A guide to how St.LukesHealth is committed to protecting your personal information and respecting your privacy. 

Our privacy commitment to you

St Luke’s Medical and Hospital Benefits Association (ACN 009 479 618) (“St.LukesHealth”, “we”, “us” or “our) recognises the importance of keeping the personal information that you entrust to us private and confidential. This policy has been compiled to outline how your personal information is handled and to inform you of the steps taken by St.LukesHealth to protect your privacy. Our staff are trained to respect your privacy in accordance with applicable privacy laws and our standards, policies and procedures. We are committed to manage your personal information in an open and transparent manner. Any individual health information entered or uploaded into your Snug account is not disclosed to St.LukesHealth and is not used for any purpose in relation to your health insurance policy, without your consent.

About our privacy policy

This policy outlines how we manage your personal information and how we comply with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APP's). It also describes in general terms, the types of personal information held, for what purpose personal information is held, and how that information is collected, held, used and disclosed. This privacy policy may be updated from time to time.
This policy applies to all your dealings with St.LukesHealth whether it be at one of our customer care centres, at an agency, by telephone, electronically or personally with a St.LukesHealth representative.

Who does this policy apply to?

This policy applies to:
  • All current, prospective and former members of St.LukesHealth and Astute Simplicity Health whose personal information we have collected;
  • All individuals covered on a current, prospective or former St.LukesHealth or Astute Simplicity Health private health insurance product whose personal information we have collected; and 
  • Individuals whose personal information we have collected in relation to the provision of our products and services including service providers, contractors, job applicants and persons authorised to operate or administer a private health insurance policy on behalf of a member.

What is your personal information?

When used in this privacy policy, personal information has the same meaning given to it in the Privacy Act. In general terms, it is information that can be used to personally identify you such as your name, contact details (such as phone number, addresses and email), employment information or date of birth. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.

What is your sensitive information?

When used in this privacy policy, sensitive information has the same meaning given to it in the Privacy Act. In general terms, sensitive information is personal information about an individual’s health or genetics. We collect sensitive information about you, or your dependants in order to provide you with a health insurance product or service. Unless required by law, we will only collect sensitive information with your consent.

What personal information do we collect?

As a member of St.LukesHealth, certain personal and sensitive information (hereon referred to collectively as ‘personal information’) will be required to establish and maintain your membership, and for other related purposes. The type of information we will collect includes:
  • Identification information such as your name, date of birth, contact phone details, residential, postal and email addresses, gender, your family/single status, your dependants names, contact phone details, residential, postal and email addresses, health information, claims information, Medicare number, details relating to membership and coverage (including where applicable, details from any previous health insurer), Australian Government Rebate on Private Health Insurance registration details, employer details for members paying by payroll deduction, records of service contacts, bank/credit card details and other information that we consider necessary to provide you our services.
  • If you join a health management program, a chronic disease management program, or any other program developed to enhance the services available to you, we may hold information relating to your participation in that program. 
  • We may hold information about persons who have been designated to pay or act on behalf of St.LukesHealth members.
As a service provider, contractor or job applicant we may collect personal and sensitive information about you for the purposes of administering our business relationship.  This type of information may include: 
  • Identification information such as your name, contact phone details, business, residential, postal and email addresses.
  • Information provided or sourced by us specific to your relationship with us such as for a health service provider information including modality practiced, provider number, practice address and bank details. 

How do we collect your personal information?

