Terms and Conditions of Use and Access

These Terms and Conditions of Use and Access (Terms and Conditions) apply to all access and use of HPOS.

As a user of HPOS, you must:

  • provide us with a valid email address
  • use HPOS securely and for a proper purpose
  • comply with all laws and policies
  • report breaches
  • keep information up to date.

These HPOS Terms of Use also contain important information about how HPOS works, which you are bound by. Words that have a special meaning are defined in the glossary at the end. The laws of the Australian Capital Territory apply to these HPOS Terms of Use.

1. Accessing HPOS

HPOS is a service provided by Services Australia. We give you permission (in the form of a non-transferable, non-exclusive, revocable licence) to use HPOS so long as you provide us with a valid email address and comply with these HPOS Terms of Use. Your use of HPOS in no way transfers or assigns ownership in any intellectual property rights (including copyright) to you.

We may change these HPOS Terms of Use from time to time. If this happens, you will be notified electronically via the email address you have provided to us or through the HPOS Mail Centre.

If you do not agree with these HPOS Terms of Use or cannot comply with them, you should stop using HPOS.

If we find that you have failed to comply with these HPOS Terms of Use, your access to HPOS may be restricted, suspended, or revoked. In some instances, it is possible you could face civil or criminal penalties.

An end to your HPOS access does not release you from any liability or penalty you may have incurred arising from or in connection with your access or use of HPOS.

Your use of HPOS is at your own risk.

2. Use HPOS securely and for a proper purpose

Services Australia may monitor your use of HPOS.

You must:

  • only access information in HPOS about a person with the person’s consent and for claiming purposes only
  • keep information that you obtain through HPOS secure and confidential at all times
  • keep your Secure Access Details for HPOS secure and confidential at all times
  • follow all security prompts and notifications displayed in HPOS (e.g. change your password regularly).

You must not:

  • share your Secure Access Details with anyone
  • allow an Unauthorised Person to access HPOS
  • give false or misleading information in HPOS or to us
  • copy, extract, keep, publish, or share information you obtain through HPOS outside the course of your duties as, or on behalf of, a healthcare provider
  • introduce any Harmful Code to HPOS
  • use any software (like bots, scraper tools etc.) to access, monitor or copy HPOS or its contents
  • damage or destroy, or allow any other person to damage or destroy information in HPOS
  • leave the device you use to access HPOS unsecured.

If you are a Provider who delegates to other users to perform tasks in HPOS on your behalf, you must do so responsibly and appropriately.

If you are using the Find a Patient service, you must first obtain the patient’s consent and use the service for claiming purposes only. You must also agree to maintain the confidentiality of the information you obtain using this service.

3. Comply with all laws and policies

Your use of HPOS is also governed by laws and government policies.

Failure to take reasonable steps to protect HPOS information from misuse, interference and loss, and from unauthorised access, modification or disclosure is a serious offence under the Privacy Act 1988 (Cth).

Giving false or misleading information to us is a serious offence under the Criminal Code Act 1995 (Cth).

Unauthorised collection, use, or disclosure of information protected by the National Health Act 1953 (Cth), Health Insurance Act 1973 (Cth), My Health Records Act 2012 (Cth), Australian Immunisation Register Act 2015 (Cth), or Privacy Act 1988 (Cth) is a serious offence.

If you use HPOS for the Australian Immunisation Register, you must be a recognised vaccination provider or a prescribed body for the purposes of the Australian Immunisation Register Act 2015 (Cth).

If you use HPOS for DVA Webclaims, you must not charge the patient for the service. Please note that DVA Webclaims cannot be submitted between 11:45 pm and 5:00 am Australian Eastern Standard Time.

Each service or program you are authorised to access through HPOS has its own policies. You must comply with those policies as well.

4. Report breaches

Let us know as soon as possible and change your password immediately (if possible) if you suspect that:

  • your Secure Access Details for HPOS are lost, stolen, or compromised in any way
  • an Unauthorised Person has accessed HPOS
  • there is fraudulent activity using your Secure Access Details
  • a user has breached, or may soon breach their obligations under these HPOS Terms of Use
  • there is, or may be, a breach of the Privacy Act 1988
  • there is, or may soon be, a security breach or cyber-attack on HPOS.

5. Keep information up to date

You should update any information you provide in HPOS as soon as possible, including your contact, email and bank details.

We rely on information you provide through HPOS and treats it in the same way as information you provide on paper or in person. You are required by law to ensure that all information you provide is true, complete, and accurate.

6. Important information about how HPOS works

HPOS Mail Centre

Some programs and services in HPOS will use the HPOS Mail Centre to send all messages to you electronically.

Other programs and services in HPOS give you an option to receive messages in other ways (e.g. by email or by post). If you choose to receive messages for those programs and services through the HPOS Mail Centre, you will need to opt-in. If you later change your mind, you will then have to opt-out which may take up to 13 weeks to take effect. In the meantime, HPOS may continue to send messages to you through the HPOS Mail Centre.

Errors and interruptions

We cannot guarantee that HPOS and the information it contains are error free, or that access to HPOS is always uninterrupted. Your HPOS access will also depend on your telecommunications and internet service provider and other factors outside our control.

HPOS and the technology needed to use HPOS may change from time to time. We'll notify you if that happens. You'll need to follow instructions from us for your HPOS access to continue. You should check any messages from HPOS to you regularly and often.


To the maximum extent permitted by law, Services Australia disclaims liability for any Loss, to you or to others, arising from or in connection with any of the following events:

  • your failure to comply with these HPOS Terms of Use
  • your access or use of HPOS
  • damage or destruction of your device, for example phone, computer, or tablet, systems, or software
  • an interruption, restriction, suspension, revocation, change, or end to your HPOS access
  • messages from HPOS or Services Australia not being delivered to you on time or at all
  • information in HPOS from any source being inaccurate, incomplete, incorrect, outdated, missing, or not fit for purpose
  • a security breach in HPOS
  • a loss of data in HPOS
  • HPOS or Services Australia infringing the rights of anyone.

7. Glossary

DVA Webclaims allows the submission of bulk bill and patient claims using HPOS in relation to programs managed by the Department of Veterans’ Affairs.

Harmful Code is any virus, malware, disabling or malicious device or code, worm, Trojan, time bomb, hacking tool, or other harmful or destructive code.

HPOS means the Health Professional Online Services.

HPOS Mail Centre is an electronic messaging system that you can only access through HPOS. It is used by HPOS to communicate with you.

Loss means any loss, damage, cost, claim, liability, or expense, to a person or to property, whether direct, indirect, consequential, punitive, special, remote, abnormal, foreseeable, or unforeseeable, including without limitation: loss of profits, revenue, use, or data; loss or denial of opportunity; communication or support costs; and legal costs whether incurred by or awarded against a party.

Provider means an individual or entity authorised by Services Australia to use HPOS as a registered provider of healthcare and related services, such as an individual or entity registered on the Australian Health Practitioner Regulation Agency Register of Practitioners.

Secure Access Details are any and all information you need to access HPOS, including but not limited to: login details; passwords; passphrases; secret questions and answers; electronic keys or certificates; digital credentials; and codes generated by or communicated to tokens, your phone, or other electronic device.

Unauthorised Person means an individual or entity that is not authorised by Services Australia or a Provider to use HPOS. For example, if a person’s HPOS access was granted by a Provider who is no longer authorised by us to use HPOS, that person also becomes an Unauthorised Person. Some other examples include:

  • a person who has not been granted HPOS access
  • a person whose HPOS access has been suspended or revoked
  • a person whose HPOS access was not given by us or a Provider.

Page last updated: 10 December 2021