HIF Privacy Policy
Keeping your private information private

We are committed to protecting your privacy and understand the importance of keeping your personal information secure. Our practices comply with the Australian Privacy Principles (APPs) as outlined in the Privacy Act 1988 (as amended).

Download our Privacy Policy

Privacy Policy

1.Purpose of Policy

The purpose of our Privacy Policy (‘this Policy’) is to explain the process undertaken by Health Insurance Fund of Australia (‘HIF’ or ‘we’ or ‘us’ or ‘our’) to collect, disclose, handle and protect your personal information. This Policy also addresses your rights as a member to access and correct your personal information or lodge a complaint regarding the handling of your personal information.

2.Context and Background

This Policy aligns with the Australian Privacy Principles (‘APPs’) contained within the Privacy Act 1988 (Cth) (‘Privacy Act’) by which we are bound. This Policy applies to all of our past, current and prospective members, as well as our contractors, suppliers and any individual or third-party organisation that we collect personal information from in the course of conducting business.

We will review this Policy annually and make updates to it if our information handling practices have changed. Any material changes to this Policy will be publicised on our website and will be communicated to you in writing. The most current version of this Policy is always accessible on our website www.hif.com.au.

3.Definitions

The Privacy Act defines personal information as information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not. Examples of personal information include information such as your name, age, date of birth, address, and contact details.

Sensitive information is a subset of personal information which requires greater protection under the Privacy Act. Examples of sensitive information may include, but are not restricted to, information about your health, health services provided to you, and your claims.

Unless otherwise stated, any reference to personal information in this Policy includes ‘sensitive information’.

4.Collection of your personal information

We will collect your personal information in a fair, lawful, reasonable, and unintrusive manner. We will only collect the information that is reasonably necessary to perform one or more of our functions, or where it is required by law and in compliance with the APPs.

We may collect your personal information:

1. directly from you when you engage with us via our website (including our Online Member Centre (‘OMC’)), web chat, email, telephone, requests for a quote, our mobile application, social media, mail, surveys, or in person;
2. from another member on your private health insurance policy, or a person authorised to provide personal information on your behalf;
3. from third parties, including our travel insurance partner and any other partner;
4. from health service providers and hospitals;
5. from your previous insurer, when a transfer has been requested to move private health insurance arrangements from that fund to us;
6. from camera surveillance - CCTV to monitor HIF premises for the safety of our employees and members;
7. our brokers who refer you to us; and
8. Employers (in order to provide you with private health insurance through your corporate arrangement if applicable).

5.Collection and use of your personal information online

Website

All personal information collected via our website is done so with your explicit and immediate consent. You are not required to provide us with personal information when visiting our website, unless when completing a formal application for membership; enquiring about or making amendments to your existing private health insurance policy; or when making claims under your existing policy.

We use cookies when you visit our website or download information from it to collect information about your web browsing behaviour and analyse website traffic. Cookies identify your browser or device, not you personally. The information collected may include when you accessed our website, how you accessed it, and what actions you took while on the site. This helps us improve our website experience, support marketing analysis, and monitor site performance. If you prefer not to receive cookies, you can adjust your browser settings. However, you may not be able to use the full functionality of the website without cookies. For more information, refer to our Website Terms of Use.

Online Member Centre and Mobile Application

When you use the OMC or mobile application, we may keep a record of your log in, transaction, account, and claims history. By registering to use the OMC or mobile application, you agree to and are bound by their terms of use. The full terms and conditions for the OMC and mobile application are available at www.hif.com.au.

We also monitor and collect information about how you use the OMC and mobile application to support analytics. This information helps us enhance our member experience, improve our products and services, and optimise online functionality.

Social Media Platforms

HIF uses Facebook, Instagram and LinkedIn to communicate with members and the public. You are not required to provide us with personal information when visiting these platforms. However, if you choose to communicate with HIF via these services, we may collect the personal information you provide as part of that interaction.

Facebook, Instagram and LinkedIn each have their own privacy policies, which govern how they collect, use and disclose personal information.

