On 9 August 2017, the following matter was referred to Finance and Public Administration References Committee for inquiry and report by 16 October 2017:
Circumstances in which Australians’ personal Medicare information has been compromised and made available for sale illegally on the ‘dark web’, including:
- any failures in security and data protection which allowed this breach to occur;
- any systemic security concerns with the Department of Human Services’ (DHS) Health Professional Online Services (HPOS) system;
- the implications of this breach for the roll out of the opt-out My Health Record system;
- Australian government data protection practices as compared to international best practice;
- the response to this incident from government – both ministerial and departmental;
- the practices, procedures, and systems involved in collection, use, disclosure, storage, destruction, and de-identification of personal Medicare information;
- the practices, procedures, and systems used for protecting personal Medicare information from misuse, interference, and loss from unauthorised access, modification, or disclosure; and
- any related matters.
The committee have agreed to accept submissions until 31 January 2018. The report is due to be tabled on 16 October 2017.