Independent review of health providers’ access to Medicare card numbers

The Australian Government commissioned a review in response to claims Medicare card details were sold on the internet. This review has now closed.

About the review

The review, announced on 10 July 2017, examined access by health professionals to Medicare card numbers by using the Health Professional Online Services (HPOS) system or by calling us.

The review was led by Professor Peter Shergold AC. Dr Michael Gannon, President of the Australian Medical Association (AMA) and Dr Bastian Seidel, President of the Royal Australian College of General Practitioners (RACGP), were also members of the review panel.

Discussion paper and the final report

The review panel invited submissions from interested parties on the issues raised in the discussion paper. Consultation closed on Friday 8 September 2017.

Feedback and suggestions were considered by the review panel in their final report to government.

The review has identified options to improve the security of Medicare card numbers within the department’s HPOS system, while continuing to support access to health services without unnecessarily increasing the administrative workload faced by health professionals. The report was provided to the Minister for Health, the Hon Greg Hunt MP and the former Minister for Human Services, the Hon Alan Tudge MP.

Australian Government response to the independent review and related Senate Inquiry

On 16 February 2018, the Australian Government released its response to the independent review, agreeing without qualification to 13 recommendations and agreeing in-principle to the remaining recommendation. The response also acknowledges the excellent work of Professor Shergold and the review panel.

The Government consulted with health sector peak bodies about the proposed implementation approach for each recommendation before finalising its response.

On 21 February 2018, the Government tabled its response to the Senate Finance and Public Administration Committee report on the ‘circumstances in which Australians’ personal Medicare information has been compromised and made available for sale illegally on the ‘dark web’ (the report). The report was published on 16 October 2017. The majority report had no recommendations, but a dissenting report from the Australian Greens had four recommendations. The Government response agrees in-principle to one recommendation and does not support the remaining three recommendations.


The review panel worked closely with relevant stakeholders including the Australian and State and Territory Governments and peak industry bodies, the AMA, the RACGP, the Australian Association of Practice Managers, and the Consumer Health Forum.

The review was supported by a secretariat of officials from the Australian Government departments of Human Services, Health, and Attorney-General’s.


We thank those who made a submission, with over 20 responses received from the community, industry and government. Unless confidentiality was requested, all submissions, other than contact details, have been treated as public information and are available below:


The department is required under the Disability and Discrimination Act to make all information published on its website accessible to all.

If you're using assistive technology and can't access submissions to the review, please contact us.

Terms of Reference and scope of review

The review considered the balance between appropriate access to a patient’s Medicare number for health professionals to confirm Medicare eligibility, with the security of patients’ Medicare card numbers.

The review examined and advised on:

  • the type of identifying information that a person should be required to produce to access Medicare treatment in both urgent and non-urgent medical situations
  • the effectiveness of controls over registration and authentication processes at the health provider's premises to access Medicare card numbers
  • security risks and controls surrounding the provision of Medicare numbers across the telephone channel, and the online connection between external medical software providers and HPOS
  • the sufficiency of control by patients and the appropriateness of patient notification regarding access to their Medicare number
  • the adequacy of compliance systems to identify any potential inappropriate access to a patient’s Medicare number
  • any other identified area of potential weakness associated with policy, process, procedures and systems in relation to accessibility of Medicare numbers

Further information

Page last updated: 30 April 2018