HIF Privacy Policy
Keeping your private information private

1. Purpose of Policy

The purpose of our Privacy Policy (‘this Policy’) is to explain the process undertaken by Health Insurance Fund of Australia (‘HIF’ or ‘we’ or ‘us’ or ‘our’) to collect, disclose, handle and protect your personal information. This Policy also addresses your rights as a member to access and correct your personal information or lodge a complaint regarding the handling of your personal information.

2. Context and Background

This Policy aligns with the Australian Privacy Principles (‘APPs’) contained within the Privacy Act 1988 (Cth) (‘Privacy Act’) by which we are bound. This Policy applies to all of our past, current and prospective members, as well as our contractors, suppliers and any individual or third-party organisation that we collect personal information from in the course of conducting business.

We will review this Policy annually and make updates to it if our information handling practices have changed. Any material changes to this Policy will be publicised on our website and will be communicated to you in writing. The most current version of this Policy is always accessible on our website www.hif.com.au.

3. Definitions

The Privacy Act defines personal information as information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not. Examples of personal information include information such as your name, age, date of birth, address, and contact details.

Sensitive information is a subset of personal information which requires greater protection under the Privacy Act. Examples of sensitive information may include, but are not restricted to, information about your health, health services provided to you, and your claims.

Unless otherwise stated, any reference to personal information in this Policy includes ‘sensitive information’.

4. Collection of your personal information

We will collect your personal information in a fair, lawful, reasonable, and unintrusive manner. We will only collect the information that is reasonably necessary to perform one or more of our functions, or where it is required by law and in compliance with the APPs. We may collect your personal information:

(a) directly from you when you engage with us via our website (including our Online Member Centre (‘OMC’), web chat, email, telephone calls, our mobile application, social media, mail, surveys, and face-to-face interactions.

(b) from another member on your private health insurance policy, or a person authorised to provide personal information on your behalf;

(c) from third parties, including our travel insurance partner and outsourced partners; (d) from health service providers and hospitals;

(e) from your previous insurer, when a transfer has been requested to move private health insurance arrangements from that fund to us;

(f) from camera surveillance - CCTV to monitor HIF premises for the safety of our employees and members;

(g) our brokers who refer you to us; and

(h) Employers (in order to provide you private health insurance through your corporate arrangement if applicable).

5. Collection and use of your personal information online

Website
All personal information collected via our website is done so with your explicit and immediate consent. You are not required to provide us with personal information when visiting our website, unless when completing a formal application for membership; enquiring about or making amendments to your existing private health insurance policy; or when making claims under your existing policy.

We use cookies when you visit our website or download information from it, refer to our Website Terms of Use to find out more about the type of cookies we use and why.

Online Member Centre
When you use the OMC, we may keep a record of your log in, transaction and account history. When you register to use the OMC, you accept and are bound by its terms of use. Full terms and conditions of the OMC are available at www.hif.com.au.

6. Types of personal information we collect and hold

The types of personal information we may collect, and hold include:

(a) identifying information (such as name, date of birth and employment details);

(b) contact information (such as home address, email address and phone numbers);

(c) government identifiers (such as Medicare details);

(d) information provided by health service provider agencies;

(e) information about online presence (such as usage of the HIF website and mobile application);

(f) financial information (such as credit card and bank account details, income tier for the purposes of the Australian Government Rebate on private health insurance); and

(g) sensitive information (such as health information from health insurance claims).

We will only collect, use or disclose government identifiers, such as Medicare numbers, in a way that is consistent with its original purpose.

Personal information collected is stored securely by third party data storage providers and there are a number of security controls in place to protect this information. The controls in place include physical, technical and procedural safeguards. We ensure that all employees and relevant third parties regularly receive targeted privacy training.

We will seek to only retain personal information in order to provide products and services or to comply with our business and legal obligations and requirements. When personal information is no longer required for these purposes, we may destroy or de-identify the information. As a result, we may not be able to meet requests for access to personal information from records that have been destroyed or de-identified.

7. What happens in the event that your personal information is not provided

You have the right not to identify yourself or you may use a pseudonymous identity when contacting us for general information. However, under these circumstances, it may not be practical for us to provide relevant information pertaining to your private health insurance policy, nor conduct functions such as commencing membership, processing claims, paying benefits, confirming lifetime health cover loading or applying the Australian Government Rebate on private health insurance. If you withhold personal information, you will be advised when this decision prohibits us in providing products and/or services.

8. Use of your personal information

Personal information collected is dependent on your relationship with us and the purpose for which we collect the information. Generally, personal information is used for the purpose that it was collected for, or for a related purpose. However, as permitted or required by law, we may also use personal information for other purposes.
The personal information we collect may be used primarily to:

(a) process your private health insurance policy application;

(b) identify you and manage your requests for information about a product or service;

(c) manage our ongoing relationship and to communicate with you;

(d) administer, process and audit private health insurance premiums and claims; and

(e) comply with legal obligations relating to private health insurers.

