Changes to security questions on Provider Enquiries Line

27 Sep 2018

In response to concerns raised by the AMA on behalf of its members, the Department of Human Services is making a change to the security questions asked to doctors when contacting the Provider Enquiries Line to verify a patient’s Medicare Number.

Beginning in early October, the department has agreed to change the registered mobile phone number security question. Service operators will ask for only the last four numbers of the mobile phone number.

The department has also clarified that the current operational processes do not specify that the date of birth must be provided in a specific format. Providers who are concerned that there may be a privacy issue in their business operating environment can choose to instruct practice staff to provide the information in a numerical format (e.g. 01011975 ie zero one zero one one nine seven five) as opposed to word format (e.g. 1st January 1975).

DHS staff instructional documentation will be updated to include specific examples of acceptable response formats.

The additional security questions were implemented in May following the recommendations of the Independent Review of Health Providers’ Access to Medicare Card Numbers. The AMA, in its submission to the Review, advised that the Government's response needed to be appropriate to the risks and that any changes must not increase the administrative burden on practitioners or practices, nor introduce unnecessary administrative barriers to care.

Practitioners, rather than calling the provider enquiry line, can also access real-time Patient Verification Services online through the Health Professional Online Services (HPOS). Practitioners are encouraged to register for a Provider Digital Access Account (PRODA) if they don’t already have one. PRODA provides an easier but more secure mechanism for accessing HPOS than the Medicare Public Key Infrastructure certificate, which is being phased out.

AMA Submission to the Review