Sorry something went wrong. Please try again or call us on 134 148 or +61 3 9862 1095 from outside Australia.
(inclusive of GST, where applicable.)

ahm OSHC Privacy Policy

Who are we?

We are Medibank Private Limited ABN 47 080890 259 (Medibank) and Australian Health Management Group Pty Ltd ABN 96 003 683 298 (ahm), a subsidiary of Medibank. References to 'us', 'we' or 'our' include Medibank, ahm and, where the context requires, other Medibank subsidiaries (collectively Medibank Group Companies).

Who does this policy apply to?

This privacy policy applies to:

  • All current and past members of Medibank and ahm whose personal information we have collected
  • All individuals whose personal information is collected in relation to the products and services offered by Medibank Group Companies
  • All individuals whose personal information is collected by us in the course of our functions and activities such as service providers, contractors and prospective employees.

Protecting your privacy

We are committed to protecting your personal information and complying with our obligations under the Privacy Act 1988 (Cth) (Privacy Act) and other State and Territory laws governing the use of personal information (collectively, Privacy Laws) which regulate how personal information is handled from collection to use and disclosure, storage, access and disposal.

'Personal information' generally means any kind of information in any form about a person that identifies that person and includes sensitive information such as health information.

This privacy policy explains:

  • how we manage the personal information that we collect, use and disclose; and
  • how to contact us if you:
    • have any questions about our management of your personal information; or
    • would like to access or correct the personal information we hold about you; or
    • would like to lodge a complaint with us regarding our compliance with Privacy Laws.

What kind of personal information do we collect?

The types of personal information we may collect include:

  • identifying information such as name, date of birth and employment details;
  • contact information such as home address, home and mobile phone numbers and email address;
  • government-issued identifiers including including passport and visa details;
  • financial information, such as bank account and credit card details;
  • sensitive information, including information about your health, health services provided to you and your claims;
  • biometric information and templates, such as voice recognition information;
  • information about your activities, including sporting and other lifestyle interests; and
  • information about involvement in other programs you participate in or memberships you may have.

You generally have the right not to identify yourself when dealing with us where it is lawful and practicable for us to allow it. However, on many occasions we will not be able to do this. For example, we will need your name and residential address in order to provide you with private health insurance coverage.

If you do not provide or authorise the provision of personal information we request, we may be unable to provide you with some or all of our products and services or the product and services of our partners.

By becoming or remaining a member of one of our policies or by otherwise providing personal (including sensitive) information to us, you confirm that you and other members covered under the policy or other individuals whose information you or they provide have consented to us collecting, using and disclosing your and their personal (including sensitive) information, however collected by us, in accordance with this privacy policy.

How do we collect and hold your personal information?

We will only collect personal information about you by lawful and fair means and not in an unreasonably intrusive manner.

We may collect your personal information from:

  • you, another person covered by your policy or from a person authorised to provide us this information on your behalf;
  • a third party such as a hospital, dentist or optometrist or other health service provider who has treated you;
  • an employer, educational institution, government agency or adviser who has dealt with you (or their authorised representatives);
  • Medibank Group Companies who have provided you with services including health-related services;
  • a service provider engaged by us or a third party who partners with us; and
  • another health fund, if you are looking to transfer your membership.

We take all reasonable steps to protect your personal information from misuse and loss and from unauthorised access, modification or disclosure. We store your information securely and have a range of security controls in place to ensure that your information and documents are protected. Our employees are trained on privacy and access to personal information is restricted to individuals properly authorised to do so.

We also take reasonable steps to make sure that the personal information that we collect, use and disclose is accurate, complete, up to date and relevant. We keep your personal information for only as long as it is required in order to provide you with products and services and to comply with our legal obligations. When it is no longer needed for these purposes, we take reasonable steps to destroy or permanently de-identify this personal information.

Why do we collect, use and disclose your personal information?


We collect your personal information to enable Medibank Group Companies and our third party suppliers and partners to provide you with products and services, including insurance, health-related services, partner offerings and information on other products and services (collectively Insurance and Health Products). We may also be required by law to collect some personal information.

Where you provide personal information to the Medibank Group Companies as a service provider, contractor or prospective employee, we collect your personal information to enable us to fulfil the purpose and related purposes for which you provided the information.


We may use your personal information for these purposes, including to:

  • verify your identify and your eligibility for membership;
  • process your policy application and manage your policy manage our relationship with you;
  • process and audit payments and claims;
  • analyse, investigate, pursue and prevent suspected fraudulent activities;
  • manage and develop Insurance and Health Products;
  • assess your suitability for and contact you about Insurance and Health Products that we believe may be of benefit to you;
  • partner or work with third parties to improve our membership offering and value;
  • manage and develop our business and operational processes and systems;
  • conduct marketing, feedback and research activities;
  • manage and resolve any legal or commercial complaints or issues;
  • perform other functions and activities relating to our business; and
  • comply with our legal obligations.


