The Australian Prudential Regulatory Authority (APRA) has released a response to submissions on a proposed Reporting Standard HRS 605.0 Private Health Insurance Reform Data Collection (HRS 605.0). APRA will collect data under HRS 605.0 on behalf of the Department of Health (the Department) on private health insurance reform measures (reforms) announced by the Department in October 20171.
APRA collects information from financial sector entities under the Financial Sector (Collection of Data) Act 2001 (FSCODA) for a number of purposes, including to assist other agencies to perform their functions or exercise their powers.
In October 2017, the Department announced a range of private health insurance reforms2. The Department requested that APRA collect data to assist the Department in performing its functions to monitor and analyse the effects of the reforms on consumers and private health insurers (PHIs). The Department released a draft Excel-based reporting template and instructions for consultation in January 20193. After incorporating feedback, the Department released finalised versions of the reporting template and instructions in March 20194.
In September 2019, APRA released a draft HRS 605.0 for consultation. APRA received 11 submissions from PHIs and service providers. Submissions were primarily related to the volume of data collected, the implementation timeline, and the process of submitting data to APRA. Submissions also raised queries on reporting of specific data items.
Volume of data collected
Three submissions noted that the data requirements in HRS 605.0 were over and above the initial data request published by the Department. These submissions raised concerns regarding the additional operational effort required to prepare the additional data.
The additional data requirements are consistent with APRA’s intention to expand the scope of new collections to obtain data that can be used for multiple purposes. Furthermore, APRA intends for the data collected in HRF 605.0 to form the basis of a new private health insurance industry data model. APRA will continue to review its reporting standards and expects that the related data requirements will be migrated to this model by extending it with new concepts and dimensions.
Timeline for implementation
Three submissions raised concerns regarding the implementation timeframe, especially given the substantial difference between the original and revised collections. The submissions noted that there is insufficient time for entities to develop the data extract and to fully implement a control framework for which the appointed auditor must provide limited assurance under Prudential Standard HPS 310 Audit and Related Matters (HPS 310).
APRA acknowledges that the proposed timeframe may present difficulties for some entities to implement both the collection and control framework. For the first reporting period, entities may comply with the requirement to provide data that is the product of, and is subject to, the control framework on a ‘best endeavours’ basis.5 APRA intends for the best endeavours compliance to allow entities to focus on the development of the data extract. APRA expects full compliance with HRS 605.0 from the second reporting period for the quarter ending 30 September 2020.
Data submission formats
Two entities requested clarification of the required methods to submit data to APRA under HRS 605.0, especially given the concerns regarding the increased amount of data required.
APRA recognises the additional burden that would be imposed if manual entry was required for this collection. The first submission is likely to be collected via a secure Microsoft Excel upload. APRA will provide further information on this in early 2020, including a template for the Microsoft Excel file.
Additional submission methods such as XML and XBRL upload may be available under APRA’s new data collection solution and will be advised closer to implementation of the new data collection solution6.
One submission queried whether APRA will create a process for entities to confirm data has been loaded as expected.
APRA is creating a downloadable control report that can be used to ensure that the data transfer has worked as expected. APRA expects that PHIs can use this report as part of the audit of processes and controls for data submitted under HRS 605.0.
Confidentiality of the data
Data collected by APRA under a reporting standard is protected information under section 56 of the Australian Prudential Regulation Authority Act 1998 (APRA Act). APRA may disclose protected information in certain circumstances, including where APRA has determined the information to be non-confidential under section 57 of the APRA Act.
APRA stated in the consultation letter that it intends to determine HRS 605.0 data to be non- confidential for the purposes of section 56 of the APRA Act. Two submissions raised concerns that the level of granularity in the report, in addition to removing section 56 protection, may lead to the release of customer-level data.
The proposed determination will not affect APRA’s obligations under the Privacy Act 1988 (Privacy Act). The Privacy Act requires that where APRA has possession or control of a record that contains personal information, it shall not disclose that information to a person, body or agency (other than the individual concerned) except under specific circumstances. APRA will comply with its obligations under the Privacy Act in disclosing any data collected under HRS 605.0 to the Department.
Requests for additional clarification in HRS 605.0
Four submissions contained feedback, or requests for clarity, on specific parts of the draft Standard.
2 The following reform measures were identified as in-scope for this data collection: a) Supporting mental health,
b) Gold/silver/bronze/basic product categories, c) Increasing maximum excess levels, d) Discounts for 18 to 29 year olds, and e) Improved access to travel and accommodation benefits.