Today's announcement, made by Human Services Minister Alan Tudge and Health Minister Greg Hunt, follows news reports last week that Medicare details were being sold on the dark Web.
At present, there is an online system available to general practitioners and other health providers to obtain Medicare card numbers for anyone who comes to them for service and does not have a card on their person.
This system, which can be accessed both online and through the telephone network, was set up in 2009. A year later an enhanced look-up function was added to allow the health provider to obtain a card number by using a name and date of birth.
"We re-emphasise that a Medicare card number alone does not provide access to any medical or clinical records," the ministers said.
"Medicare cards and Medicare numbers have always been sought by criminals. This review will identify options to improve the security of Medicare numbers while continuing to support the accessibility of medical care."
The review will get underway immediately, present an interim report by 18 August and a final report by 30 September.
It will look at and advise on:
- The type of identifying information that a person should be required to produce to access Medicare treatment in both urgent and non-urgent medical situations
- The effectiveness of controls over registration and authentication processes at the health provider's premises to access Medicare card numbers.
- Security risks and controls surrounding the provision of Medicare numbers across the telephone channel, and the online connection between external medical software providers and HPOS.
- The sufficiency of control by patients and the appropriateness of patient notification regarding access to their Medicare number.
- The adequacy of compliance systems to identify any potential inappropriate access to a patient’s Medicare number.
- Any other identified area of potential weakness associated with policy, process, procedures and systems in relation to accessibility of Medicare numbers.