We respect your privacy and recognise the importance of keeping your personal information confidential, as bound by the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (as amended).

Our Privacy Policy has been compiled to outline how your personal information is handled, and the steps we take to ensure your privacy.

Download our Privacy Policy Statement

Privacy Policy

1. Purpose of Policy
The purpose of the Privacy Policy (‘the Policy’) is to define the process undertaken by the
Health Insurance Fund of Australia (‘HIF’ or ‘the Company’) to collect, handle and secure
personal information. Further, the Policy addresses the rights of a member to access and correct
their personal information, or lodge a complaint regarding the handling of their personal
information.
 
2. Context and Background
The Policy aligns with the Australian Privacy Principles (‘APPs’) contained within the Privacy
Act 1988 (Cth) (‘Privacy Act’). The APPs provide a regulatory framework for the collection, use
and disclosure, quality, security, access and correction of personal information.
The Policy is a core component of HIF’s Compliance Management Framework (‘CMF’) and
applies to all:
(a) current, new and past members of HIF; and
(b) contractors, suppliers and any individual or third party organisation that HIF may engage in
the course of conducting business.
 
3. Definitions
3.1. Personal Information
According to the Privacy Act, personal information is defined as: “Information or an opinion
about an identified individual, or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not”.
Some examples of personal information are name, date of birth and contact information.
 
3.2. Sensitive Information
According to the Privacy Act, sensitive information is defined as: “Information or opinion
(that is also personal information) about an individual’s:
(a) racial or ethnic origin;
(b) religious beliefs or affiliations;
(c) philosophical beliefs;
(d) sexual orientation or practices;
(e) criminal record; and
(f) health information about an individual, including:
(i) genetic information (that is not otherwise health information); and
(ii) biometric information.”
Sensitive information is a subset of personal information. Unless otherwise stated, any
reference to personal information in the Policy includes sensitive information.
 
4. Policy
4.1. Collection of personal information
HIF will collect personal information about members and third parties in a fair, lawful,
reasonable, and unintrusive manner.
HIF may collect personal information under the following circumstances:
(a) directly from a member upon engaging with HIF distribution channels including: the
website and web chat, email, telephone calls, or face-to-face interactions. The
information will be collected with consent and only if the information is reasonably
necessary to inform for one or more of HIF’s functions, or where it is required by law and
in compliance with the APPs;
(b) from another member on the same health insurance policy, or a person authorised to
provide personal information on behalf of an individual;
(c) from third parties, including travel and pet insurance partners and outsourced partners;
(d) from health service providers and hospitals; and
(e) from a previous insurer, when a transfer has been requested to move private health
insurance arrangements from that fund to HIF.
By becoming or remaining a member of HIF, or by otherwise providing personal information
to HIF, members confirm that they have consented to HIF collecting, using and disclosing
personal information in accordance with the Policy. This extends to all individuals covered
under a health insurance policy.
 
4.2. Collection and use of personal information online
Website
All personal information collected via the HIF website is done so with explicit and immediate
consent. Individuals are not required to provide HIF with personal information when visiting
our website, unless completing a formal application for membership.
When an individual computer visits the HIF website or downloads information from it, the
site will send a cookie to the computer. This is a small piece of information that informs HIF
that the individual computer has accessed the website. The cookie alone will not be able to
identify an individual, rather the cookie makes a record of the visit and may record the
internet address, domain name, date and time of the visit and the type of internet browser
being used. HIF may use this information for statistical and website development purposes
only. If an individual does not want to use cookies, browser settings may be adjusted to
reject cookies.
 
Online Member Centre
When a member utilises the Online Member Centre (‘OMC’), HIF may keep a record of log
in, transaction and account history. When a member registers to use the OMC, the member
accepts and is bound by the terms of use. Full terms and conditions of the OMC are
available at www.hif.com.au.
 
HIF Member App
When a member utilises the HIF member app, HIF may keep a record of log
in, transaction and account history. When a member registers to use the App, the member
accepts and is bound by the terms of use. Full terms and conditions of the App are
available here.
 
4.3. Types of personal information collected and held
The types of personal information HIF may collect and hold include:
(a) contact information (such as name, email address and phone numbers);
(b) government identifiers (such as Medicare details);
(c) financial information (such as credit card and bank account details, income tier for the
purposes of rebate); and
(d) previous health information (such as your past health insurance claims).
HIF may also collect and hold sensitive information, including information about an
individual’s health and medical history, where this directly relates to our primary purpose of
managing private health insurance policies or paying claims.
HIF will only collect, utilise or disclose government identifiers, such as Medicare numbers,
in a way that is consistent with its original purpose. HIF will not adopt, as its own identifier,
an identifier of an individual that has been assigned to an individual by the Commonwealth
Government or any of its service provider agencies.
 
