Independent review of health providers’ access to Medicare card numbers

The Australian Government has commissioned a review in response to claims Medicare card details are being sold on the internet.

About the Review

The Review, announced on 10 July 2017, is examining access by health professionals to Medicare card numbers by using the Health Professional Online Services (HPOS) system or by calling us.

The Australian Government wants to ensure the system is convenient and secure. The system hasn’t been significantly changed since its establishment 8 years ago.

The Review is being led by Professor Peter Shergold AC. Dr Michael Gannon, President of the Australian Medical Association (AMA) and Dr Bastian Seidel, President of the Royal Australian College of General Practitioners (RACGP), are also members of the review team.

Key dates

  • Discussion paper - scheduled 18 August 2017
  • Final report - scheduled 29 September 2017

Discussion paper – open for public consultation

The Review Panel invites submissions from interested parties on the issues raised in this consultation paper by close of business 8 September 2017.

Send your submission to the Review Secretariat.

In your submission include:

  • the name of the individual or organisation making the submission, and
  • contact details (such as a telephone number, postal address or email address)

Submissions should not exceed 20 pages. While you or your organisation are free to address all issues raised in the discussion paper, you can choose to answer only those questions of interest to you.

The Review Panel secretariat will aim to formally acknowledge receipt of submissions within 3 business days. Deadline for submissions: 5pm Australian Eastern Standard Time, 8 September 2017.

Submissions received after this date may not be considered. 

All submissions, other than contact details, will be treated as public information and placed on our website. If you want part or all of your submission to remain confidential you should clearly mark any material as confidential and inform the secretariat.  Automatically generated confidentiality statements in emails will not be accepted.

Submissions marked confidential will not be published.


The department is required under the Disability and Discrimination Act to make all information published on their website accessible to all.

If you choose not to attach an accessible (Word or RTF format) version of your submission, the Review secretariat may contact you and ask you for an accessible version.


When you send your submission to the Review, you may wish to remain anonymous or use a pseudonym.

Your personal information is protected by law, including the Privacy Act 1988, and is collected by the Australian Government Department of Human Services for purposes of undertaking the Review and responding to your submission.

Your information will be used by the department or given to other parties for the purposes processing and responding to your submission, where you have agreed or it is required or authorised by law.

You can get more information about the way in which the Department of Human Services will manage your personal information, including our privacy policy or by requesting a copy from the department.

Terms of Reference and scope of Review

The Review will consider the balance between appropriate access to a patient’s Medicare number for health professionals to confirm Medicare eligibility, with the security of patients’ Medicare card numbers.

The Review will examine and advise on:

  • the type of identifying information that a person should be required to produce to access Medicare treatment in both urgent and non-urgent medical situations
  • the effectiveness of controls over registration and authentication processes at the health provider's premises to access Medicare card numbers
  • security risks and controls surrounding the provision of Medicare numbers across the telephone channel, and the online connection between external medical software providers and HPOS
  • the sufficiency of control by patients and the appropriateness of patient notification regarding access to their Medicare number
  • the adequacy of compliance systems to identify any potential inappropriate access to a patient’s Medicare number
  • any other identified area of potential weakness associated with policy, process, procedures and systems in relation to accessibility of Medicare numbers

Based on the examination of the issues above, the Review will make recommendations for immediate practical improvements to the security of Medicare numbers, while continuing to ensure people have access to the healthcare they need in a timely manner.

The Review may also make recommendations for medium to longer term changes, or at least the identification of areas that need further examination, to ensure the security of the system and protection of information of Australians.

The Review is working closely with relevant stakeholders including the Australian and State and Territory Governments and peak industry bodies, including the AMA, the RACGP, the Australian Association of Practice Managers, and the Consumer Health Forum.

The Review is supported by a secretariat comprised of officials from the Australian Government departments of Human Services, Health, and Attorney-General’s.

Review members

  • Professor Peter Shergold AC
  • Dr Michael Gannon, AMA President
  • Dr Bastian Seidel, RACGP President

Further information

We’re testing a new website design. Try it out and tell us what you think. Read more about changes to this site.

Page last updated: 18 August 2017

This information was printed Sunday 20 August 2017 from It may not include all of the relevant information on this topic. Please consider any relevant site notices at when using this material.