Terms and Conditions

Medibank Private Limited Privacy Policy

Medibank Private Limited (Medibank) is committed to protecting the privacy of your personal information.

This Privacy Policy explains how we manage the personal information that we collect, use and disclose and how to contact us if you have any questions about the management of your personal information or would like to access the personal information we hold about you.

Requirements of the privacy legislation

We are required to comply with the Privacy Act 1988 (Cth) (Privacy Act) which regulates how personal information is handled from collection to use and disclosure, storage, access and disposal.

Personal information is information or an opinion, in any form and whether true or not, about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion. It includes your name, age, gender, contact details as well as your health information (which is also sensitive information).

Collection of personal information

We will only collect personal information about you by lawful and fair means and not in an unreasonably intrusive manner. The types of personal information we may collect include:

  • identifying and contact information, such as name, age, employment details, email address and mobile phone number;
  • financial information, such as bank account details;
  • sensitive information, including information about health, health services provided to you and claims; and
  • information about your activities, including sporting and other lifestyle interests.

We collect your personal (including sensitive) information to provide you with products and services, including insurance, health related services, information on other products and services offered by us, one of our subsidiaries or a third party, and to facilitate and assess the provision of health related services to you by us, our subsidiaries and third parties.

We may collect your personal (including sensitive) information from you, another person covered by your private health insurance membership, or from a person authorised to provide us this information on your behalf. We may also collect your personal (including sensitive) information from our subsidiaries or a third party (for example, a hospital or other health service provider, employer, educational institution, government agency or adviser that has dealt with you).

How will we use your personal information?

We will use your personal (including sensitive) information for the purposes for which we collect it as described above, including to:

  • manage our ongoing relationship with you;
  • administer, process and audit claims;
  • manage, review, develop and improve our insurance products and related services (including health services) whether provided by us or other parties on our behalf;
  • manage, review, develop and improve our business and operational processes and systems, including the services provided to you by our contracted service providers (such as our subsidiaries) and other parties;
  • resolve any legal and/or commercial complaints or issues; and
  • perform any of our other functions and activities relating to our business.

Who will we disclose your personal information to?

In order to carry out the above purposes, Medibank may disclose your personal (including sensitive) information to persons or organisations (which may be located overseas) such as:

  • our subsidiaries;
  • our agents and service providers;
  • our professional advisors;
  • health service providers (such as hospitals, general practitioners, allied health providers and providers of chronic disease management programs) including our subsidiaries;
  • parties involved in a prospective or actual transfer of any parts of our assets or business;
  • payment system operators and financial institutions;
  • persons authorised by or responsible for you, including your agents and advisors;
  • government agencies;
  • if you have OSHC or a visitors cover product, also to your educational institution, migration agent or broker;
  • if you have a corporate insurance product, also to your employer; and
  • other parties to whom we are authorised or required by law to disclose information.

The above parties may also collect personal (including sensitive) information directly from you.

Medibank may disclose your personal information to other persons covered by your private health insurance membership as part of administering the membership and paying benefits. This may include the disclosure of sensitive information about benefits claimed by you under your policy.

From time to time, we may also use your personal (including sensitive) information to contact you (including by telephone call, text message or email) in relation to other products or services we think may be of interest to you. This may include our own products and services, the products or services of a subsidiary or the products or services of third parties. You may withdraw your consent to these specific uses and disclosures by calling us on 134 190, visiting one of our stores, or accessing the Manage My Preferences page within the Online Member Services facility.

We will handle all personal (including sensitive information) we collect from third parties about you for the purposes described in this Privacy Policy. Our range of products and services and our functions and activities, as well as those of our contracted service providers, may change from time to time.

If you do not provide personal information requested of you to Medibank, we may be unable to provide you with insurance cover, pay you benefits or provide you with or facilitate the provision of other services.

What health related services are provided by Medibank subsidiaries?

This section of our Privacy Policy applies only to health related services provided to our private health insurance members by our subsidiaries. We engage our subsidiaries to provide such services to our private health insurance members including telephonic services, chronic disease and health management programs and online health related services.

As indicated above, these companies may collect and use your personal (including sensitive) information to provide these services to you including to:

  • manage their relationship with you and contact you for follow up purposes;
  • manage, review, develop and improve their health related services and their business and operational processes and systems;
  • resolve any legal and/or commercial complaints or issues; and
  • perform any of their other functions or activities.

Our subsidiaries may collect your personal (including sensitive) information directly from Medibank and/or other Medibank subsidiaries, you or a person authorised by or responsible for you.