We may use your personal information for secondary purposes, such as:

(a) providing you with access to our website and online applications to manage your private health insurance membership with us;

(b) conducting market research to understand the member experience, the effectiveness of marketing campaigns and ways to improve our products and services;

(c) promoting general digital marketing campaigns (in conjunction with social media platforms);

(d) performing business related activities and functions such as administration, audit, and the management and development of products, services, processes and systems;

(e) reviewing and implementing business improvement activities;

(f) collecting and analysing information relating to the quality of care;

(g) engaging with third parties to conduct functions on behalf of us, such as health service providers; (h) conducting marketing and social media activities, including competitions and promotions (where you have opted-in for such activity and where permitted by law);

(i) conducting quality assurance activities and providing training and coaching to our employees and representatives, unless we are advised not to (using personal information, including call recordings);

(j) investigating and managing fraudulent activities;

(k) assisting with legal, clinical or commercial complaints or issues; or

(l) assisting with dispute resolution.

9. Using your personal information for health and support services purposes

The personal information collected about you may also be used to assess your suitability for health and support services that may be of benefit to you, such as cancer support programs. If deemed suitable you may be contacted and advised of such services offered by us or by a third party. Should you choose to participate in a program, your personal information may be shared with a health service provider who will contact you to confirm eligibility and provide further program details.

10. Using your personal information for direct marketing purposes

As permitted by law and as set out in this Policy and in our Private Health Insurance Collection Statement, we collect and use personal information for direct marketing purposes in order to promote and offer insurance products and services, including any competitions and promotions. In relation to competitions and promotions, we may contact you by phone, mail, email, SMS, via the mobile application, or through targeted marketing on social media platforms.
You are able to discontinue or opt out of receiving any marketing or promotional material that you may not wish to receive at any time. You can opt out by:

• speaking directly with one of our Member Service Advisors on 1300 134 060;
• emailing the request to hello@hif.com.au;
• updating your preferences in the OMC; or
• selecting the option to unsubscribe on communications issued by HIF.

If you opt out of marketing, you may still receive service-related communications. Service-related communications are essential communications in relation to our products and services and include important information, including detrimental changes to products and services, premium change letters and private health insurance policy details. You cannot opt out of service-related communications as these are essential for us to fulfil our legal obligations.

11. Disclosing your personal information in Australia

To provide products and services and to maintain our relationship with you, we may disclose your personal information to persons or organisations, including:

(a) persons covered by your private health insurance policy, in the course of administering your policy and paying benefits;

(b) a nominated agent, adviser, broker, representative or other person authorised by, or responsible for you;

(c) to others, including our agents, consultants, contractors and service providers, and those that function as data processors and auditors;

(d) health service providers;

(e) facilitators of our arrangements with providers, including their strategic partners;

(f) government agencies;

(g) actuaries;

(h) payment system operators and financial institutions;

(i) service providers engaged by us, or acting on our behalf, to deliver services and technologies relevant to the delivery of member services;

(j) third party insurers we are authorised to represent if you purchase other insurance products from us;

(k) third party operators of websites, social networking and messaging applications to facilitate online advertising, surveys and analytics;

(l) your employer, if you are covered under a corporate agreement, in order to administer related discounts, payment arrangements and any other benefits available under that agreement;

(m) to others, including health funds, service providers, other related third parties who assist in the detection and investigation of fraud;

(n) regulatory bodies and government agencies; and

(o) other parties we are authorised, or required by law, to disclose information to.

12. Disclosing your personal information overseas

We may transfer your personal information to an overseas recipient, if expressly nominated by you, for the purposes of providing a transfer certificate or claims history. In such instances, we may not be able to ensure adequate protection of your personal information in relation to such overseas recipients.

Generally, we use systems and customer service teams located within Australia. However, we may use service providers who either host or store personal information overseas, for example in New Zealand, which means that your personal information may be transferred between countries to those service providers, for the purposes outlined in this Policy. Under these circumstances, we will take reasonable steps to ensure that the service provider does not breach the APPs in relation to the personal information being transferred.

13. Family and couples’ policies

For family and couples’ private health insurance policies, we will collect information about other adults and dependants from the member who sets up the policy (also known as the primary member). If a primary member provides us with information about other persons insured on the same private health insurance policy, the primary member acknowledges that they are creating, or have created, the policy on behalf of the co-insureds and agrees:

(a) they have authority to agree to the relevant terms;

(b) they have made other members on the private health insurance policy aware of the information set out in their policy, including information about how they can obtain access to it; and

(c) they have consent to provide personal information to us, for us to use and disclose that personal information for the purposes set out in this Policy, and as otherwise permitted by Australian law.