4.4. What happens in the event that personal information is not provided
Individuals have the right not to identify themselves, or may use a pseudonymous identity
when contacting HIF for general information. However, under these circumstances, it may
not be practical for HIF to provide relevant information pertaining to its products and
services, nor carry out functions such as process claims, pay benefits, confirm lifetime
health cover loading or apply the Australian Federal Government Rebate on private health
insurance.
 
4.5. Use of personal information
The personal information HIF collects may be used to:
(a) process health insurance policy applications and manage health insurance policies on
an ongoing basis;
(b) identify individuals and manage requests for information about a product or service;
(c) process and audit payments and claims;
(d) pay benefits on claims;
(e) perform business related activities and functions such as management and
development of products, services, processes and systems;
(f) collect and analyse information relating to the quality of care;
(g) contact members about insurance products (including pet and travel insurance);
(h) conduct marketing and social media activities, including competitions and promotions
(when a member has opted in for such an activity);
(i) train and coach employees and representatives, unless otherwise advised not to;
(j) assist with legal, clinical or commercial complaints or issues;
(k) investigate and manage potentially fraudulent activities; and
(l) comply with legal obligations.
Members are able to nominate a preferred method of communication when engaging with
HIF. Nominating communication preferences can be facilitated via the OMC or phone or
email.
 
4.6. Using personal information for direct marketing purposes
HIF collects and uses personal information for direct marketing purposes in order to promote
and offer insurance products and services, including any competitions and promotions. In
relation to competitions and promotions, HIF may contact members by mail, email, SMS,
via the HIF App, or through targeted marketing on social media platforms.
Members are able to discontinue, or opt out of, receiving any marketing or promotional
material they may not wish to receive.
Members will receive service-related communications despite having opted out of direct
marketing activities. Service-related communications are essential communications in
relation to HIF’s products and services and include important information, including
detrimental changes to products and services, premium change letters and policy details.
Members cannot opt out of service-related communications as this is essential for HIF to
fulfill legal obligations.
 
4.7. Disclosing personal information in Australia
To provide products and services and to maintain relationships with members, HIF may
disclose personal information to persons or organisations, including:
(a) persons covered by a policy, in the course of administering the policy and paying
benefits;
(b) a nominated agent, adviser, broker, representative or other persons authorised by, or
responsible for, the member;
(c) to others, including HIF agents, consultants, contractors and service providers, and
those that act as data processors and auditors;
(d) health service providers;
(e) facilitators of HIF arrangements with providers, including their strategic partners;
(f) government agencies;
(g) actuaries;
(h) payment system operators and financial institutions;
(i) service providers engaged by HIF, or acting on our behalf, to deliver services and
technologies relevant to the delivery of member services;
(j) third party insurers HIF is authorised to represent if a member purchases other
insurance products from HIF;
(k) third party operators of websites, social networking and messaging applications to
facilitate online advertising, surveys and analytics;
(l) an employer, if a member is covered under a corporate agreement, in order to administer
related discounts, payment arrangements and any other benefits available under that
agreement;
(m) to others, including health funds, service providers, other related third parties who assist
in the detection and investigation of fraud;
(n) regulatory bodies and government agencies; and
(o) other parties HIF is authorised, or required by law, to disclose information to.
 
4.8. Disclosing personal information overseas
HIF may transfer personal information to an overseas recipient, expressly nominated by a
member, for the purposes of providing a transfer certificate or claims history. In such
instances, HIF may not be able to ensure adequate protection of information in relation to
such overseas recipients.
HIF may use service providers who either host or store personal information overseas,
which means that personal information may be transferred between countries to those
service providers, for the purposes outlined in the Policy. Under these circumstances, HIF
will take reasonable steps to ensure that the service provider does not breach the APPs in
relation to the personal information being transferred.
 
4.9. Family and couples’ policies
For family and couples’ health insurance policies, HIF will collect information about
dependants (partner and children) from the member who sets up the policy (also known as
the primary member). If a primary member provides HIF with information about a partner or
a dependant who is 16 years of age or over, the primary member acknowledges that they
are creating, or have created, the health insurance policy on behalf of the co-insureds and
agrees:
(a) the primary member has authority to agree to the relevant terms;
(b) the primary member has made relevant dependants aware of the information set out in
the Policy and informed the dependants of how they can obtain access to the Policy;
and
(c) the primary member has consent to provide personal information to HIF, for HIF to use
that personal information for the purposes set out in the Policy, and as otherwise
permitted by Australian law.
If the primary member lodges a claim on behalf of a dependant, HIF will act in reliance on
the above warranties given by the primary member, and accordingly assume consent has
been provided to the primary member to share information necessary for HIF to process
the claim.
All claims payments and general policy information will be sent to the primary member.
If the primary member and their partner become divorced or separated, HIF strongly
recommends the members take out separate policies to protect private information, as it
might not be practicable for HIF to keep personal information separate. If the primary
member and the dependant decide to stay on a couples or family policy post-divorce or
separation, the members acknowledge that personal information may be disclosed to their
ex-partner in the course of the maintenance and administration of the health insurance
policy.
 