When it is reasonable or practicable to do so, we will collect personal information directly from you (referred to as 'solicited information'. This may occur when you fill out a form or give personal information over the telephone, in one of our customer care centres, or electronically. It is important that you always keep your contact details up to date.
We may also collect personal information from:
  • a person authorised to provide information on your behalf, such as your carer, guardian or holders of your power of attorney, an individual nominated by you or if you are a dependant under a policy, we may collect personal information from the policy holder;
  • hospital, medical and general treatment providers relating to the ongoing management of your membership;
  • another health insurer (if you have transferred your membership to St.LukesHealth);
  • your employer (if your premiums are paid via payroll deduction);
  • a government agency or their authorised representatives (such as Services Australia);
  • any subsidiary company of St.LukesHealth that provides health-related services to you;
  • a service provider engaged by St.LukesHealth; or
  • as required by law.
Under some circumstances, we may contact a service provider who has treated you in the past, if the information would be relevant to your membership and the services you may receive or are to receive in the future.
We may receive your personal information from third parties, including from our commercial partners, who assist us to provide further services to you to enhance your membership. Should you choose to take up a further service, our commercial partners will let you know how they will manage your information through their privacy policy.

You, your policy and your dependants

When you commence a family, couples or single parent membership with us you have the following responsibilities regarding your nominated dependants (spouse/partner and children):
  • you consent to the collection, use and disclosure of the personal information of the nominated dependants for the purposes outlined in this privacy policy.
  • you will ensure that each dependant aged 16 years and over is made aware of this privacy policy.
  • you will only supply us with sensitive information, pertaining to dependants aged 16 years and over with their consent. We will assume that when a member makes a claim on behalf of a dependant aged 16 years and over, that the member has consent from the dependant to supply us with the information relevant to processing the claim.
  • you authorise all hospital, medical and general treatment providers to supply information (as reasonably required) that is relevant to the management of your health insurance membership for yourself and your nominated dependants and/or membership. Furthermore, you will ensure that you have the consent of each dependant aged 16 years and over, to give this authority on their behalf.
What happens if we receive unsolicited personal information?
If we receive information about you that we have not sought out (referred to as ‘unsolicited information’), we will check whether that information is reasonably necessary for our functions or activities. If it is, we will handle this information in accordance with this policy. If we are not permitted to collect this information, it will be either destroyed or de-identified, but only if it is lawful and reasonable to do so.

Why do we collect certain personal information?

We will collect information that we are legally required to do so as a registered health insurer and to enable us to provide you with a health insurance product and/or related services.
Information concerning the relationship of your dependants to you is collected to verify that they meet our definition of a “dependant” to ensure that the dependants are eligible to be covered under that membership.
Transfer details relating to your previous health insurer are collected to ensure that there is continuity of cover and to determine and inform you of your eligibility for benefits, or if waiting periods will apply.
If you wish to pay your premium by direct debit or have benefits transferred directly into your account, Credit Card or Bank account details are required to process and maintain payments.
Your Medicare number is collected to enable you to collect the Australian Government Rebate on Private Health Insurance. We also require this number for correspondence with Services Australia.
Your Medicare number is not used for any other purpose. Information that we collect on behalf of the Government is a requirement under the Private Health Insurance Act 2007.
While in certain circumstances we are required to collect government identifiers such as your Medicare number, we do not disclose this information other than when it is required or authorised by law. St.LukesHealth uses its own membership numbers to identify you.
We may collect information about you because we are required or authorised by law to collect it. For example, we require personal information to verify your eligibility for the Australian Government Rebate on Private Health Insurance.

What use is made of your personal information?  

The information that you provide to St.LukesHealth is used only for purposes that you would reasonably expect in providing you with a health insurance product and associated services. Including:
  • to identify you or verifying your authority to act on behalf of a member;
  • to establish and maintain your membership;
  • to process receipts and claims;
  • to answer your enquiries;
  • to provide effective risk management and to protect against fraud or improper claiming;.
  • analysis of information for product and services development and marketing purposes;
  • to meet internal functions such as administration and accounting systems;
  • information technology maintenance and development;
  • to train staff;
  • to investigate and resolve complaints relating to services provided by/or on behalf of St.LukesHealth;
  • to comply with any law or legislative requirements;
  • to keep you informed about your membership and other relevant information relating to St.LukesHealth; or
  • for any other purpose for which you have given your consent including to subscribe for services provided to St.LukesHealth members. 
The personal information that St.LukesHealth collects from its members may be used to develop health management programs, chronic disease programs and other products to enhance your membership (“the further services”). We may use your personal information to identify whether you are a suitable candidate for the further services, and if so, provide you with information about the further services, either directly or via our service providers.
In relation to all further services:
  • your decision to participate in the further services is voluntary; 
  • your premiums, claims and relationship with St.LukesHealth will not be affected by acceptance or nonacceptance of an offer to participate in the further services; 
  • you may decline the offer, or may, at any time, withdraw from the further services or a program in which you have enrolled; and 
  • you consent to St.LukesHealth providing your personal information to the service provider and that the use of your personal information in relation to the further services will be in accordance with the privacy policy of the relevant service provider.