6. Types of personal information we collect and hold

The types of personal information we may collect and hold include:

1. identifying information (such as name, date of birth, employment details, and voice);

2. contact information (such as home address, email address and phone numbers);
3. government identifiers (such as Medicare details);
4. information provided by health service provider agencies;
5. information about your online presence (such as your IP address and your use of the HIF website and mobile application);
6. financial information (such as credit card and bank account details, income tier for the purposes of the Australian Government Rebate on private health insurance);
7. sensitive information (such as health information from health insurance claims); and
8. Information about your background and personal circumstances (such as education history and marital status)

We will only collect the minimum amount of personal information reasonably necessary for our functions or activities. If we receive personal information that we did not request, we will manage that unsolicited personal information in accordance with the APPs. For example, unsolicited personal information may arise when you contact us to enquire about our products and provide personal information that is not required for us to respond to your query.

We will only collect, use or disclose government identifiers, such as Medicare numbers, in a way that is consistent with its original purpose.

We may collect personal information about children, young people and vulnerable individuals where it is reasonably necessary to perform one or more of our functions or activities, with appropriate consent or where required or authorised by law, and in accordance with the APPs. Vulnerable individuals whose personal information we may collect include dependants, older people, individuals with health conditions or disabilities, people from culturally and linguistically diverse backgrounds, First Nations peoples, and individuals experiencing financial hardship. Where an individual is unable to provide consent, we will seek consent from an authorised representative, such as a parent, legal guardian, or other person with lawful authority.

We will seek to only retain personal information to provide products and services or to comply with our business and legal obligations and requirements. When personal information is no longer required for these purposes, we may destroy or de-identify the information. As a result, we may not be able to meet requests for access to personal information from records that have been destroyed or de-identified.

7. What happens in the event that your personal information is not provided

You have the right not to identify yourself or you may use a pseudonymous identity when contacting us for general information. However, under these circumstances, it may not be practical for us to provide relevant information pertaining to your private health insurance policy, nor conduct functions such as commencing membership, processing claims, paying benefits, confirming lifetime health cover loading or applying the Australian Government Rebate on private health insurance. If you withhold personal information, you will be advised when this decision prohibits us from providing products and/or services.

8. Use of your personal information

Personal information collected is dependent on your relationship with us and the purpose for which we collect the information. Generally, personal information is used for the purpose that it was collected for, or for a related purpose. However, as permitted or required by law, we may also use personal information for other purposes.

The personal information we collect may be used primarily to:

1. process your private health insurance policy application;
2. identify you and manage your requests for information about a product or service;
3. manage our ongoing relationship and communicate with you;
4. administer, process and audit private health insurance premiums and claims; and
5. comply with legal obligations relating to private health insurers.

We may use your personal information for secondary purposes, such as:

1. providing you with access to our website and online applications to manage your private health insurance membership with us;
2. contacting you in relation to quotes you have requested, including to clarify information or determine whether you wish to proceed with the quote;
3. conducting market research to understand the member experience, the effectiveness of marketing campaigns and ways to improve our products and services;
4. promoting general digital marketing campaigns (in conjunction with social media platforms);
5. performing business related activities and functions such as administration, audit, and the management and development of products, services, processes and systems;
6. reviewing and implementing business improvement activities;
7. collecting and analysing information relating to the quality of care;
8. engaging with third parties to conduct functions on behalf of us, such as health service providers;
9. conducting marketing and social media activities, including competitions and promotions (where you have opted-in for such activity and where permitted by law);
10. conducting quality assurance activities and providing training and coaching to our employees and representatives, unless we are advised not to (using personal information, including call recordings);
11. investigating and managing fraudulent activities;
12. assisting with legal, clinical or commercial complaints or issues; or
13. assisting with dispute resolution.

9. Using your personal information for automated decision making

Personal and sensitive information we collect about you, such as your name and health service you have accessed, may be used in automated decision-making (ADM) systems to assess claims for certain services. Claims that are approved without human intervention are processed through “straight through processing”. Although these claims are assessed without human involvement at the point of decision making, regular monitoring, analysis and audits are conducted by qualified employees to help ensure accurate, consistent and appropriate outcomes.  

