On 9 August 2017, the following matter was referred to Finance and Public Administration References Committee for inquiry and report by 16 October 2017:

Circumstances in which Australians’ personal Medicare information has been compromised and made available for sale illegally on the ‘dark web’, including:

1. any failures in security and data protection which allowed this breach to occur;
2. any systemic security concerns with the Department of Human Services’ (DHS) Health Professional Online Services (HPOS) system;
3. the implications of this breach for the roll out of the opt-out My Health Record system;
4. Australian government data protection practices as compared to international best practice;
5. the response to this incident from government – both ministerial and departmental;
6. the practices, procedures, and systems involved in collection, use, disclosure, storage, destruction, and de-identification of personal Medicare information;
7. the practices, procedures, and systems used for protecting personal Medicare information from misuse, interference, and loss from unauthorised access, modification, or disclosure; and
8. any related matters.

The committee have agreed to accept submissions until 31 January 2018. The report is due to be tabled on 16 October 2017.