Do you have to provide information?

The information collected by us is necessary to provide you with a health insurance product or service, to be able to accurately assess your claims and to maintain your membership. Failure to provide information may result in coverage being cancelled, a claim being rejected, or us being unable to provide you with the product or service you want. 


Your contact information may be used to notify you of new products, services or promotions being offered by St.LukesHealth. If at any time you no longer wish to receive this information, you can request to “opt out” from receiving this information by contacting our customer care centre on 1300 651 988, by email to general@stlukes.com.au or on our website at https://www.stlukes.com.au/optout.aspx.
We may conduct these marketing activities via email, telephone, SMS, mail or any other electronic means. We may also market our products or services to you through third party channels such as social networking sites. We will provide the option to 'opt out' of receiving our third-party marketing offers.
Where we market to prospective members, we are happy to disclose to you how we have obtained this information and will provide the option to 'opt out'.
We will not sell your personal information to any organisation outside of St.LukesHealth.

What information do we disclose?

The information St.LukesHealth collects from members or concerning members and their dependants will be kept strictly confidential and secure at all times. Where your personal information is disclosed, it will be disclosed in a manner consistent with the APP’s and disclosed in a manner that is consistent with the reason it was originally collected.
Personal information may also be disclosed at the member’s request; for example, to a member’s representative or any person acting on behalf of the member.
St.LukesHealth requires a written or verbal authority from you, or from an authorised representative (such as an attorney under a power of attorney) if you would like someone to deal with St.LukesHealth on your behalf or on behalf of any dependants on your membership.  Before an executor or other representative can act on your behalf, or on behalf of your estate, St.LukesHealth requires evidence that an appropriate authority exists.
Information will be disclosed to third parties in the following circumstances:
  • Where you would reasonably expect us to in order to provide the service in respect of which the information was originally collected. For example, when providing verification of your membership to a hospital prior to you receiving treatment, when sending claim data to Services Australia for the payment of Medicare benefit, to enable electronic claiming, or when transferring between health isurers. 
  • Where a third party has a confidentiality agreement with St.LukesHealth and it is required to perform a core business function on behalf of St.LukesHealth. For example, an agent transacting business for and on behalf of St.LukesHealth or a mailing house. Organisations that deliver services on behalf, or to St.LukesHealth may require your personal information for accounting and auditing purposes, claims assessment, review and analysis or providing other services and products. 
  • Where you have elected to enrol in further services or in other third party programs St.LukesHealth offer to its members
  • Where St.LukesHealth provides de-identified data. For example for the purpose of conducting health related research.
In some circumstances, we may disclose de-identified data to a third party, such as the entity that funds your participation, your employer, or a research institute for research purposes, to evaluate our service or to report on the global health of a population. In such circumstances we will ensure that the data cannot be reidentified or matched back to you personally in any way.  
  • Other third party service providers deliver products and services to St.LukesHealth members, such as health management programs, chronic disease management programs and other healthcare products and services. In order for them to administer these programs, products and services it is necessary to disclose your personal information to them. These organisations and third party service providers are under contractual obligations imposed by St.LukesHealth to not disclose your personal information and to use any information solely to deliver services on our behalf, and not for any other purpose. If you choose to participate in further services where a program requires the disclosure of personal information, third party service providers may collect personal information, including sensitive information from you. That personal information is not disclosed to St.LukesHealth, except as permitted under the Privacy Act. For example, this may include information for conducting clinical audits and for billing purposes. 
  • Your employer, if you choose to pay by payroll deduction. The information disclosed would only be that relating to payment of your membership. 
  • For Operational Reasons. For maintaining, reviewing and developing our business systems, procedures and infrastructure including testing or upgrading our computer systems in order to securely and efficiently deliver our services to you and other members. 
  • In Exceptional Circumstances. Disclosure of personal information may be deemed necessary in some exceptional circumstances such as when there are grounds to believe that the disclosure is necessary to prevent a threat to an individual’s health and safety, for law enforcement purposes or to protect public revenue. 
  • For Compliance Reasons. To ensure compliance with the relevant laws and regulations of being a registered health insurer, we are required to provide information to regulatory bodies, government agencies, complaints adjudicators, medical referees and others. 