Personal information we collect about you, such as your name and date of birth, may also be used in ADM systems to assess your eligibility for hospital treatment. Eligibility may be determined without human intervention, particularly when such assessments occur outside of normal business hours.

We take steps to ensure the integrity of our automated processes. If an automated decision significantly affects you, you have the right to request that an employee reviews the decision or ask us for an explanation of the logic involved and the types of data used to reach the conclusion. If the decision was based on inaccurate data, you can request a correction.

10. Using your personal information for health and support services purposes

The personal information collected about you may also be used to assess your suitability for health and support services that may be of benefit to you, such as cancer support programs. If deemed suitable, you may be contacted by us and advised of such services.. Should you choose to participate in a program, your personal information may be shared with a health service provider who will contact you to confirm eligibility and provide further program details.

11. Using your personal information for direct marketing purposes

As permitted by law and as set out in this Policy and in our Private Health Insurance Collection Statement, we collect and use personal information for direct marketing purposes to promote and offer insurance products and services, including any competitions and promotions. In relation to competitions and promotions, we may contact you by phone, mail, email, SMS, via the mobile application, or through targeted marketing on social media platforms.

You can discontinue or opt out of receiving any marketing or promotional material that you may not wish to receive at any time. You can opt out by:

• speaking directly with one of our Member Service Advisors on 1300 134 060;
• emailing the request to hello@hif.com.au;
• updating your preferences in the OMC; or
• selecting the option to unsubscribe on communications issued by HIF.

If you opt out of marketing, you may still receive service-related communications. Service-related communications are essential communications in relation to our products and services and include important information, including detrimental changes to products and services, premium change letters and private health insurance policy details. You cannot opt out of service-related communications as these are essential for us to fulfil our legal obligations.

12. Disclosing your personal information in Australia

To provide products and services and to maintain our relationship with you, we may disclose your personal information to persons or organisations, including:

1. persons covered by your private health insurance policy, in the course of administering your policy and paying benefits;

2. a nominated agent, adviser, broker, representative or other person authorised by, or responsible for you;
3. to others, including our agents, consultants, contractors and service providers, and those that function as data processors and auditors;
4. health service providers;
5. facilitators of our arrangements with providers, including their strategic partners;
6. government agencies;
7. actuaries;
8. payment system operators and financial institutions;
9. service providers engaged by us, or acting on our behalf, to deliver services and technologies relevant to the delivery of member services;
10. third party insurers we are authorised to represent if you purchase other insurance products from us;
11. third party operators of websites, social networking and messaging applications to facilitate online advertising, surveys and analytics;
12. your employer, if you are covered under a corporate agreement, in order to administer related discounts, payment arrangements and any other benefits available under that agreement;
13. to others, including health funds, service providers, and other related third parties who assist in the detection and investigation of fraud;
14. regulatory bodies and government agencies; and
15. other parties we are authorised, or required by law, to disclose information too.

13. Disclosing your personal information overseas

We may transfer your personal information to an overseas recipient, if expressly nominated by you, for the purpose of providing a transfer certificate or claims history. In such instances, we may not be able to ensure adequate protection of your personal information in relation to such overseas recipients.

14. Family and couples’ policies

For family and couples’ private health insurance policies, we will collect information about other adults and dependants from the member who sets up the policy (also known as the primary member). If a primary member provides us with information about other persons insured on the same private health insurance policy, the primary member acknowledges that they are creating, or have created, the policy on behalf of the co-insureds and agrees:

1. they have authority to agree to the relevant terms;

2. they have made other members on the private health insurance policy aware of the information set out in their policy, including information about how they can obtain access to it; and
3. they have consent to provide personal information to us, for us to use and disclose that personal information for the purposes set out in this Policy, and as otherwise permitted by Australian law.

Personal information for other persons insured on the same private health insurance policy should not be provided to us unless each party has consented to it being handled in accordance with this Policy.