4.10. Quality and security of personal information
HIF takes reasonable steps to ensure that personal information collected, used or
disclosed is accurate, up to date, complete and relevant.
HIF also takes reasonable steps to protect personal information from misuse, interference
and loss, unauthorised access, modification or disclosure, and to destroy or de-identify
personal information that is no longer needed, or that is no longer required to be retained
by or under an Australian law, or a court / tribunal order.
 
HIF will only hold personal information for the length of its relationship with members, or
as otherwise required for business or regulatory alignment.
 
4.11. Access to personal information
HIF will, upon request by a member, give the member access to their personal information
within a reasonable period after the request is made, and in the manner requested by the
member, if it is reasonable and practicable to do so.
If a member contacts HIF for such a request, verification and identify checks will be
completed prior to granting access to personal information.
Under certain circumstances, and in accordance with the Privacy Act, HIF is not required
to give a member access to personal information to the extent that:
(a) providing access would pose a serious threat to the life, health or safety of other
individuals; or
(b) providing access would have an unreasonable impact on the privacy of another
individual; or
(c) the request for access is frivolous or vexatious; or
(d) the information relates to existing or anticipated legal proceedings, and would not be
accessible by the process of discovery in those proceedings; or
(e) providing access would reveal the intentions of HIF in relation to negotiations with the
individual in such a way as to prejudice those negotiations; or
(f) providing access would be unlawful; or
(g) denying access is required or authorised by or under an Australian law or a court /
tribunal order; or
(h) HIF has reason to suspect that unlawful activity, or misconduct of a serious nature,
has been, is being or may be engaged in, and giving access would be likely to
prejudice the taking of appropriate action in relation to the matter; or
(i) providing access would be likely to prejudice one or more enforcement related
activities conducted by, or on behalf of, an enforcement body; or
(j) providing access would reveal evaluative information in connection with a
commercially sensitive decision making process.
If HIF refuses to provide a member with access to their personal information, or cannot
provide access in the manner requested, the reasons for the refusal will be provided to
the member in writing, except to the extent that it would be unreasonable to do so.
 
4.12. Correction of personal information
HIF will take reasonable steps to ensure that the personal information it holds about its
members is accurate, up to date, complete, relevant and not misleading, if:
(a) HIF is satisfied that the personal information it holds is inaccurate, out of date,
incomplete, irrelevant or misleading; or
(b) A member requests HIF to correct their personal information.
Upon request by a member to correct their personal information, HIF will respond to the
request within a reasonable period after the request is made.
 
If HIF corrects the personal information about a member that it previously disclosed to
another organisation governed by the Privacy Act and that member requests HIF to notify
the said organisation of the correction, HIF will take reasonable steps to give that
notification unless it is impracticable or unlawful to do so.
If HIF refuses to correct personal information as requested by a member, the reasons for
the refusal will be provided to the member in writing, except to the extent that it would be
unreasonable to do so.
 
4.13. Contacting HIF to enquire or complain about privacy related matters
If a member has concerns or queries about the manner in which personal information has
been handled by HIF, or wishes to make a formal complaint, such concerns, queries or
complaints must be provided in writing to the HIF Privacy Officer, as per the details below:
 
Written Enquiries: The Privacy Officer
HIF
GPO Box X2221
PERTH WA 6847
Website: https://www.hif.com.au/legal stuff
Email: privacyofficer@hif.com.au
 
If HIF does not respond within a reasonable time, or if the complaint is not resolved to the
member’s satisfaction, members are entitled to make a complaint to the Office of the
Australian Information Commissioner. Please visit their website for more details on how
to contact them, or make a complaint at https://www.oaic.gov.au/about-us/contact-us/.
 

HIF & data breaches: all you need to know.

Maintaining the privacy of personal and sensitive information has always been central to the relationship of trust and confidence between HIF and our members. 

In addition, there can be significant penalties for a breach, as well as the possibility of negative publicity and damage to a member’s reputation. Even a single breach of member privacy has the potential to cause serious harm and may be notifiable to the Australian Information Commissioner. 

We have put in place stringent controls to protect members’ personal data in the unlikely event that a member's details had accidentally been disclosed to an unauthorised person. 

We would have to respond if, for example, we discovered member details had accidentally been disclosed; your medical history had been sent to the wrong person; or a staff member had inappropriately accessed member records. 


If you have any queries about our privacy policy or how data breaches are handled, please don't hesitate to phone us on 1300 134 060 or email our team on hello@hif.com.au