Personal information for other persons insured on the same private health insurance policy should not be provided to us unless each party has consented to it being handled in accordance with this Policy.

If the primary member lodges a claim on behalf of other persons insured on the same private health insurance policy, we will act in accordance with the above warranties provided by the primary member and as such, assume that consent has been provided to the primary member to share the information necessary for us to process the claim.

All general private health insurance policy information will be sent to the primary member.

If the primary member and their partner become divorced or separated, we strongly recommend the members take out separate private health insurance policies to protect private information, as it might not be possible for us to keep personal information separate. If both adult members decide to remain on a couples or family private health insurance policy post-divorce or separation, the members acknowledge that their personal information may be disclosed to their ex-partner in the course of maintaining and administering their policy.

If a child is insured or not-insured under the private health insurance policy of an ex-partner, we will not be able to confirm this, or provide any details about the ex-partner’s policy.

Further to this, if an individual opts to pay for another person’s private health insurance policy, this does not permit us to disclose information about the policy to the payer (when an authority is not in place). Changing the payment arrangement, namely ceasing the payments can be requested by the payer, however we will contact the primary member to advise them of the change on their private health insurance policy.

14. Quality and security of your personal information

We take reasonable steps to ensure that personal information collected, used or disclosed is accurate, up to date, complete and relevant.

We also take reasonable steps to protect your personal information from misuse, interference and loss, unauthorised access, modification or disclosure.

15. Access to your personal information

We will, upon request by you, give you access to your personal information within a reasonable period after the request is made, and in the manner requested by you, if it is reasonable and practical to do so.
If you contact us with such a request, verification and identify checks will be completed prior to granting access to personal information.

Under certain circumstances, and in accordance with the Privacy Act, we are not required to give you access to personal information to the extent that:

(a) providing access would pose a serious threat to the life, health or safety of other individuals; or

(b) providing access would have an unreasonable impact on the privacy of another individual; or

(c) the request for access is frivolous or vexatious; or

(d) the information relates to existing or anticipated legal proceedings, and would not be accessible by the process of discovery in those proceedings; or

(e) providing access would reveal the intentions of HIF in relation to negotiations with the individual in such a way as to prejudice those negotiations; or

(f) providing access would be unlawful; or

(g) denying access is required or authorised by an Australian law or a court / tribunal order; or

(h) HIF has reason to suspect that unlawful activity, or misconduct of a serious nature, has been, is being or may be engaged in, and giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or

(i) providing access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or

(j) providing access would reveal evaluative information in connection with a commercially sensitive decision making process.

If we refuse to provide you with access to your personal information, or cannot provide access in the manner requested, the reasons for the refusal will be provided to you in writing, except to the extent that it would be unreasonable to do so.

16. Correction of your personal information

We will take reasonable steps to ensure that the personal information we hold about you is accurate, up to date, complete, relevant and not misleading if:

(a) we are satisfied that the personal information we hold is inaccurate, out of date, incomplete, irrelevant or misleading; or

(b) you request us to correct your personal information.

It is your responsibility to inform us regarding any changes to your personal information (e.g. change in postal address) and to request us to correct your personal information. You can correct or amend your personal information by logging into your OMC account or by contacting us:

• By phone – 1300 134 060
• By email – hello@hif.com.au
• By mail – HIF, GPO Box X2221, Perth WA 6847

Upon request by you to correct your personal information, we will respond to the request within a reasonable period after the request is made.

If we correct personal information about you that was previously disclosed to another organisation governed by the Privacy Act and you request us to notify that organisation of the correction, we will take reasonable steps to give that notification unless it is impractical or unlawful to do so.

If we refuse to correct personal information as requested by you, the reasons for the refusal will be provided to you in writing, except to the extent that it would be unreasonable to do so.

17. Acknowledgement and Consent

By becoming or remaining a member of HIF, or by otherwise providing personal information to us, you confirm that you have consented to us collecting, using and disclosing your personal information in accordance with this Policy. This extends to all individuals covered under a private health insurance policy with us.
If you are notified in writing of a material change to this Policy, after receiving the formal notification, the next claim presented under your private health insurance policy will be deemed as your acceptance of and consent to the notified material changes.

18. Contacting HIF to enquire or complain about your privacy related matters

If you have concerns or queries about the manner in which your personal information has been handled by us, or you wish to make a formal complaint, such concerns, queries or complaints must be provided in writing to our Privacy Officer, as per the details below:

If we do not respond within a reasonable time, or if the complaint is not resolved to your satisfaction, you are entitled to make a complaint to the Office of the Australian Information Commissioner. Please visit their website for more details on how to contact them or make a complaint at https://www.oaic.gov.au/about-us/contact-us/.