If the primary member lodges a claim on behalf of other persons insured on the same private health insurance policy, we will act in accordance with the above warranties provided by the primary member and as such, assume that consent has been provided to the primary member to share the information necessary for us to process the claim.

All general private health insurance policy information will be sent to the primary member.

If the primary member and their partner become divorced or separated, we strongly recommend the members take out separate private health insurance policies to protect private information, as it might not be possible for us to keep personal information separate. If both adult members decide to remain on a couples’ or family private health insurance policy post-divorce or separation, the members acknowledge that their personal information may be disclosed to their ex-partner in the course of maintaining and administering their policy.

If a child is insured or not-insured under the private health insurance policy of an ex-partner, we will not be able to confirm this, or provide any details about the ex-partner’s policy.

Further to this, if an individual opts to pay for another person’s private health insurance policy, this does not permit us to disclose information about the policy to the payer (when an authority is not in place). Changing the payment arrangement, namely ceasing the payments can be requested by the payer, however we will contact the primary member to advise them of the change on their private health insurance policy.

15. Quality and security of your personal information

Personal information held by HIF is stored on electronic media and cloud computing solutions. It is stored securely, including by third party data storage providers, and is protected by a range of security controls. These controls include physical, technical and procedural safeguards designed to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure.We take contractual measures to ensure that contracted service providers who handle personal information comply with the same privacy requirements applicable to HIF. We also ensure that our employees and relevant third parties receive regular, targeted privacy training.

We also take reasonable steps to ensure that personal information collected, used or disclosed is accurate, up to date, complete and relevant.

16. Access to your personal information

We will, upon request by you, give you access to your personal information within a reasonable period after the request is made, and in the manner requested by you, if it is reasonable and practical to do so.

If you contact us with such a request, we will complete verification and identify checks before granting access to personal information. If you request access to, or correction of, personal information on behalf of another person, we will require evidence of your authority to act on their behalf, such as a Power of Attorney.

Under certain circumstances, and in accordance with the Privacy Act, we are not required to give you access to personal information to the extent that:

1. providing access would pose a serious threat to the life, health or safety of other individuals; or
2. providing access would have an unreasonable impact on the privacy of another individual; or
3. the request for access is frivolous or vexatious; or
4. the information relates to existing or anticipated legal proceedings, and would not be accessible by the process of discovery in those proceedings; or
5. providing access would reveal the intentions of HIF in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
6. providing access would be unlawful; or
7. denying access is required or authorised by an Australian law or a court / tribunal order; or
8. HIF has reason to suspect that unlawful activity, or misconduct of a serious nature, has been, is being or may be engaged in, and giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or
9. providing access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
10. providing access would reveal evaluative information in connection with a commercially sensitive decision making process.

If we refuse to provide you with access to your personal information, or cannot provide access in the manner requested, the reasons for the refusal will be provided to you in writing, except to the extent that it would be unreasonable to do so.

Access to your personal information by employees and contractors is restricted to those who require it to perform their duties. We safeguard your personal information through strict access controls and security measures.

17. Correction of your personal information

We will take reasonable steps to ensure that the personal information we hold about you is accurate, up to date, complete, relevant and not misleading if:

1. we are satisfied that the personal information we hold is inaccurate, out of date, incomplete, irrelevant or misleading; or

2. you request us to correct your personal information.

It is your responsibility to inform us regarding any changes to your personal information (e.g. change in postal address) and to request us to correct your personal information. You can correct or amend your personal information by logging into your OMC account, via the mobile application or by contacting us:

• By phone – 1300 134 060
• By email – hello@hif.com.au
• By mail – HIF, GPO Box X2221, Perth WA 6847

Upon request by you to correct your personal information, we will respond to the request within a reasonable period after the request is made.

If we correct personal information about you that was previously disclosed to another organisation governed by the Privacy Act and you request us to notify that organisation of the correction, we will take reasonable steps to give that notification unless it is impractical or unlawful to do so.

