Start of content

The Australian Digital Health Agency is the System Operator of the My Health Record. This is a brief snapshot of how the Australian Digital Health Agency, as the System Operator, manages the personal information in My Health Record.  

The full privacy policy can be found below. See the glossary for definitions of terms used in the privacy policy.

For general information about how the Australian Digital Health Agency manages personal information outside of the My Health Record, see the Agency's Privacy Policy.

On 31 July 2018, the Minister for Health Hon Greg Hunt announced that the Government would strengthen privacy provisions under the My Health Record Act. This page will be updated once legislative changes have been made.

Privacy Policy summary

What personal information do we collect, use and disclose, how and why?

You have or are getting a My Health Record

To create your My Health Record we will collect, use and disclose personal information about you and your dependants (if any). This information will include your name, date of birth, and address. We collect this information from and disclose it to Medicare or the Department of Veterans Affairs (DVA) (if relevant) and the Health Identifiers (HI) Service Operator to confirm your identity and that of your dependants (if any). We may also disclose your personal information to the Document Verification Service to confirm your identity.

Once a My Health Record is created, we will collect personal information about you and your dependants (if any) from you and your healthcare providers. Unless you set access controls, personal information in your My Health Record will be disclosed to registered healthcare providers and your representatives, including for the purposes of providing healthcare. If you have authorised a mobile application (app) or portal operator to connect to your My Health Record then with your consent, or with your representative’s consent if you have one, we will collect your personal information and disclose that information to the app or portal operator. If you have allowed the app or portal operator to upload personal information to your My Health Record, we will collect, use and disclose that information for the purposes of the My Health Record system.

If you are a representative

If you are a representative we will collect, use and disclose your personal information to confirm your identity, and to allow you to access the My Health Record of the person for whom you are a representative. We may collect information from or disclose it to Medicare or DVA (if relevant) and the HI Service Operator.

If you have already chosen not to have a My Health Record created

If you live in an area where people were automatically registered for a My Health Record, but you notified that System Operator that you did not want a My Health Record, a record was not created for you and will not be created automatically for you in the future. If you decide you would like to have a My Health Record you must register to participate.

If you are an individual healthcare provider

If you are an individual healthcare provider, we collect, use and disclose your personal information if it is contained in or attached to an uploaded document, as part of operating the My Health Record system. Your information may be disclosed to healthcare recipients, their representatives (depending on the access controls set by an individual) and other healthcare providers and app or portal operators if a healthcare recipient or their representative consents to us disclosing their personal information to an app or portal operator. An app or portal operator is bound to comply with the obligations set out in the My Health Record Act for a Portal Operator, including not transferring information outside of Australia. If you have provided personal information to us or you have provided it for the purposes of the Healthcare Provider Directory, we may collect, use and disclose this information to the HI Service Operator for the purposes of the My Health Record system. If you have used the training module for the My Health Record system, we will collect and use your personal information to ensure that you can save your training progress and return at any point.

Will personal information be disclosed overseas?

We will not disclose or store overseas any personal information you give us.

Where My Health Records are created, they are stored in Australia. We will not disclose your health or other personal information overseas.

Individuals and their healthcare providers may securely access their My Health Record while overseas. Information is not disclosed to any third parties when individuals or their providers access a My Health Record from outside Australia.

How is my personal information stored and kept secure?

The System Operator takes the security of your health and other personal information very seriously. It takes robust precautions to protect personal information it holds from misuse and loss, and from unauthorised access, modification or disclosure. The System Operator has a range of practices and policies in place to provide a secure My Health Record system.

How can I contact the System Operator?

You can contact us to:

  • make a general enquiry or seek help
  • find out if you are eligible to use a pseudonym
  • request access to personal information that we hold about you (if you cannot access the information by logging in to the My Health Record system)
  • request correction of information you believe is not accurate, complete or up-to-date
  • make a complaint about the handling of your personal information.

My Health Record Privacy Policy

In any online platform, including the My Health Record system, there are inherent risks when transmitting and storing personal information. Despite this, we are committed to protecting your personal information, and ensuring its privacy, accuracy and security.

The purpose of this privacy policy is to communicate how we (the System Operator) handle your personal information as part of operating and managing the My Health Record system.

The System Operator is responsible for operating and managing the My Health Record system. This System Operator is the Australian Digital Health Agency. References to “the System Operator”, “our”, “we” or “us” in this policy include our contracted service providers (CSP) and delegates in the Department of Human Service (DHS).

