ato logo
Search Suggestion:

Private health insurance statement data

About private health insurance (PHI) statement data and what we do with the data we collect from the program.

Last updated 7 December 2022

Private health insurance statement data overview

Private health insurance (PHI) statement data is available to taxpayers. We use it to pre-fill their health insurance details in their tax return when using our online services.

Pre-fill information

PHI statement data is available to:

  • tax professionals through  
    • the pre-filling report in Online services for agents
    • Practitioner Lodgment Service (PLS) through Standard Business Reporting (SBR) enabled software
     
  • individual self-preparers through myTax.

If your pre-filled information is out of date, you can update it with the correct information. If you think the pre-fill information is wrong, contact the organisation that provided the information to resolve any differences before you lodge your return.

If you need to query a PHI statement pre-fill amount, contact us.

When we seek verification from you

We undertake automated checking to ensure you provide correct PHI statement information.

When you lodge your return, we may need to verify PHI information you provide if we identify discrepancies. We will contact you by phone, data-matching letter or email. You will have up to 28 days to verify the accuracy of the information before we undertake administrative action.

Correcting information

In limited circumstances, we may correct the PHI information you provide without verifying the information with you. We do this when we believe you have misunderstood your PHI statement or may have incorrectly complete your return. We may change the tax return with the correct PHI statement data that is available to us.

If you disagree with the decision we made about your information, you can ask us to review our decision or lodge an objection.

Our automated checking process is inconsistent with guideline 6 in the OAIC Guidelines on data matching in Australian Government administrationExternal Link. We have sought an exemption from the Australian Information Commissioner.

Private health insurance statement data insights

We use insights from the data to deliver services to make it easier for taxpayers to comply and harder not to.

The PHI statement data is compared with claims a taxpayer makes in their tax return.

The data helps us:

  • ensure individuals correctly report PHI statement data when they lodge
  • determine if an individual may have to pay the Medicare levy surcharge (MLS)
  • identify individuals trying to avoid the MLS, who don't have the appropriate private patient hospital cover or income to do so
  • determine who is entitled to claim the private health insurance rebate (PHIR)
  • identify who may have made a claim for the rebate but are not meeting the income threshold or PHI policy requirements
  • avoid unnecessarily contacting those that are genuinely exempt from MLS and those entitled to claim the PHIR
  • identify relevant cases for administrative action, including compliance activities and educational strategies.

We receive approximately 30 million PHI transactions each year. Our PHI statement data-matching activities allows us to look at approximately 46,000 cases each year, apply the MLS and confirm accurate PHI premium and PHIR reporting.

Previous related programs

The Department of Health and Aged Care (Health) determines PHI policy.

Under Section 282 of the Private Health Insurance Act 2007, mandatory collection of PHI statement data was undertaken by Services Australia (Medicare). Medicare was required to provide the data to the ATO to support pre-fill and compliance.

In 2015, Medicare no longer required the data for their purposes and ceased collecting PHI statement data. ATO, Services Australia, Department of Health, private health insurers, and their software developers opted for an administrative solution to continue to provide the pre-fill experience and access to the data for tax compliance.

Private health insurers now report their data directly to us in accordance with notices issued under section 264BB of the Income Tax Assessment Act 1936.

This program compliments the existing cooperative framework that allows PHI providers and us to perform our respective legal functions efficiently and effectively.

Data providers

We are the matching agency and, in most cases the sole user of the data obtained during this data-matching program.

We collect data from PHI statement providers. Software developers provide reporting software for the electronic generation of PHI statements. They apply the specifications available on our Software developers websiteExternal Link.

We obtain data from:

  • BUPA
  • Medibank private health fund
  • Hospital contribution fund
  • NIB health fund
  • HBF health limited
  • Australian unity health fund
  • Defence health LTD
  • GMHBA limited
  • CBHS health fund limited
  • Westfund limited
  • Health insurance fund of Australia
  • Health partners LTD
  • Latrobe health services
  • Teachers union health
  • Grand united corporate health
  • CUA health fund
  • People care health insurance
  • St Lukes medical and hospital
  • Police health limited
  • Queensland country health fund
  • Navy health
  • The doctor's health fund
  • RT health fund
  • Myown
  • Phoenix health fund
  • Mildura district hospital fund
  • Onemedifund
  • Health care insurance LTD
  • ACA health benefits fund
  • Transport health PTY LTD
  • Cessnock district health benefits fund
  • Reserve bank health society LTD
  • CBHS corporate health fund

The software providers are:

  • Agility Pacific Paragon21
  • CIVICA Pty Ltd
  • HAMBS
  • PHI in-house developed software.

