The Privacy Act 1988 (and specific secrecy provisions in other legislation) protects information collected by the Australian Government through the Medicare and Pharmaceutical Benefits schemes (MBS and PBS).

Most people make claims under the MBS and PBS for a range of health services they receive in Australia. Health service providers regularly need to exchange relevant information with Medicare Australia in order to process these claims.

Due to its sensitivity, the handling of MBS and PBS information is also regulated by the National Health (Privacy) Rules 2021 (the MBS/PBS Rules). These are legally binding rules issued by the Australian Information Commissioner (Information Commissioner) under the National Health Act 1953.

The MBS/PBS Rules cover all Australian Government agencies who handle MBS and PBS information, in particular Medicare Australia (part of Services Australia) and the Department of Health and Aged Care. Those agencies must report to the Information Commissioner about certain matters under the MBS/PBS Rules. A person may complain to the Information Commissioner if they think that a breach of the MBS/PBS Rules has occurred.

The MBS/PBS Rules:

  • require that information obtained from the MBS and PBS is not stored in the same database
  • specify when claims information from the two programs may be linked
  • prohibit claims information over five years old from including information that could identify an individual
  • specify the circumstances in which old information may be re-linked.

We’re reviewing the MBS/PBS Rules to make sure they're still fit for purpose.