My Health Record is an online summary of an individual’s key health information. This year, every eligible Australian will get a My Health Record unless they don’t want one. If an individual chooses to have a My Health Record, it will allow for the secure online sharing of their important medical information with their treating healthcare providers.
This means that healthcare providers involved in their patients’ care will have a more detailed picture with which to make decisions, diagnose and provide treatment to them.
It is important to note that only registered healthcare providers involved in a patient’s care, and who are registered with the My Health Record System Operator, are allowed by law to access My Health Records. My Health Record legislation provides protections for privacy of health information stored in an individual’s record.
However, it is an individual’s choice to have a My Health Record, and if they don’t want one, they have until 15 November 2018 to opt out.
Individuals can register their decision to opt out through the My Health Record website. To opt out online, individuals will need their Medicare card, or a Department of Veterans’ Affairs card, and one other form of identification, such as a driver licence, or Australian passport.
Alternatively, individuals can opt out by calling the 24 hour Help line on 1800 723 471 (call charges from mobile may apply). To opt out over the phone, individuals will need to provide their first name, last name, date of birth, gender and a Medicare or Veteran’s Affairs card number.
If an individual does not opt out during this period, a record will be created for them by the end of 2018. They can cancel a My Health Record at any time.
Within a My Health Record there are a number of privacy and access controls an individual can place on their record. This includes setting a record access code to give access to selected healthcare organisations and controlling access to specific documents to limit who can view them. An individual can ask healthcare providers not to upload information and this request must be complied with under the My Health Records Act 2012.
An individual can also configure automatic notification via email or SMS when a healthcare provider organisation accesses their record for the first time, or views their record in an emergency situation which overrides the access controls in place.
My Health Record data cannot be accessed by insurance companies and patients’ data cannot be sold.
The Healthcare Identifiers Act 2010 specifically prohibits use by insurers and for employment checks, any claims to the contrary are incorrect.
A healthcare provider who breaches the My Health Records Act 2012 or the Healthcare Identifiers Act 2010 could face up to two years imprisonment and up to $126,000 in fines. Civil penalties can incur up to $630,000 in fines.
On 31 July 2018, the Minister for Health, the hon Greg Hunt, announced changes to strengthen privacy provisions under the My Health Records Act 2012. As part of these changes, the government will move to amend the legislation so that it will be required by law for a government department or agency to present a court order to gain access to a person’s My Health Record. This will bring legislation in line with the current policy of the System Operator.
To date, no record has ever been released and no government agency other than the System Operator (the Australian Digital Healthy Agency) has access to the system.
The legislation change will also permit the complete deletion of a person's My Health Record if they choose to cancel it. Under the current law, the System Operator cancels a record and archives the record for 30 years after the death of the record holder. Under this practice only the System Operator can access this archive and it is not visible to any healthcare providers or the individual.
Please be assured that the security of the My Health Record system and the privacy of Australian’s health data is taken very seriously. The system is built to industry standards for storing and processing sensitive information and in 6 years of operation there have been no security breaches of the My Health Record System.
My Health Record is protected by security controls which include encryption, secure gateways and firewalls, authentication mechanisms, and malicious content filtering.
The Australian Digital Health Agency’s Cyber Security Centre monitors for suspicious activities and the Centre will trigger an investigation when required.
The Agency works closely with other Australian Government organisations including the Australian Cyber Security Centre, the Department of Home Affairs, the Department of Human Services, the Australian Signals Directorate, and the Office of the Australian Information Commissioner to ensure that any suspicious activity is appropriately reported and investigated.
6 million Australians currently have a My Health Record. If an individual has learned that they already have a record, but they do not recall creating it, people can be registered in one of the following ways.
Most people have registered themselves or their children for a My Health Record in one of the following ways:
- online via a myGov account;
- when completing a Medicare enrolment form (for a newborn);
- at a Medicare Service Centre; and
- by calling the Help line on 1800 723 471.
An individual may have been assisted to register at a general practice or hospital. This may have occurred by completing a form or electronically.
My Health Record opt out trials 2016
Just under one million Australians were registered for a My Health Record in 2016, during the Department of Health’s opt out participation trials.
These trials were held from March to November 2016 in the Nepean Blue Mountain region of NSW and Northern Queensland area. If an individual’s address registered with Medicare was in a trial area at the time, they would have received a letter informing them that they were going to get a My Health Record. After the 2016 participation trial period ended, records were created for individuals who did not elect to opt out.
During the same period in 2016, two opt-in trial sites were undertaken. These were in Ballarat, Victoria and the second was in Perth, Western Australia. At both of these locations healthcare providers assisted their patients’ to register for a My Health Record.
Personally Controlled Electronic Health Record is now a My Health Record
The My Health Record system was once called the Personally Controlled Electronic Health Record (PCEHR) and the eHealth record. It’s possible that an individual may have registered under PCEHR or eHealth, and didn’t know the name had changed to My Health Record.
If an individual already has a My Health Record, and decides they no longer want one, they may cancel it at any time. For step by step instructions, please visit the My Health Record website
Alternatively, they can call the My Health Record Help line on 1800 723 471 who will assist them to cancel their record.
They will need to provide proof of identity to cancel a My Health Record.
To register for a My Health Record, or to access an existing record, individuals will need to either create a myGov account or sign in to an existing myGov account. To link a My Health Record to a MyGov account, individuals will need to prove their identity as a security check. Individuals will need to provide their Medicare number, address, date of birth, and the BSB and bank account number into which their Medicare benefits are paid.
For more information, go to the My Health Record website
or for assistance call the Help line on 1800 723 471 (call charges from mobile may apply).
For any legislation updates, changes to the national opt out date or other My Health Record current issues will be published on the My Health Record website