How is your personal information protected and how long is it kept?

St.LukesHealth securely stores your personal information in a variety of ways including physical and digital formats.  We have a range of digital and physical security measures in place to protect the personal information we hold from misuse, loss, unauthorised access, modification or disclosure.
Your information is kept while we need it to provide the products and services that you have requested from us and where applicable, we are required to keep it to comply with statutory requirements.  Where St.LukesHealth determines it is no longer necessary to hold your personal information we will securely destroy, delete or permanently de-identify that information, wherever possible.
In the unlikely event that security of data is compromised, we will take reasonable steps to confirm any possible breach. If a breach is confirmed and it has the potential to cause you serious harm, we will notify you and provide you with a description of the breach, the kinds of information involved, and any recommended actions you could take to protect yourself.

Can you deal with us anonymously or using a pseudonym?

Yes, you can deal with us anonymously or using a pseudonym where it is lawful and practicable to do so. For example, if you were making a general inquiry as to the benefits we pay on a dental procedure there would be no need to provide your personal details. However, to verify that you are covered for a procedure and waiting periods or limits do not apply, membership details will be required.
In general, St.LukesHealth will not be able to deal with you anonymously or where you are using a pseudonym when: 
  • it is impracticable to do so; or
  • we are required or authorised by law to deal with you personally.  

Do we disclose your personal information to anyone outside Australia?

St.LukesHealth conducts its business operation within Australia and your information is stored by means of electronic storage within Australia. We commit to review the terms of service of any service provider of cloud or networked data storage to ensure that the security of your personal information is addressed in any service level agreement. We will not disclose your personal information to anyone located overseas without your consent.

How can you access your personal information?

You are entitled to access your personal information (or that of any dependant aged under 16 years) unless there are certain legal reasons why you cannot.
When a dependant is aged 16 years or older, St.LukesHealth will not give access to, or allow correction of, the dependant’s information by the dependant’s parents or other relevant guardians, unless it can be proven that the dependant is not able to exercise sound judgment, is of impaired capacity, or the depdendant has provided us with authority to do so.
St.LukesHealth may allow dependants under the age of 16 years to access, and correct their personal information if it can be reasonably established that they are able to exercise sound judgment. In this instance, their personal information will be handled in the same manner as a dependant who is 16 years or older. 
Access is subject to some exceptions allowed by law. These include where: 
  • access would pose a serious threat to the life or health of an individual.
  • access would have an unreasonable impact on the privacy of others.
  • the request is frivolous or vexatious.
  • the information relates to a commercially sensitive decision making process.
  • access would be unlawful.
  • access would prejudice enforcement activities relating to criminal activities and other breaches of law, public revenue, a security or negotiations with you.
  • access relates to existing or anticipated legal proceedings.
  • denying access is required or authorised by or under law.
If you wish to access your information, please contact one of our customer care centres or send your request by email to privacyofficer@stlukes.com.au. We will give you access to your information in the form that you want it where it is reasonable and practical to do so and we are satisfied as to your identity. There may be a charge associated with retrieving your information depending on the complexity of your request. However, we will inform you of any fee payable at the time a request is made.
If we cannot provide your information in the way you have requested, we will advise you of the reasons in writing.

