My Health Records system was established in 2012 under the My Health Records Act 2012. My Health Record is an online summary of an individual’s health information that is available to the individual and healthcare providers nationally. It is designed to facilitate the sharing of health information between healthcare providers for the benefit of the patient (see A guide to My Health Record: for BBV & STI healthcare providers to support their patients). Initially, the system was only for individuals who opted-in to its use, but in 2018 the Government amended the system to become an opt-out record. This meant that from 31 January 2019, any individual who did not opt-out from the My Health Record, and is eligible, will automatically have had a record created.
Uploading Information and Access
To upload health information to a patient’s My Health Record, a healthcare worker does not need the patient’s consent. However, to meet ethical obligations, good clinical practice would be to do so only once the patient has provided consent. There is a positive legal obligation not to upload a record if the patient has requested that.[1]
A patient can access their My health Record online through their personal myGov portal. A healthcare provider may also access this information for the purpose of providing healthcare to the individual, subject to any security measures the patient has put in place.[2] For example, a patient may limit access to any information that is uploaded to the record through the setting of access codes.
There are certain circumstances where a participant in the My Health Record system may access and disclose health information without the patient’s consent. This includes where the access, use or disclosure of the information is necessary to prevent a serious threat to an individual’s life and it is unreasonable or impracticable to obtain the patient’s consent.[3] Other exceptions may include where access and disclosure is necessary to lessen or prevent a serious threat to public health or safety[4], the information is subject to a court order[5] or otherwise authorised by law[6].
There are also certain circumstances where disclosure of health information is prohibited including the disclosure to enforcement agencies and government departments without a court order.
Security Storage
The System Operator may take specific action if they are satisfied that the security of the My Health Record system may be compromised. This includes refusing, cancelling or suspending the registration of a healthcare recipient or healthcare provider.[7] It is also the responsibility of the System Operator to maintain an audit service that records the activity of users in relation to the My Health Record system.[8] (see also A guide to My Health Record: for BBV & STI healthcare providers to support their patients) - Security section pg11)
References
[1] My health Record Act 2012 (Cth) sch 1 div 3 sub-div A
[2] My health Record Act 2012 (Cth) sch 1 div 2 sub-div A s 61
[3] Ibid s 64
[4] Ibid s 64
[5] Ibid s 69
[6] Ibid s 65
[7] Ibid s41,44,51 [8] Ibid s15
Page last updated October 2022