The Privacy Commissioner, Karen Curtis, has found that private health insurance company HCF did not breach the Privacy Act when it disclosed the personal and sensitive information of its clients to McKesson Asia Pacific as part of its ‘Helping Hands’ program.

It had been alleged in media reports that HCF had given McKesson the
contact details, gender, age, the broad type of mental illness, and the
number of hospital admissions for 370 of its members without their
consent.

The OFPC investigation established that HCF wrote to members inviting them to
participate in the ‘Helping Hands’ program based on their claims
history. The letters described the program’s purpose and background,
setting out McKesson’s role in administering the program and the
contact process. Participation in the ‘Helping Hands’ program was
entirely voluntary and involved telephone-based case management and
support.

In addition, the HCF Privacy Policy advises members that it
may use the personal information it collects to provide further health
services where the member has consented or would reasonably expect HCF
to do so.