If you use health related services, our subsidiaries will disclose your personal (including sensitive) information to Medibank in order for us to pay benefits for health related services and to review, develop and improve the services. In order to perform the above functions, our subsidiaries may disclose your personal (including sensitive) information to us, each other and to third parties such as their agents, service providers and professional advisors, health service providers, persons authorised by or responsible for you, and to other parties to whom they are authorised or required by law to disclose information including government agencies, and these parties may collect that information.

In addition to the collections, uses and disclosures described above, our subsidiaries may also disclose your personal (including sensitive) information to us and each other in order for us and them to assess from what other services you may benefit and to facilitate the provision of such services. We may also disclose your personal (including sensitive) information to our subsidiaries so the Medibank Group may have an integrated view of our members and provide you a better and personalised service. Our subsidiaries may use your personal (including sensitive) information to contact you (including by telephone call, text message or email) in relation to their services. You may withdraw your consent to these specific collections, uses and disclosures at any time by calling us on 134 190, visiting one of our stores, or accessing the Manage My Preferences page within the Online Member Services facility.

For further information about how your personal (including sensitive) information is handled for these health related services, please refer to Medibank Health Solutions' Privacy Policy which may be accessed via www.medibankhealth.com.au

How do we manage the data quality and security of your personal information?

To the extent required by the Privacy Act, Medibank will take reasonable steps to:

  • make sure that the personal information that we collect, use and disclose is accurate, complete and up to date;
  • protect the personal information that we hold from misuse and loss and from unauthorised access, modification or disclosure; and
  • where permitted by law, destroy or permanently de-identify personal information that is no longer needed for any purpose that is permitted by the Privacy Act.

Anonymity

Medibank will generally provide individuals with the option of not identifying themselves when entering transactions when it is lawful and practicable to do so. However, on many occasions we will not be able to do this. For example, we will need your name and address in order to provide you with private health insurance coverage.

Use of Commonwealth Government identifiers

Medibank will not use Commonwealth government identifiers, such as Medicare numbers, as its own identifier of individuals. We will only use or disclose such identifiers in the circumstances permitted by the Privacy Act.

Transfer of personal information overseas

If Medibank transfers your personal information outside Australia, we will comply with the requirements of the Privacy Act that relate to transborder data flows.

Access to your information and contacting us

Medibank will allow you to access and correct personal information it holds about you as required by law. If you have any queries about how Medibank handles your personal information, or would like to request access to or to correct that information, please write to: Privacy Officer, Medibank Private Limited, 16/700 Collins Street, Docklands, Victoria 3008 or privacy@medibank.com.au.

In some circumstances, Medibank may not permit you access to your personal information, or may refuse to correct your personal information, in which case we will provide you reasons for this decision.

Application of the Medibank Group's Privacy Policies

If you are the person responsible for the management of your private health insurance membership, you must ensure any partner and dependant children are aware of and consent to how their personal (including sensitive) information is handled under this Privacy Policy. You and your partner and dependant children (if any) should not provide us with any personal (including sensitive) information unless you and they consent to it being handled in accordance with this Privacy Policy.

By becoming or remaining a Medibank member or by providing your personal (including sensitive) information to Medibank, or you or your partner and/or dependant children (if any) providing their personal (including sensitive) information to Medibank, for whatever purpose, you consent to, and warrant that your partner and/or dependant children have consented to, Medibank collecting, using and disclosing your and their personal (including sensitive) information, however collected by us, in accordance with this Privacy Policy.

If you provide your personal (including sensitive) information, or you or your partner and/or dependant children (if any) provide their personal (including sensitive) information, to Medibank's subsidiaries in relation to a health related service, you consent to, and warrant that your partner and dependant children have consented to, Medibank's subsidiaries collecting, using and disclosing your and their personal (including sensitive) information, however collected by them, in accordance with Medibank Health Solutions' Privacy Policy which may be accessed via www.medibankhealth.com.au

Further information

Further information about the application of the Privacy Act can be found at the website of the Office of the Australian Information Commissioner at www.privacy.gov.au.

How we handle complaints

If you have any concerns or complaints about the manner in which your personal information has been collected or handled by Medibank, please contact the Privacy Officer whose contact details appear above.

Changes to our Privacy Policy

This privacy policy is effective from 26 September 2011. As this privacy policy is updated from time to time, to obtain a copy of the latest version at any time, you should visit our website at www.medibank.com.au or a Medibank store.

Privacy Policy

Withdrawal of consent

You may also withdraw your consent to the use of personal information for any secondary purposes (whether for yourself or any dependant aged under 16 years) by ringing us on 134 190, visiting a Medibank store or withdrawing your consent via Online Member Services.