How we use Medicare entitlement statement data
The data collected under this program is used for data analytics and insights to support accurate reporting and effective administration of the Medicare levy and Medicare levy surcharge.
Data analytics and insights
The data helps us:
- identify taxpayers who are correctly claiming Medicare levy exemption and Medicare levy surcharge to avoid unnecessary contact
- tailor assistance and messaging to support correct reporting
- identify potential discrepancies that may require clarification or verification
- apply compliance action where risks remain after engagement and assistance.
Previous related programs
We have been running the Medicare Entitlement Statement data‑matching program since the 2016–17 financial year. The protocol for this work was previously known as the Services Australia Specified Benefits and Entitlements program. The most recent version of that protocol was published in June 2024 and covered data collection up to the 2025–26 financial year.
Our data matching activities on Medicare exemption claims for 2024–25 returns identified over 250,000 taxpayers who held a MES. We were able to validate 96% of these claims without needing to contact the taxpayer. Reviews were conducted on 21,800 taxpayer returns.
Data providers
We are the matching agency and, in most cases the sole user of the data obtained during this data-matching program.
We obtain data from Services Australia.
Our formal information gathering powers
To ensure statutory requirements are met, we obtain data under our formal information gathering powers. These are contained in section 353-10 of Schedule 1 to the Taxation Administration Act 1953.
Data providers are obligated to provide the information requested.
We will use the data to support tailored assisted lodgment activities, and tax and super compliance purposes.
Services Australia disclosure
Services Australia collects the data from applications made by taxpayers to enable a MES to be issued. The data is then provided to the ATO for the purposes of assessing the Medicare levy and Medicare levy surcharge. The power to issue an MES is implied from section 251U(1)(f) of the Income Tax Assessment Act 1936 (ITAA 1936). That implied power is vested in the Health Minister, through the ability to certify a prescribed person.
Services Australia officers involved in the MES data exchange project are performing functions under a taxation law. Therefore, disclosures made by the officers are under the ‘performance of duties’ exception which is a permitted disclosure under Division 355 Schedule 1 of the Taxation Administration Act 1953 (TAA).
As the MES Data is collected and sent by Services Australia to the ATO for the purpose of administering taxation law, there will be no offence provided the record is only made to the extent that is necessary to administer the taxation law (item 1 in subsection 355-50(2) of Schedule 1 to the TAA).
Privacy Act
Data will only be used within the limits prescribed by Australian Privacy Principle 6 (APP6) contained in Schedule 1 of the Privacy Act and in particular:
- APP6.2(b) – the use of the information is required or authorised by an Australian law
- APP6.2(e) – the ATO reasonably believes that the use of the information is reasonably necessary for our enforcement-related activities.
Data elements we collect
We collect MES data from Services Australia which includes client identification details and MES transaction details.
We anticipate that the data quality will be of a high standard. Services Australia data is of a high quality and regularly relied on for administration of the tax system, and data quality has been strengthened over time through ongoing collaboration between the ATO and Services Australia.
Improvements have been made to data processing and availability, including a move from bi-annual to daily data transfer, which supports more timely and accurate use of the data.
We work with Services Australia to obtain data held within their systems. The data collected may include all, or a selection of the following fields.
Client identification details – individuals
Client identification data elements collected from Services Australia are used to identify and match taxpayers for the purposes of administering the Medicare levy and Medicare levy surcharge.
These data elements primarily relate to identifying information about the taxpayer and include, but are not limited to:
- given names and surname
- date of birth
- addresses (residential, postal, other).
Medicare entitlement statement data-matching program transaction details
Transaction data collected under the Medicare entitlement statement data-matching program relates to a taxpayer's entitlement status and MES application outcomes.
These data elements include:
- period or periods the person was not entitled to Medicare benefits
- current status of the MES application
- date of the MES application
- outcome of the MES application
- date MES application was approved or rejected.
All data collected is limited to what is necessary for administering taxation law and is obtained in accordance with the ATO's formal information gathering powers.
Number of records
We expect to collect data on approximately 300,000 taxpayers for each financial year as part of this program.
Data retention
We collect this data daily under this program for all financial years from 2016–17 to 2028–29.
We retain each financial year’s data for 5 years from receipt of the final instalment of verified data files from the data providers.
The data is required for this period for the protection of public revenue:
- retaining data for 5 years enables us to undertake verification activities where the information obtained indicates a taxpayer may not be entitled to claim the exemption, either partly or in full
- the data supports identification of cases where additional assistance, clarification or verification may be required, helping to ensure accurate assessments and maintain the integrity of the tax and super systems
- the data is used in risk and analytical models, including models that assess information across multiple income years within the standard period of review
- retaining data for 5 years supports our general compliance approach of reviewing an assessment within the standard period of review and aligns with the requirements for taxpayers to keep their records.
While increased data retention periods may increase the risk to privacy, we have a range of safeguards to manage and minimise this. Our systems and controls are designed to ensure the privacy and security of the data we manage.