We are bound by the Australian Privacy Principles (APPs) in the Privacy Act, and by the requirements of the My Health Records Act and the Healthcare Identifiers Act. This legislation regulates how we may collect, use, disclose and store personal information, and how individuals may access and correct personal information held about them. This privacy policy sets out how we comply with these obligations.

Definitions for terms used in this privacy policy can be found at the end of the Policy.

Please note that this privacy policy only relates to the My Health Record system and supporting functionality.

Whose personal information do we collect, use and disclose?

The collection, use and disclosure of personal information to manage and operate the My Health Record system are authorised under the My Health Records Act, Healthcare Identifiers Act and the Privacy Act.

We collect, use and disclose the personal information of people who interact with the My Health Record system as follows:

  • people who have chosen to register for a My Health Record
  • an authorised or nominated representative of a healthcare recipient
  • people who live in an area where a My Health Record has been automatically created for them
  • people who live in an area where they would have automatically been registered for a My Health Record but they chose not to have one created for them
  • individual healthcare providers, including where they handle a My Health Record as part of providing healthcare.

This privacy policy deals with the handling of personal information in all of the above circumstances. Please read the specific information in this policy that is relevant to your circumstance(s).

I have or I am getting a My Health Record or I am a representative

If you have registered for a My Health Record, or you live in an area where you were automatically registered for a My Health Record, we will collect, use and disclose your personal information to register you as set out below.

If you no longer want a My Health Record, you can cancel it at any time by contacting us

If you are an authorised representative or a full-access nominated representative, please read “you” in this policy as including yourself and any actions that you undertake on behalf of the person that you represent. For example where the policy states that we will collect personal information from “you”, this will include collecting any relevant information from the representative.

Information collected, used and disclosed in order to create your My Health Record 

I want to register for a My Health Record

If you register for a My Health Record, we will collect personal information from you including your name, contact details, gender, Medicare or DVA number (if relevant) and date of birth.

We will use and disclose this information to the HI Service Operator and Medicare or DVA (if relevant) to verify your identity. We will also collect or confirm your IHI and its status from the HI Service Operator to confirm your identity and correctly match your health information to your My Health Record in the future.

To simplify the process of verifying your identity, we may also collect and use identification details from your passport, drivers licence, Immicard or other identity document and disclose this information to the Document Verification Service.

If you chose to tell us during the registration process that you are of Aboriginal or Torres Strait Islander origin, this information will also be available to your healthcare providers to inform their decision making. In future, we may collect and use this information to plan and provide appropriate and improved healthcare for Indigenous Australians.

If you update your details with Medicare in the future, those details will be provided to the HI Service Operator and to us. We will collect and use those details to make sure your My Health Record remains current.

I am registering my dependant

If you are registering a dependant, we will collect, use and disclose personal information about your dependant that you have provided in the same way as explained in the above paragraph.

We will also collect from you the number on your Medicare card associated with your dependant and will disclose that number to Medicare to confirm your relationship with your dependant. If your dependant is not your child, we will sight the evidence you have of your relationship (for example, a court order). We may also collect and use any other information relating to your relationship with your dependants to confirm the relationship and link your My Health Record to your dependant’s My Health Record.

A healthcare provider is assisting me to register

If a healthcare provider is assisting you to register for a My Health Record, we will collect from the healthcare provider your personal information including your name, contact details, gender, Medicare or DVA number (if relevant) and date of birth.

We will use and disclose this information to the HI Service Operator and Medicare or DVA (if relevant) to verify your identity. We will also collect or confirm your Individual Health Identifier (IHI) and its status from the HI Service Operator to confirm your identity and correctly match your health information to your My Health Record in the future.

If you chose to tell us during the registration process that you are of Aboriginal or Torres Strait Islander origin, this information will also be available to your healthcare providers to inform their decision making. In future, we may collect and use this information to plan and provide appropriate and improved healthcare for Indigenous Australians.

A healthcare provider is assisting me to register my child

If you have parental responsibility for a child who is under the age of 18, and you have chosen to register them through the assisted registration process, we will collect, use and disclose personal information about your dependant that your healthcare provider has provided, in the same way as explained in the above paragraph.

We will also collect from you, or the healthcare provider assisting you to register, the number on your Medicare card associated with your dependant and will disclose that number to Medicare to confirm your relationship with your dependant. We will also collect from your healthcare provider a declaration that supports your assertion that you have parental responsibility of the relevant child.

