are creating, or have created, the health insurance policy on behalf of the co-insureds and
(a) the primary member has authority to agree to the relevant terms;
(b) the primary member has made relevant dependants aware of the information set out in
the Policy and informed the dependants of how they can obtain access to the Policy;
(c) the primary member has consent to provide personal information to HIF, for HIF to use
that personal information for the purposes set out in the Policy, and as otherwise
permitted by Australian law.
If the primary member lodges a claim on behalf of a dependant, HIF will act in reliance on
the above warranties given by the primary member, and accordingly assume consent has
been provided to the primary member to share information necessary for HIF to process
All claims payments and general policy information will be sent to the primary member.
If the primary member and their partner become divorced or separated, HIF strongly
recommends the members take out separate policies to protect private information, as it
might not be practicable for HIF to keep personal information separate. If the primary
member and the dependant decide to stay on a couples or family policy post-divorce or
separation, the members acknowledge that personal information may be disclosed to their
ex-partner in the course of the maintenance and administration of the health insurance
4.10. Quality and security of personal information
HIF takes reasonable steps to ensure that personal information collected, used or disclosed is accurate, up to date, complete and relevant. HIF also takes reasonable steps to protect personal information from misuse, interference and loss, unauthorised access, modification or disclosure.
4.11. Access to personal information
HIF will, upon request by a member, give the member access to their personal information within a reasonable period after the request is made, and in the manner requested by the member, if it is reasonable and practicable to do so.
If a member contacts HIF for such a request, verification and identify checks will be completed prior to granting access to personal information.
Under certain circumstances, and in accordance with the Privacy Act, HIF is not required to give a member access to personal information to the extent that:
(a) providing access would pose a serious threat to the life, health or safety of other individuals; or
(b) providing access would have an unreasonable impact on the privacy of another individual; or
(c) the request for access is frivolous or vexatious; or
(d) the information relates to existing or anticipated legal proceedings, and would not be accessible by the process of discovery in those proceedings; or
(e) providing access would reveal the intentions of HIF in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
(f) providing access would be unlawful; or
(g) denying access is required or authorised by an Australian law or a court / tribunal order; or
(h) HIF has reason to suspect that unlawful activity, or misconduct of a serious nature, has been, is being or may be engaged in, and giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or
(i) providing access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
(j) providing access would reveal evaluative information in connection with a commercially sensitive decision making process.
If HIF refuses to provide a member with access to their personal information, or cannot provide access in the manner requested, the reasons for the refusal will be provided to the member in writing, except to the extent that it would be unreasonable to do so.
4.12. Correction of personal information
HIF will take reasonable steps to ensure that the personal information it holds about its members is accurate, up to date, complete, relevant and not misleading, if:
(a) HIF is satisfied that the personal information it holds is inaccurate, out of date,
incomplete, irrelevant or misleading; or
(b) A member requests HIF to correct their personal information.
Upon request by a member to correct their personal information, HIF will respond to the request within a reasonable period after the request is made.
If HIF corrects the personal information about a member that it previously disclosed to another organisation governed by the Privacy Act and that member requests HIF to notify the said organisation of the correction, HIF will take reasonable steps to give that notification unless it is impracticable or unlawful to do so. If HIF refuses to correct personal information as requested by a member, the reasons for the refusal will be provided to the member in writing, except to the extent that it would be unreasonable to do so.
4.13. Contacting HIF to enquire or complain about privacy related matters
If a member has concerns or queries about the manner in which personal information has been handled by HIF, or wishes to make a formal complaint, such concerns, queries or complaints must be provided in writing to the HIF Privacy Officer, as per the details below:
Written Enquiries: The Privacy Officer
GPO Box X2221
PERTH WA 6847
Website: https://www.hif.com.au/legal stuff
If HIF does not respond within a reasonable time, or if the complaint is not resolved to the member’s satisfaction, members are entitled to make a complaint to the Office of the Australian Information Commissioner. Please visit their website for more details on how to contact them or make a complaint at https://www.oaic.gov.au/about-us/contact-us/.
Maintaining the privacy of personal and sensitive information has always been central to the relationship of trust and confidence between HIF and our members.
In addition, there can be significant penalties for a breach, as well as the possibility of negative publicity and damage to a member’s reputation. Even a single breach of member privacy has the potential to cause serious harm and may be notifiable to the Australian Information Commissioner.
We have put in place stringent controls to protect members’ personal data in the unlikely event that a member's details had accidentally been disclosed to an unauthorised person.
We would have to respond if, for example, we discovered member details had accidentally been disclosed; your medical history had been sent to the wrong person; or a staff member had inappropriately accessed member records.