Terms and Conditions of Use and Access

These Terms and Conditions of Use and Access (Terms and Conditions) apply to all access and use of HPOS.

As a user of HPOS, you must:

  • provide the agency with a valid email address
  • use HPOS securely and for a proper purpose
  • comply with all laws and policies
  • report breaches and
  • keep information up to date.

These HPOS Terms of Use also contain important information about how HPOS works, which you are bound by. Words that have a special meaning are defined in the glossary at the end. The laws of the Australian Capital Territory apply to these HPOS Terms of Use.

1. Accessing HPOS

HPOS is a service provided by Services Australia (the agency). The agency gives you permission (in the form of a non-transferable, non-exclusive, revocable licence) to use HPOS so long as you provide the agency with a valid email address and comply with these HPOS Terms of Use. Your use of HPOS in no way transfers or assigns ownership in any intellectual property rights (including copyright) to you.

The agency may change these HPOS Terms of Use from time to time. If this happens, you will be notified electronically via the email address you have provided to the agency or through the HPOS Mail Centre.

If you do not agree with these HPOS Terms of Use or cannot comply with them, you should stop using HPOS.

If the agency finds that you have failed to comply with these HPOS Terms of Use, your access to HPOS may be restricted, suspended, or revoked. In some instances, it is possible you could face civil or criminal penalties.

An end to your HPOS access does not release you from any liability or penalty you may have incurred arising from or in connection with your access or use of HPOS.

Your use of HPOS is at your own risk.

2. Use HPOS securely and for a proper purpose

The agency may monitor your use of HPOS.

You must:

  • only access information in HPOS about a person with the person’s consent and for claiming purposes only
  • keep information that you obtain through HPOS secure and confidential at all times
  • keep your Secure Access Details for HPOS secure and confidential at all times and
  • follow all security prompts and notifications displayed in HPOS (e.g. change your password regularly).

You must not:

  • share your Secure Access Details with anyone
  • allow an Unauthorised Person to access HPOS
  • give false or misleading information in HPOS or to the agency
  • copy, extract, keep, publish, or share information you obtain through HPOS outside the course of your duties as, or on behalf of, a healthcare provider
  • introduce any Harmful Code to HPOS
  • use any software (like bots, scraper tools etc.) to access, monitor or copy HPOS or its contents
  • damage or destroy, or allow any other person to damage or destroy information in HPOS, or
  • leave the device you use to access HPOS unsecured.

If you are a Provider who delegates to other users to perform tasks in HPOS on your behalf, you must do so responsibly and appropriately.

If you are using the Find a Patient service, you must first obtain the patient’s consent and use the service for claiming purposes only. You must also agree to maintain the confidentiality of the information you obtain using this service.

If you are acting on behalf of an Organisation participating in the Organisation Register, you must keep that organisation’s details up to date, including but not limited to, details regarding providers working at an organisation site/s and any relevant accreditation, used specifically for administration of health programs and changes of ownership or location. If your organisation’s information is not up to date, this may affect access to programs and services.

3. Comply with all laws and policies

Your use of HPOS is also governed by laws and government policies.

Failure to take reasonable steps to protect HPOS information from misuse, interference and loss, and from unauthorised access, modification or disclosure is a serious offence under the Privacy Act 1988 (Cth).

Giving false or misleading information to the agency is a serious offence under the Criminal Code Act 1995 (Cth).

Unauthorised collection, use, or disclosure of information protected by the National Health Act 1953 (Cth), Health Insurance Act 1973 (Cth), My Health Records Act 2012 (Cth), Australian Immunisation Register Act 2015 (Cth), or Privacy Act 1988 (Cth) is a serious offence.

If you use HPOS for the Australian Immunisation Register, you must be a recognised vaccination provider or a prescribed body for the purposes of the Australian Immunisation Register Act 2015 (Cth).

If you use HPOS for DVA Webclaims, you must not charge the patient for the service. Please note that DVA Webclaims cannot be submitted between 11:45 pm and 5:00 am Australian Eastern Standard Time.

If you use HPOS to participate in the Organisation Register, you must be a legal entity that delivers healthcare or healthcare-related services. Your organisation details will be sourced from the Australian Business Register and used to validate your eligibility to participate. Details regarding your organisation and organisation site/s will be disclosed to the Department of Health and the Department of Veterans’ Affairs to enable those departments to administer aspects of the Organisation Register and/or health programs, for compliance purposes, for statistical and research purposes and to inform policy development.