What if my information is incorrect?

St.LukesHealth will take reasonable steps to ensure that the information we collect, use or disclose is accurate, complete and up to date. Please contact us at privacyofficer@stlukes.com.au if you believe that your personal information is inaccurate, incomplete, irrelevant, misleading or out of date. St.LukesHealth may also correct the information it holds about you if we become aware it is out of date or inaccurate.
If you ask St.LukesHealth to correct any information, we will assist you. We will help you manage corrections.  
Whether St.LukesHealth made the mistake or it was someone else we will help you ask for the information to be corrected, in this circumstance we may be required to discuss this correction with other parties.
If St.LukesHealth is able to correct your information, we will let you know within five business days of deciding to do this. If you ask us to do so, we will advise any relevant third parties of the correction, unless it is impracticable or unlawful for us to do so.
If St.LukesHealth is unable to correct your information, we will let you know within five business days of making this decision. If you are dissatisfied with our decision you can refer your complaint to the Office of the Australian Information Commissioner. Contact details are listed at the end of this policy.
If St.LukesHealth agrees to correct your information, we will do so within 30 days from when you requested the change, or a longer period that has been agreed by you.
If we cannot make the correction within a 30 day time frame or the agreed time frame, we must: 
  • let you know about the delay, the reasons for it and when we expect to resolve the matter;
  • ask you to agree in writing to give us more time; and
  • let you know you can complain to the Office of the Australian Information Commissioner. 

Member Correspondence

Any correspondence received by St.LukesHealth, including via the post, fax or email, is retained and recorded within St.LukesHealth membership communications. St.LukesHealth keeps these records in order to maintain the highest possible customer service levels and for any future enquiries. St.LukesHealth also retains any correspondence St.LukesHealth sends to you. The retention of these records may also help us in the investigation of potential fraud and violations of the St.LukesHealth User Agreements. We maintain policies and procedures for the retention of documents and data which governs the use of, and access to such material.

Our Web Site

St.LukesHealth recognises the importance of providing you a secure environment when communicating with us via the Internet and appropriate measures have been put in place to protect your personal information. For example we use industry accepted methodology to secure your information when you register for and use St.LukesHealth Connect. Your secured information is protected from unauthorised access through the use of firewalls, secure passwords and SSL Certificates.
St.LukesHealth may collect usage data from your computer when you visit our website through the use of tracking and/or cookies. This collection is to enable us to maintain and improve our online service. Any information collected is not linked in any way to personal identification details of members. Visitors to our website can adjust their browser preferences to prevent the collection of data. However, if you adjust your browser preferences, there may be some features of our website that will not be available to you and/or some pages may not display properly.

How do I make a complaint?

St.LukesHealth will make every attempt to ensure that your privacy is not breached; however, if you believe that your privacy has been breached, you can visit a Customer Care Centre, phone 1300 651 988, send an email to privacyofficer@stlukes.com.au or complete and send a Customer Feedback form, to the address mentioned below.
The Privacy Officer
P.O. Box 915                                                                   
Launceston TAS 7250
We will endeavor to resolve any issues you may have promptly and amicably. However, if you believe that we have not resolved the issue you may refer the matter to the Office of the Australian Information Commissioner:
Mail: GPO Box 5218, Sydney, NSW 2001
Online: www.oaic.gov.au/privacy
Phone: 1300 363 992
Email: enquiries@oaic.gov.au

Changes to this Privacy Policy

St.LukesHealth reviews this policy frequently to keep it up to date with laws, technology and industry changes. An up to date copy of the policy can be viewed or downloaded from www.stlukes.com.au
For more information on your privacy you can visit www.oaic.gov.au

An error has occurred

{{ message }}

Please try again in a moment.