Start of content

Introduction

The purpose of this privacy policy is to explain how the Australian Digital Health Agency (the Agency), as System Operator under the My Heath Records Act 2012 (Cth) and subject to the Privacy Act 1988 (Cth), handles your personal information to operate and manage the My Health Record system. This policy is published in accordance with Australian Privacy Principles in the Privacy Act.

For information about how the Agency handles personal information for other purposes, see our Agency Privacy Policy

 

 

When we refer to “System Operator”, “our”, “we” or “us” in this policy, this may include our delegates in the Department of Human Services (DHS) and the Department of Health and contracted service providers who assist us to carry out our functions.

When we refer to “you” in this policy, we may be referring to you as someone with a My Health Record, a representative of such a person, a healthcare provider or other authorised staff of a registered healthcare provider organisation. It will usually be clear from the context of the Policy what we mean.

This Policy uses some technical terms, such as “System Operator” which are explained in our glossary. If you have any further questions on what the terms used in this policy mean, please contact us using the contact details at the end of this policy.

If you would like to access this privacy policy in an alternate format or language, for example if you have a disability or are from a non-English speaking background, please contact us using the contact details at the end of this page. We will take reasonable steps to provide you with alternate access.

Overview

We only collect, use and disclose personal information where this is permitted by the My Health Records Act and the Privacy Act to fulfil our functions under the My Health Records Act. This may involve us disclosing the personal information that we collect to the following parties:

  • you or your authorised representatives or nominated representatives
  • authorised individuals from registered healthcare provider organisations to provide you with healthcare
  • registered healthcare provider organisations and individual healthcare providers who work for them in emergency situations (as defined in s 64 of the My Health Records Act) including where you have elected to set a record access code (RAC) or a limited document access code (LDAC) on your My Health Record
  • registered contracted service providers who provide information technology or health information management services to registered healthcare provider organisations in relation to the My Health Record system
  • our contractors and delegates who assist in operating the My Health Record system and carrying out the System Operator functions
  • registered portal operators, if you or your representatives are accessing your My Health Record through a registered portal operator (noting that the System Operator does not permit any registered portal operator to copy, record or store any data from the My Health Record system)
  • registered repository operators for the purpose of storing, indexing and calling for documents about you which form part of your My Health Record
  • other participants in the My Health Record system for the purposes of the My Health Record system, including if we need to investigate or resolve technical or other issues that may have an impact upon the accuracy, security or privacy of information in your My Health Record
  • other persons, in situations where you have provided consent and in accordance with all relevant laws

Specific information about the personal information we collect, use and disclose to carry out specific activities is outlined below.

If you have told us that you don’t want a My Health Record

It was possible to opt out of having a My Health Record automatically created for you during opt-out periods. If you chose not to have a My Health Record, we collected and used the personal information that you provided to ensure that your decision was recorded and that you do not receive a My Health Record, unless you choose to register later

It is also possible to cancel a My Health Record. If you cancel a My Health Record, we will collect some personal information to verify your identity and process your request. Once your request is processed, the personal information in your My Health Record will be handled as detailed below under “Cancellation of My Health Record.” 

If you want a My Health Record

You can ask to register for a My Health Record. We will need to collect some personal information to verify your identity if you are registering for a My Health Record.

If you are registering for a My Health Record online we will collect and use details from your passport, driver’s licence or Immicard or other identity document. We will disclose this information to the Document Verification Service (DVS), operated by the Department of Home Affairs, for the purposes of verifying the documents against the records of Australian Government and state and territory government agencies. We do not store the information we have collected online for the purposes of the DVS check. You can find out more information about the DVS service at www.dvs.gov.au.

If you are registering for a My Health Record on behalf of someone else as their authorised representative, we will also need to collect evidence of your authority. We may collect this information from a healthcare provider organisation, if they are helping you register for a My Health Record on behalf of someone else. The information required will depend on the circumstances. For example, if you are seeking to create a My Health Record on behalf of your child who is under 14, we may collect details of your Medicare card that shows your name and your child’s name. We may also need to check the information provided with third parties, such as DHS.

