What is My Health Record?
Why is there a need for a digital record system?
- The Australian Medical Association's policy position for maximising My Health Record, states:
- The Royal Australian College of General Practitioners (RACGP) includes helpful case studies on their website on the benefits of My Health Record for GPs:
- The Pharmacy Guild of Australia supports the My Health Record in community Pharmacy:
How does My Health Record system protect people’s health information?
- Overseas access by Consumers and Healthcare Providers
- Multiple failed logins from the same computer
- Multiple logins within a short period of time
- Logins to the same record from multiple computers at the same time
- High transaction rate for a given Healthcare Provider
- Certain instances of after business hours access and all instances of emergency access.
How do healthcare providers protect your health information?
- are directly involved in the individual’s care;
- have a healthcare provider certificate installed (either with NASH HPI-I or HPI-O certificate) on the device that they are using to access the record;
- a valid username and password, and;
- have the Record Access Code (RAC), if an individual has enable restrictions.
What controls do individuals have?
- Setting a Record Access Code (RAC) which the individual can give to their healthcare provider organisation to allow access to their record, and prevent other healthcare providers from access unless in an emergency
- Flagging specific documents in their record as ‘limited access’, and controlling who can view
- Removing documents from view within their record
- Asking healthcare providers not to upload information and, under the My Health Records Act 2012, healthcare providers must comply with this request.
Download 'Factsheet: Security of My Health Record'
Australian Digital Health Agency MOU Biannual Report 2016-2017 for the period ending 31 December 2016
Chief Executive Officer
Australian Digital Health Agency
Level 25, 56 Pitt Street
Sydney NSW 2000
Details of mandatory data breach notifications relating to the My Health Record system
Mandatory data breach notifications received during the reporting period
- Eleven notifications resulted from findings under the Medicare compliance program that certain Medicare claims in the name of a healthcare recipient but not made by that healthcare recipient were uploaded to their My Health Record. These notifications totalled 92 breaches, each of which affected a separate healthcare recipient. Seven of these data breach notifications have been closed, totalling 67 breaches, and the review of the other four notifications, totalling 25 breaches, was ongoing as at 31 December 2016.
- A further seven notifications, affecting fourteen healthcare recipients, eight with a My Health Record and six without, relate to healthcare recipients with similar demographic information having their Medicare records intertwined. As a result, Medicare claims belonging to another healthcare recipient were made available in the My Health Record of the record owner. Review of these notifications was ongoing as at 31 December 2016.