Data provider eligibility

We use a principles-based approach to ensure our selection of data providers is fair and transparent.

Data providers are eligible if the:

  • PHI policy provider or its subsidiary operates a business in Australia that is governed by Australian law.
  • data provider is a private health insurer who provides health insurance for their members.
  • data provider supplied PHI for their members for the years in focus.

The data providers for this program are reviewed annually against the eligibility principles.

Our formal information gathering powers

To ensure statutory requirements are met, we obtain data under our formal information gathering powers in Section 264BB of the Income Tax Assessment Act 1936.

After issuing a formal notice using the Commissioner's information gathering powers, the PHI statement providers must provide the information requested. There are penalties for refusing or failing to comply with the notice.

We will use the data for tax and superannuation compliance purposes.

Privacy Act

Data will only be used within the limits prescribed by Australian Privacy Principle 6 (APP6) contained in Schedule 1 of the Privacy Act, in particular:

  • APP6.2(b) – the use of the information is required or authorised by an Australian law
  • APP6.2(e) – the ATO reasonably believes the use of the information is reasonably necessary for our enforcement-related activities.

Data elements we collect

We collect the PHI statement data from private health insurance statement providers. The data includes your PHI premiums and private patient hospital cover.

Software provider details – non-individuals

  • Name of the organisation sending the data
  • Addresses (residential, postal, other)
  • Australian business number (ABN) if applicable
  • Email address
  • Contact phone numbers

Private health insurance provider details – non-individuals

  • Business and trading name
  • Fund code
  • Addresses (business, postal, registered, other)
  • ABN
  • Contact name
  • Contact phone numbers
  • Email address

Identity details – individuals

  • Policy membership number
  • Unique personal identifier
  • Given and surnames (if more than one name on the policy)
  • Dates of birth
  • Addresses (residential, postal, other)
  • Email address
  • Contact phone numbers

Private health insurance statement details

  • Policy membership number
  • Unique personal identifier
  • Policy role
  • Premium paid in the financial year
  • Australian Government rebate received
  • Premium eligible for Australian Government rebate
  • Benefit code
  • MLS record – start and end date

Number of records

We expect to collect data on approximately 14.6 million individuals each financial year for this program.

Data quality

We anticipate the data quality will be of a high standard, given private health insurance:

  • is administered by the Department of Health with prudential oversight by Australian Prudential Regulation Authority (APRA) in accordance with the Private Health Insurance (Prudential Supervision) Act 2015External Link
  • providers must satisfy specific regulatory requirements, including licencing, registration, and due diligence obligations to maintain the quality of their records to provide quality health insurance cover
  • providers operate in cross jurisdictional legislative frameworks
  • data has been reported to us for many years with the data and reporting specificationExternal Link routinely refined.

Data retention

We collect data under this program for all financial years from 2014–15 to 2027–28.

We collect the data for each financial year no later than 15 July each year. We collect a number of amendment reports:

  • First provision of amendment data – in the first 8 days of the first October after the original report is lodged
  • Second provision of amendment data – in the first 8 days of the first April after the original report is lodged
  • Third provision of amendment data – in the first 8 days of the second October after the original report is lodged
  • Fourth provision of amendment data – in the first 8 days of the second April after the original report is lodged.

We destroy data that is no longer required in accordance with the Archives Act 1983, and the general and ATO-specific records authorities issued by the National Archives of Australia.

We keep each financial year’s data for 10 years from receipt of the final instalment of verified data files from the data providers. We require the data for this period to protect public revenue:

  • Keeping data for 10 years ensures data is available for pre-fill, and to help tax agents complete prior year outstanding tax returns for their clients.
  • Keeping data for 10 years doesn't deviate from our general compliance approach of reviewing an assessment in the standard period of review and aligns with the requirements for taxpayers to keep their records.
  • The Private Health Insurance Act 2007 was amended in 2018. This removed the mandatory requirement for private health insurers to provide their members a PHI statement. PHI statement data for pre-fill is now the main and more accessible data source for individuals and their tax agents to complete prior year tax returns.
  • Data we keep helps us identify taxpayers who may not be complying with their tax and super obligations.
  • Data we keep is used in multiple risk models, including models that create retrospective profiles over multiple years aligned with periods of review.

For more information, see Data retention and destruction.

We understand that increased data retention periods may increase privacy risks. We have a range of safeguards in place to manage and minimise these risks. We design our systems and controls to ensure the privacy and security of the data we manage.

QC71014