Creating a My Health Record

To create a My Health Record for someone, we need some personal information, such as that person’s name, gender, Medicare or Department of Veteran Affairs (DVA) number and date of birth. There are a few different ways we collect this information. If you have asked to be registered for a My Health Record, we will collect this personal information directly from you. We may also collect this information from a healthcare provider organisation, if they are helping you register for a My Health Record.

We use this information to verify that person’s identity and collect their Individual Healthcare Identifier (IHI) and its status from the Healthcare Identifier (HI) Service Operator, which is currently the Chief Executive of Medicare. This information is then used to create a My Health Record, and to match health information to the correct My Health Record.

A My Health Record may have been automatically created for individuals who did not opt out of having one either during opt out periods, or when enrolling for Medicare, for example at birth. To facilitate the creation of a My Health Record in these circumstances, we collected the above information from DHS, and used it in the same ways as described above. If you believe that a My Health Record has been incorrectly created for you, you can cancel your My Health Record. See “Cancellation of My Health Record” for more information.

You can choose to tell us during the registration process that you are of Aboriginal or Torres Strait Islander origin and adjust this setting at any time using the “Profile and Settings” section in your My Health Record. If you choose to provide us with this information, it will be made available to your healthcare providers to inform their decision making

Adding information to a My Health Record

We collect, use and disclose the following personal information to populate a My Health Record:

Information collected directly from you

We may collect personal information that you have chosen to provide. This could include information such as your personal health summary or personal health notes you have chosen to include in your My Health Record. Learn more about adding personal health information.

Information collected from a healthcare provider organisation

We will collect personal information when a registered healthcare provider organisation uploads this information to a My Health Record. The personal information may be contained in records such as a shared health summary, a discharge summary, diagnostic imaging or pathology results, or prescribing and dispensing information. The records may contain personal or health related information about other third parties. For example, if a healthcare provider organisation uploads details about your family medical history, this may include information about your relatives as well.  

You can advise your healthcare provider not to upload a particular record, all records, or a specified class of records to your My Health Record. Your healthcare provider must comply with this request.

Information collected from registered repository operators

A My Health Record is not a single document stored in a single database. It is made up of a collection of documents stored in a secure network of connected registered repositories. We index information held in registered repositories and display it as a list of available information in your My Health Record.

If, for example, a healthcare provider wishes to access a document held in a registered repository for the purposes of providing healthcare to you, we will collect the document from the registered repository and disclose it through the My Health Record system to that healthcare provider.

The descriptions below explain how we collect, use and disclose personal information held in each registered repository as part of operating the My Health Record system.

Medicare Repository

We collect personal information held by DHS, which operates Medicare, when this information is uploaded to a My Health Record. Medicare information that we may collect and include in a My Health Record includes:

  • details of the last two years and any future Medicare Benefits Schedule (MBS) claims (including claims that are processed by DHS on behalf of DVA)
  • details of the last two years and any future Pharmaceutical Benefits Scheme (PBS) claims (including DVA claims under the Repatriation Pharmaceutical Benefits Scheme (RPBS) that are processed by DHS)
  • organ and/or tissue donation decisions recorded in the, Australian Organ Donor Register
  • immunisations administered to the individual, recorded in the Australian Immunisation Register.

Information collected from Medicare may include details of the types of healthcare services that you have received and the types of medications that you have been prescribed. Some of this information may indicate diagnosed conditions or illnesses, symptoms, or tests.

Unless you tell us that you do not wish to have this information included in your My Health Record, this information will automatically be uploaded onto a My Health Record the first time one of the following events occurs:

  • you access your My Health Record
  • a registered healthcare provider organisation accesses your My Health Record
  • when certain documents, such as a shared health summary, are uploaded to your My Health Record.

You can decide which of the above information is to be included in your My Health Record or stop or restart the flow of that information at any time through the settings in your My Health Record. MBS and PBS information uploaded to your My Health Record before you change these settings will remain visible on your My Health Record unless you remove the information from view or restrict access to it – for example, by applying an access code to the relevant document(s).

Information collected from your representatives

If your My Health Record is being managed on your behalf, we may collect personal information about you that your representative has provided to us.