In doing so we may disclose your personal information to persons or organisations in Australia and overseas including:

  • other persons covered by your policy as part of administering the policy and paying benefits;
  • our subsidiaries;
  • our agents and service providers;
  • our professional advisors;
  • health service providers;
  • potential or actual buyers of our assets, business or of shares in Medibank Group Companies;
  • payment system operators and financial institutions;
  • your agents and advisors or other persons authorised by, or responsible for, you;
  • government agencies, including the Department of Immigration and Border Protection;
  • your educational institution, migration agent or broker if you have OSHC or a visitors cover product;
  • third party insurers whom we are authorised to represent if you purchase other insurance products through us;
  • third parties with whom Medibank partners or works with to improve its membership offering and value;
  • other health funds, service providers or other third parties who assist us in the detection and investigation of fraud;
  • your employer (or their authorised representatives) if you have a corporate insurance product; and
  • other parties to whom we are authorised or required by law to disclose information.

How we communicate with you

To keep you informed quicker, where you provide us with an email address, we send most service-related communications to you by email. Service-related communications are the essential things you need to know about your cover, like changes to premiums and account notices.

From time to time, we may also collect and use your personal information so that we can promote and market Insurance and Health Products to you and keep you informed of special offers from Medibank Group Companies and third parties, including by direct mail, SMS and MMS messages, by phone and email.

You can choose how we communicate with you and manage your consents to receiving these offers by calling us on 134 148 or emailing us at

Do we disclose your personal information overseas?

We may need to disclose your personal information to organisations located outside of Australia from time to time in the ordinary course of our business. Most of these overseas organisations are services providers or related entities which provide support and assistance to us in delivering our products and services to you.

Where we do, we take reasonable steps to ensure that your information is given the same type of protection as it is afforded within Australia. This may be through satisfying ourselves that the overseas organisation has controls in place to comply with Australian privacy laws, ensuring that the overseas organisation is located in a country which we believe has a similar privacy regime to Australia or through contractually or otherwise mandating the adequate management of the information.

On occasion, we may also disclose your personal information to overseas organisations where you instruct us or expressly consent to us doing so. In such cases, we may not take the above steps in relation to the management of your information.

If you have a corporate health insurance product, there may be occasions where we are instructed by your employer to disclose your information to an overseas organisation in order to administer your policy. In such instances, we may not be able to take reasonable steps to ensure that your information will be afforded the same protection as in Australia and you may not be able to seek redress for how your information is handled under Australian privacy law.

Please see the section at the end of this policy which outlines the main countries to which personal information may be disclosed.

You can access or correct your personal information. How do you contact us to do so?

We will generally provide you with access to your personal information if practicable (although an administration fee may be charged), and will take reasonable steps to amend any personal information about you which is inaccurate or out of date.

You can get in touch with us at Medibank or at ahm to request the above any time you wish to do so.

In some circumstances, we may not permit access to your personal information, or may refuse to correct your personal information. Where this happens, we will provide you with reasons for this decision, seek alternatives and take any further legally required steps.

Do you have any concerns over the way we have collected, used or disclosed your personal information?

If you have any concerns or queries about the manner in which your personal information has been handled, please contact our Privacy Officer whose contact details are provided below.

If you wish to make a formal complaint, please provide your complaint in writing to our Privacy Officer. We will consider your complaint promptly and contact you to seek to resolve the matter.

Generally, we will contact you to acknowledge receipt of your complaint and let you know who is managing your query within 5 business days. We will attend promptly to your complaint and will aim to respond to your concerns or otherwise keep you informed of our progress within 30 days.

If we have not responded to you within a reasonable time or if your complaint is not resolved to your satisfaction, you are entitled under the Privacy Act to make a complaint to the Office of the Australian Information Commissioner.

You can write to our Privacy Officer at: Privacy Officer, Privacy Officer, Australian Health Management Group Pty Ltd, Locked Bag 1006, Matraville NSW 2036 or email

Further information

Further information about the application of the Privacy Act can be found at the website of the Office of the Australian Information Commissioner at

Changes to our Privacy Policy

This privacy policy was last reviewed in May 2016. As this privacy policy is updated from time to time, to obtain a copy of the latest version at any time, you should visit our website at or

Countries to which personal information may be disclosed

Listed below are the countries to which we may disclose personal information in the course of our functions and activities. This list does not include countries where you may have specifically instructed us to send your information or expressly consented to us sending your information.

Please see the Do we disclose your personal information overseas? section for information on the steps we take to ensure the adequate protection and appropriate management of this information.

  • India
  • Singapore
  • United States

This list is updated from time to time. You can visit our website at any time to view the latest version.