If we refuse to correct personal information as requested by you, the reasons for the refusal will be provided to you in writing, except to the extent that it would be unreasonable to do so.

18. Acknowledgement and Consent

By becoming or remaining a member of HIF, or by otherwise providing personal information to us, you confirm that you have consented to us collecting, using and disclosing your personal information in accordance with this Policy. This extends to all individuals covered under a private health insurance policy with us.

If you are notified in writing of a material change to this Policy, after receiving the formal notification, the next claim presented under your private health insurance policy will be deemed as your acceptance of and consent to the notified material changes.

19. Contacting HIF to enquire or complain about your privacy related matters

If you have concerns or queries about the manner in which your personal information has been handled by us, or you wish to make a formal complaint, such concerns, queries or complaints must be provided in writing to our Privacy Officer, as per the details below:

• Written Enquiries: The Privacy Officer
  HIF GPO Box X2221 PERTH WA 6847
• Website: https://www.hif.com.au/legal stuff
• Email: privacyofficer@hif.com.au

If we do not respond within a reasonable time, or if the complaint is not resolved to your satisfaction, you are entitled to make a complaint to the Office of the Australian Information Commissioner. Please visit their website for more details on how to contact them or make a complaint at https://www.oaic.gov.au/about-us/contact-us/.

20. Roles and Responsibilities

The roles and responsibilities, at each key organisational level, are outlined below:

Board of Directors (‘Board’)

1. Ensures HIF’s compliance with the Privacy Act through its endorsement and support of this Policy.

2. Oversees appropriate controls, systems and procedures to manage compliance with privacy obligations.

Board Risk Committee (‘BRC’)

1. Monitors the implementation and application of this Policy.

2. Actively reviews reports that outline identified instances of significant and / or notifiable data breaches and provides recommendations for changes to HIF’s internal control environment.

3. Ensures management has in place adequate processes to rectify privacy breaches in a timely manner, including monitoring actions to rectify significant and / or notifiable data breaches.

HIF Leadership Team (‘HIFLT’)

1. Implements this Policy and articulates clear standards and processes to encourage the deterrence of privacy breaches.

2. Actively monitors compliance with privacy obligations through the regular review of compliance attestation and breach reports.

3. Ensures that appropriate controls are implemented to mitigate the risk of privacy breaches, including the implementation of any controls recommended by the BRC.
4. Oversees the investigation, response and outcomes of significant and / or notifiable data breaches.

Privacy Officer

1. Supports the HIFLT with the implementation and communication of this Policy and ensures that it is properly understood by all employees.

2. Regularly reviews compliance attestation and breach reports to identify potential trends, and conducts testing of relevant compliance controls to ensure that they are adequate in mitigating the risk of privacy breaches.

3. Co-ordinates the delivery of privacy training and awareness initiatives.

All Employees

1. Retain ownership and responsibility for maintaining compliance with privacy obligations.

2. Assist with the identification, reporting and management of privacy breaches.

3. Ensure compliance with this Policy and associated processes.

21.Review and Update

This Policy must be reviewed by the Board at least annually and may only be amended by resolution of the Board.

This Policy is approved by Board resolution dated 26 February 2026 and supersedes any policy previously in force in relation to its subject matter.

HIF & Data Breaches: Essential Information

Protecting the privacy of personal and sensitive information is fundamental to the trust and confidence between HIF and our members.

Data breaches can result in significant penalties, negative publicity, and damage to HIF and a member’s reputation. Even a single data breach can cause serious harm and may need to be reported to the Office of the Australian Information Commissioner (OAIC).

We have implemented stringent controls to safeguard members’ personal information. In the unlikely event of accidental disclosure to an unauthorised person, we are prepared to respond promptly.

For instance, if member details were accidentally disclosed, medical history sent to the wrong person, or a staff member inappropriately accessed member records, we would take immediate action.

If you have any queries about our privacy policy or how data breaches are handled, please don't hesitate to phone us on 1300 134 060 or email our team on hello@hif.com.au to opt out