Managing a My Health Record

Linking to myGov

If you wish to access your My Health Record, you will need to link your My Health Record to your myGov account.

If you are someone’s representative, you will also need to link your myGov account to their My Health Record to access it.

We will need to verify your identity to link your myGov account to a My Health Record. To do this, we will work with DHS or DVA to ask you a series of identity questions, such as information relating to your Medicare or DVA claims history. Without your answers, it will not be possible to link your myGov account to a My Health Record and you will not be able to access your My Health Record online. We do not retain the personal information we collect to verify your identity online, and we do not disclose this information to anyone other than those listed above.

We will use personal information such as your name and address to notify you when a new myGov account has been linked to your My Health Record. We do this to confirm that the My Health Record and the myGov account has been correctly linked.

Access controls

Only authorised individuals from registered healthcare provider organisations who are involved in your care are allowed by law to access your My Health Record. You can see which healthcare provider organisations have accessed your record and when in the “Record Access History” part of your My Health Record.

You can choose to control who can access your My Health Record, receive confirmation as to whether you have a My Health Record, and see certain health information in your My Health Record. You can also remove documents from view from your My Health Record. To give effect to these controls, we may need to collect and use personal information about the individuals you have allowed to access your My Health Record. Find out more about managing access controls.  

Healthcare providers can view all your health information in a medical emergency. This includes information and documents that are restricted with an access code. Learn more about emergency access.

You cannot place an access code on some types of documents.   These include your shared health summary, advanced care planning documents, or personal health summary. However, you can still control access to these documents by removing them from view, or by setting a RAC on your My Health Record.

Help to manage your record

If you contact us for help to manage your My Health Record, we will need to collect some personal information from you. This may include your name and contact details.

Notifications

You can choose to be notified when certain events occur. For example, when your My Health Record has been accessed by a new healthcare provider organisation. So that we can notify you, we need to collect and use your email address or telephone number. 

Representatives

You can manage a My Health Record on behalf of someone else as an authorised representative or as a nominated representative if you are eligible to be a representative under the My Health Records Act. To find out more about what these terms mean, consult our glossary.

If you are managing a My Health Record on behalf of someone as a “read only” nominated representative, we may collect and use your full name or any other personal information that the individual has provided to us to include you as a nominated representative for the individual’s My Health Record.

If you are managing a My Health Record on behalf of someone else as an authorised representative or a “full access” nominated representative, we will collect your name, date of birth, contact details, gender, and your Medicare or DVA number. We will use and disclose this information to the HI Service Operator (currently the Chief Executive of Medicare), DHS (which operates Medicare) or DVA to verify your identity, to collect or confirm your IHI and its status, and to allow secure access for you to the My Health Record System.

To verify your identity, we also collect identification details from your passport, driver’s license or Immicard. We use and disclose this information to the DVS for the purposes of verifying the documents against the records of Australian Government and state and territory government agencies. We do not store the information we have collected online for the purposes of the online DVS check. You can find out more information about the DVS service at www.dvs.gov.au.

If you are seeking to manage someone’s My Health Record as an authorised representative, we will also need to collect evidence of your authority. The information required will depend on the circumstances. For example, if you are seeking to create a My Health Record on behalf of your child who is under 14, we may collect details of your Medicare card that shows both your name and your child’s name. We may also need to check the information provided with third parties, such as DHS.

We will record your use of a My Health Record as a representative, and show your access history in the Record Access History of the My Health Record. The access logs will also include your name, unless a pseudonym has been used. Other representatives will also be able to see these details.

Where an individual is under the care of a government care agency – for example, as a ward of a State – information about representatives of the individual may be disclosed to staff of the care agency.

Updating details

If you update your details with Medicare in the future, we will collect and use those details to keep the information in your My Health Record current.  

Research and evaluation

We are authorised under the My Health Records Act to prepare and provide de-identified data for research and other public health purposes. This includes information about your Indigenous or Torres Strait Islander status, if you have chosen to provide it. De-identified data is data that has had information that could reasonably identify any person, such as name, date of birth, or address, removed.