Each service or program you are authorised to access through HPOS has its own policies. You must comply with those policies as well.

4. Report breaches

Let us know as soon as possible and change your password immediately (if possible) if you suspect that:

  • your Secure Access Details for HPOS are lost, stolen, or compromised in any way
  • an Unauthorised Person has accessed HPOS
  • there is fraudulent activity using your Secure Access Details
  • a user has breached, or may soon breach their obligations under these HPOS Terms of Use
  • there is, or may be, a breach of the Privacy Act 1988
  • there is, or may soon be, a security breach or cyber-attack on HPOS.

5. Keep information up to date

You should update any information you provide in HPOS as soon as possible, including your contact, email and bank details.

The agency relies on information you provide through HPOS and treats it in the same way as information you provide on paper or in person. You are required by law to ensure that all information you provide is true, complete, and accurate.

6. Important information about how HPOS works

HPOS Mail Centre

Some programs and services in HPOS will use the HPOS Mail Centre to send all messages to you electronically.

Other programs and services in HPOS give you an option to receive messages in other ways (e.g. by email or by post). If you choose to receive messages for those programs and services through the HPOS Mail Centre, you will need to opt-in. If you later change your mind, you will then have to opt-out which may take up to 13 weeks to take effect. In the meantime, HPOS may continue to send messages to you through the HPOS Mail Centre.

Errors and interruptions

The agency cannot guarantee that HPOS and the information it contains are error free, or that access to HPOS is always uninterrupted. Your HPOS access will also depend on your telecommunications and internet service provider and other factors outside the agency’s control.

HPOS and the technology needed to use HPOS may change from time to time. The agency will notify you if that happens. You will need to follow instructions from the agency for your HPOS access to continue. You should check any messages from HPOS to you regularly and often.


To the maximum extent permitted by law, the agency disclaims liability for any Loss, to you or to others, arising from or in connection with any of the following events:

  • your failure to comply with these HPOS Terms of Use
  • your access or use of HPOS
  • damage or destruction of your device (e.g: phone, computer, or tablet), systems, or software
  • an interruption, restriction, suspension, revocation, change, or end to your HPOS access
  • messages from HPOS or the agency not being delivered to you on time or at all
  • information in HPOS from any source being inaccurate, incomplete, incorrect, outdated, missing, or not fit for purpose
  • a security breach in HPOS
  • a loss of data in HPOS or
  • HPOS or the agency infringing the rights of anyone.

7. Glossary

DVA Webclaims allows the submission of bulk bill and patient claims using HPOS in relation to programs managed by the Department of Veterans’ Affairs.

Harmful Code is any virus, malware, disabling or malicious device or code, worm, Trojan, time bomb, hacking tool, or other harmful or destructive code.

HPOS means the Health Professional Online Services.

HPOS Mail Centre is an electronic messaging system that you can only access through HPOS. It is used by HPOS to communicate with you.

Loss means any loss, damage, cost, claim, liability, or expense, to a person or to property, whether direct, indirect, consequential, punitive, special, remote, abnormal, foreseeable, or unforeseeable, including without limitation: loss of profits, revenue, use, or data; loss or denial of opportunity; communication or support costs; and legal costs whether incurred by or awarded against a party.

Provider means an individual or entity authorised by the agency to use HPOS as a registered provider of healthcare and related services, such as an individual or entity registered on the Australian Health Practitioner Regulation Agency Register of Practitioners.

Secure Access Details are any and all information you need to access HPOS, including but not limited to: login details; passwords; passphrases; secret questions and answers; electronic keys or certificates; digital credentials; and codes generated by or communicated to tokens, your phone, or other electronic device.

Unauthorised Person means an individual or entity that is not authorised by the agency or a Provider to use HPOS. For example, if a person’s HPOS access was granted by a Provider who is no longer authorised by the agency to use HPOS, that person also becomes an Unauthorised Person. Some other examples include:

  • a person who has not been granted HPOS access
  • a person whose HPOS access has been suspended or revoked, or
  • a person whose HPOS access was not given by the agency or a Provider.
Page last updated: 29 September 2023.
QC 33486