on this page
As a user of HPOS, you must:
- provide us with a valid email address
- use HPOS securely and for a proper purpose
- comply with all laws and policies
- report breaches
- keep information up to date.
1. Accessing HPOS
An end to your HPOS access does not release you from any liability or penalty you may have incurred arising from or in connection with your access or use of HPOS.
Your use of HPOS is at your own risk.
2. Use HPOS securely and for a proper purpose
Services Australia may monitor your use of HPOS.
- only access information in HPOS about a person with the person’s consent and for claiming purposes only
- keep information that you obtain through HPOS secure and confidential at all times
- keep your Secure Access Details for HPOS secure and confidential at all times
- follow all security prompts and notifications displayed in HPOS (e.g. change your password regularly).
You must not:
- share your Secure Access Details with anyone
- allow an Unauthorised Person to access HPOS
- give false or misleading information in HPOS or to us
- copy, extract, keep, publish, or share information you obtain through HPOS outside the course of your duties as, or on behalf of, a healthcare provider
- introduce any Harmful Code to HPOS
- use any software (like bots, scraper tools etc.) to access, monitor or copy HPOS or its contents
- damage or destroy, or allow any other person to damage or destroy information in HPOS
- leave the device you use to access HPOS unsecured.
If you are a Provider who delegates to other users to perform tasks in HPOS on your behalf, you must do so responsibly and appropriately.
If you are using the Find a Patient service, you must first obtain the patient’s consent and use the service for claiming purposes only. You must also agree to maintain the confidentiality of the information you obtain using this service.
3. Comply with all laws and policies
Your use of HPOS is also governed by laws and government policies.
Failure to take reasonable steps to protect HPOS information from misuse, interference and loss, and from unauthorised access, modification or disclosure is a serious offence under the Privacy Act 1988 (Cth).
Giving false or misleading information to us is a serious offence under the Criminal Code Act 1995 (Cth).
Unauthorised collection, use, or disclosure of information protected by the National Health Act 1953 (Cth), Health Insurance Act 1973 (Cth), My Health Records Act 2012 (Cth), Australian Immunisation Register Act 2015 (Cth), or Privacy Act 1988 (Cth) is a serious offence.
If you use HPOS for the Australian Immunisation Register, you must be a recognised vaccination provider or a prescribed body for the purposes of the Australian Immunisation Register Act 2015 (Cth).
If you use HPOS for DVA Webclaims, you must not charge the patient for the service. Please note that DVA Webclaims cannot be submitted between 11:45 pm and 5:00 am Australian Eastern Standard Time.
Each service or program you are authorised to access through HPOS has its own policies. You must comply with those policies as well.
4. Report breaches
Let us know as soon as possible and change your password immediately (if possible) if you suspect that:
- your Secure Access Details for HPOS are lost, stolen, or compromised in any way
- an Unauthorised Person has accessed HPOS
- there is fraudulent activity using your Secure Access Details
- there is, or may be, a breach of the Privacy Act 1988
- there is, or may soon be, a security breach or cyber-attack on HPOS.
5. Keep information up to date
You should update any information you provide in HPOS as soon as possible, including your contact, email and bank details.
We rely on information you provide through HPOS and treats it in the same way as information you provide on paper or in person. You are required by law to ensure that all information you provide is true, complete, and accurate.
6. Important information about how HPOS works
HPOS Mail Centre
Some programs and services in HPOS will use the HPOS Mail Centre to send all messages to you electronically.
Other programs and services in HPOS give you an option to receive messages in other ways (e.g. by email or by post). If you choose to receive messages for those programs and services through the HPOS Mail Centre, you will need to opt-in. If you later change your mind, you will then have to opt-out which may take up to 13 weeks to take effect. In the meantime, HPOS may continue to send messages to you through the HPOS Mail Centre.
Errors and interruptions
We cannot guarantee that HPOS and the information it contains are error free, or that access to HPOS is always uninterrupted. Your HPOS access will also depend on your telecommunications and internet service provider and other factors outside our control.
HPOS and the technology needed to use HPOS may change from time to time. We'll notify you if that happens. You'll need to follow instructions from us for your HPOS access to continue. You should check any messages from HPOS to you regularly and often.
To the maximum extent permitted by law, Services Australia disclaims liability for any Loss, to you or to others, arising from or in connection with any of the following events:
- your access or use of HPOS
- damage or destruction of your device, for example phone, computer, or tablet, systems, or software
- an interruption, restriction, suspension, revocation, change, or end to your HPOS access
- messages from HPOS or Services Australia not being delivered to you on time or at all
- information in HPOS from any source being inaccurate, incomplete, incorrect, outdated, missing, or not fit for purpose
- a security breach in HPOS
- a loss of data in HPOS
- HPOS or Services Australia infringing the rights of anyone.
DVA Webclaims allows the submission of bulk bill and patient claims using HPOS in relation to programs managed by the Department of Veterans’ Affairs.
Harmful Code is any virus, malware, disabling or malicious device or code, worm, Trojan, time bomb, hacking tool, or other harmful or destructive code.
HPOS means the Health Professional Online Services.
HPOS Mail Centre is an electronic messaging system that you can only access through HPOS. It is used by HPOS to communicate with you.
Loss means any loss, damage, cost, claim, liability, or expense, to a person or to property, whether direct, indirect, consequential, punitive, special, remote, abnormal, foreseeable, or unforeseeable, including without limitation: loss of profits, revenue, use, or data; loss or denial of opportunity; communication or support costs; and legal costs whether incurred by or awarded against a party.
Provider means an individual or entity authorised by Services Australia to use HPOS as a registered provider of healthcare and related services, such as an individual or entity registered on the Australian Health Practitioner Regulation Agency Register of Practitioners.
Secure Access Details are any and all information you need to access HPOS, including but not limited to: login details; passwords; passphrases; secret questions and answers; electronic keys or certificates; digital credentials; and codes generated by or communicated to tokens, your phone, or other electronic device.
Unauthorised Person means an individual or entity that is not authorised by Services Australia or a Provider to use HPOS. For example, if a person’s HPOS access was granted by a Provider who is no longer authorised by us to use HPOS, that person also becomes an Unauthorised Person. Some other examples include:
- a person who has not been granted HPOS access
- a person whose HPOS access has been suspended or revoked
- a person whose HPOS access was not given by us or a Provider.