If you are happy for your data to be used for this purpose, you don’t need to do anything.

If you don’t want to have your data used for this purpose, you can choose not to participate in the “Profile and Settings” part of your My Health Record.

You can also choose whether you want to provide us with information about your Indigenous or Torres Strait Islander status through the “Profile and Settings” part of your My Health Record.

Disclosures that are required under the My Health Records Act

We will disclose personal information where it is required under the My Health Records Act. The limited circumstances where your personal information may be used and disclosed for these purposes include:

  • disclosure to courts and tribunals under an order or direction (and only where the order or direction relates to a limited type of proceedings)
  • disclosure under a coroner’s direction or order
  • to limited Commonwealth, State or Territory authorities where they have obtained an order from a judicial officer.

Cancellation of My Health Record

You can cancel your My Health Record registration at any time through the “Profile and Settings” part of your My Health Record, or by contacting us. To process your request, we will need to collect some personal information and check it with information held by DHS.

Once we cancel your registration, we will permanently delete your My Health Record and any health information in it. We will keep some information about you, including:

  • your name and IHI
  • the name and IHI of the person who requested the cancellation, if the request came from someone other than yourself.

We will only use this information to fulfil our functions as System Operator. For example, if you ask us for confirmation that your My Health Record has been cancelled, we will use this information to respond to your inquiry.

If a person has a My Health Record at the time of their death, the following will occur:

  • all documents in that My Health Record will be kept for a period of 30 years after their death, or, if we do not know the date of death, a period of 130 years after their date of birth
  • we will not disclose information in the My Health Record, including in an emergency, unless required by law or upon request by your representative
  • healthcare providers will not be able to upload documents to the My Health Record
  • the My Health Record may still be accessed by us and our contractors for the purposes of the My Health Record System and other purposes as required or authorised by law.

Healthcare providers

Responsible Officers and Organisational Maintenance Officers

If you are a responsible officer or an organisational maintenance officer for a registered healthcare provider organisation, we will collect, use and disclose your personal information for the purposes of the My Health Record system.

Your personal information in uploaded documents

If you are an individual healthcare provider interacting with the My Health Record system, as authorised by your healthcare provider organisation, we will collect, use and disclose your personal information that has been included in any documents or information that you or another healthcare provider has uploaded to a My Health Record.

This information may be disclosed to the healthcare recipient and other healthcare providers when they access the uploaded document from the My Health Record system.

Your clinical information system may automatically provide us with these details about you. To find out more about how your personal information Is managed, please contact the responsible officer at your healthcare provider organisation.

We may also disclose your personal information contained in a clinical document that has been uploaded to a My Health Record to a registered portal operator through the registered portal operator’s interface with the My Health Record System, where a healthcare recipient, or their representative, consents to the disclosure of their My Health Record information to that portal operator’s app or portal operator.

A registered portal operator must comply with the My Health Records Act, including having central management and control of the portal operator located in Australia and not transferring My Health Record system records outside Australia.

Personal information from training modules

If you use our training modules to educate yourself about the My Health Record system, you need to provide personal information including your name, email address and linked healthcare provider organisation details. We collect this information and use it to allow you to use the module at any time and continue your training. We will not disclose this information to anyone else, except as provided for in this policy.

Personal information in the Healthcare Provider Directory

We may disclose your personal information to the HI Service Operator and collect and use information about you disclosed to us by the HI Service Operator. This is for the purposes of correctly identifying you in the Healthcare Provider Directory, and helping keep the Directory current, subject to the requirements of the Healthcare Identifiers Act 2016 (Cth).

Overseas disclosure

My Health Record information is stored in Australia. We will not disclose My Health Record information overseas, unless you or your registered healthcare provider organisations access your My Health Record while overseas. 

Storage and security

The protection of your personal information is something we take very seriously, and we are committed to keeping it secure. We take significant precautions to protect personal information from misuse and loss, and from unauthorised access, modification or disclosure.

A range of measures are in place to protect information in the My Health Record system including:

  • robust multi-tiered technical security controls, which protect the integrity, confidentiality and availability of health information
  • comprehensive monitoring of access to the My Health Record System, to identify and investigate suspicious or inappropriate behaviour
  • strong authentication processes to provide access to authorised users only
  • use of encryption protocols and algorithms which comply with standards set by the Australian Signals Directorate, to ensure that all data is encrypted in transit and at rest
  • certification and accreditation of the My Health Record System to the Protected level, under the Australian Government Information Security Manual
  • regular detailed security assessments, undertaken under the Australian Government InfoSec Registered Assessors Program (IRAP), to maintain accreditation of the system
  • rigorous security assurance processes, including penetration testing, regular threat and risk assessments, and pre-release testing prior to implementation of new system functionality
  • educating our employees, contractors and delegates on their obligations when handling personal information, including compliance with security clearance and authentication requirements
  • a requirement that participants in the My Health Record system, such as registered healthcare providers, registered contracted service providers, registered portal operators and registered repository operators, must comply with security obligations outlined in the My Health Records Act and the My Health Records Rule 2016 to maintain eligibility for registration
  • provision of an Access History within each individual My Health Record, to enable you to monitor access to your record
  • in cases where the Agency is satisfied that an individual or other participant may compromise the security or integrity of the My Health Record system, the Agency may refuse to register that individual or other participant in the My Health Record system or suspend or cancel their registration
  • a mandatory data breach reporting framework under the My Health Records Act which:
    • requires participants in the My Health Record system to report to the Australian Information Commissioner actual or potential  contraventions of the My Health Records Act involving unauthorised use of health information in a My Health Record or events or circumstances which compromise or may compromise the security or integrity of the My Health Record system that have or may have involved them, as soon as practicable after becoming aware of the breach
    • requires participants in the My Health Record system with these reporting obligations to contain the actual or potential contravention, event or circumstances and evaluate the risks arising out of them as soon as practicable after becoming aware of the breach.

Website

We will collect your email address if you provide it when using the My Health Record website. We will use and disclose this information for the purpose for which you provided it. Your first name and the content of your email, and any information you provided, may be used for reporting and feedback purposes.

Website analytics

The My Health Record websites use Google Analytics to help us to continually improve the user experience.

Google Analytics is hosted by a third party. We use Google Analytics to collect data about your interaction with our website. The type of data that we may collect using this tool includes your device’s IP address, type of device and browser used to visit the website, geographic location, search terms and pages visited, as well as date and time when website pages were accessed. We use this data for the sole purposes of improving your experience when using our website.

Google Analytics collects information using cookies. Cookies are small data files transferred onto computers or devices by websites for record keeping purposes and to enhance the website’s functionalities.

Most browsers allow you to choose whether to accept cookies. You can find further information on how to manage or disable cookies in common browsers below:

If you disable all cookies in your browser, you may find that certain sections of our website may not work.

Pseudonyms and Anonymity

You may be eligible to have a My Health Record under a pseudonym. For information, including to see if you are eligible, please contact us.

If you contact us with a general question, we will not ask for your name unless we need it to adequately handle your question.

In other limited circumstances, we will allow you to interact with us anonymously or using a pseudonym. However, we usually need your name, contact information and enough information about your particular matter to enable us to fairly and efficiently handle your inquiry, request or complaint.

Access and Correction

Under the Privacy Act, you have a right to access the personal information we hold about you. If you cannot find the personal information you are looking for directly through your My Health Record, please contact us for assistance.

If you consider that the personal information we hold about you is not accurate, complete, or up to date, please contact us as soon as possible for assistance.

Our contact details are at the end of this policy.

Complaints

If you have a complaint in relation to the collection, storage, use or disclosure of your personal information, you should first complain to the entity you think is at fault. If you are not satisfied with their response, please contact us, as we may be able to assist. Depending on the circumstances, we may need to refer you to the Office of the Australian Information Commissioner, or a State or Territory privacy regulator.

You may complain directly to us if you think we have mishandled your personal information. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner

Contact details

You can contact us by calling 1800 723 471. Visit our contact us page for other ways to contact us.

Changes to this privacy policy

We review this policy from time to time to keep it up to date. Please review this policy periodically for changes. Any revised policy will be placed on our website.