If you update your or your dependant’s details with Medicare in the future, those details will be provided to the HI Service Operator and to us. We will collect and use those details to make sure your and your dependant’s My Health Records remain current.

Registration for a My Health Record in the 2016 Opt-Out Trials

In 2016 trials of opt-out participation occurred in Northern Queensland the Nepean Blue Mountains area. My Health Records were created for everyone with a Medicare address in these areas, unless they indicated they did not want a My Health Record.

My Health Records were not created for people who indicated they did not want one. In the future no My Health Record will be automatically created for people who indicated they did not want a My Health Record as part of the 2016 opt-out trials. If you previously indicated you did not want a My Health Record, and would like one now, you need to register to participate.

If you had a My Health Record automatically created for you and no longer want one, you can cancel it at any time by contacting us. Our details are at the end of this policy.

Information collected, used and disclosed to enable access to your My Health Record via an app

If you or your representative have authorised an app or portal operator to connect to your My Health Record then with your consent, or with your representative’s consent if you have one, the Australian Government will collect information for the purpose of authenticating you with myGov and will disclose a security token to the app.  This is required for the app to access to your My Health Record for the purpose of displaying information from your My Health Record to you. No third party app is permitted to copy, record or store any data from the My Health Record system. An app or portal operator is bound to comply with the obligations set out in the My Health Record Act for a Portal Operator, including not transferring information outside of Australia.

Information collected, used and disclosed to create a link between your My Health Record and your myGov account

Once you have been registered for a My Health Record, you will need to link it to a myGov account so you can access your My Health Record online. Please visit the myGov website to create a myGov account.

If applicable, we will send an Identity Verification Code (IVC) to your registered Medicare address. You can use the IVC to access your My Health Record online. We will not disclose your address to anyone during this process. Without your address we will not be able to send you the IVC. If you register at a Medicare service centre, or via your healthcare provider, you will be given an IVC. You only need to enter your IVC once to set up online access.

If you don’t have an IVC when you are trying to set up online access, you will need to prove your identity. To do this, we will ask you a series of identity questions such as the date of birth of people on your Medicare card or information relating to your Medicare or DVA claims history. We will collect your answers and disclose this information to Medicare or DVA (if relevant) to confirm your identity. Once we have verified your identity, we will be able to link your My Health Record to a myGov account. A myGov account is an online account that provides a simple way to access government online services. Without your answers, we will not be able to link you to a myGov account and you will not be able to access your My Health Record online. The information we collect to verify your identity is not retained after we link a myGov account to your My Health Record, and we do not disclose this information to anyone else.

Information collected and used to notify you

We will collect and use personal information, including your name and address, to write to you when a new myGov account has been linked to your My Health Record. We do this so that you can confirm that the myGov account and the My Health Record have been correctly linked.

If you choose to provide it, we will also collect your email address and telephone number so we can better communicate with you. For example, where you have chosen to be notified by SMS or email when your My Health Record is accessed by someone other than yourself.

We will only use your email address and telephone number to assist us in operating the My Health Record system. We will not use or disclose your email address or your telephone number except as required or authorised by law.

Information collected, used and disclosed to populate your My Health Record

The following information is collected, used and disclosed in order to populate your My Health Record and to facilitate the retrieval of your health information when required – for example, as part of providing healthcare to you.

Information collected and used from you

Where relevant, we will collect personal information about you when you access your My Health Record, contact us or when you provide information in your Personal Health Summary or Personal Notes, including:

  • details about your current medications, allergies and adverse reactions
  • details about your health generally
  • details you record in your achievement diary or in your child’s development section; advance care planning information
  • information about your access controls, including the names of nominated representatives who you have allowed to access your My Health Record; information about your access to your My Health Record
  • if you contact us, relevant information to address that matter
  • your general contact telephone number, where you choose to provide it
  • contact details if you elect to receive notifications of certain activities in your My Health Record
  • information about your relatives or other third parties where you have included that information in your My Health Record
  • details about your representatives, if any, which may imply assumptions about your capacity.

We will also collect and use the same information about your dependants where you or a representative have provided it.

Information collected and used from a healthcare provider

We collect the following information, where provided, about you or your dependants from registered healthcare provider organisations and store the information in your or your dependant’s My Health Record:

  • allergies and adverse reactions
  • medicines
  • medical history
  • immunisations
  • conditions diagnosed
  • advance care planning information
  • information about treatments provided
  • hospital discharge information
  • referrals
  • prescribing and dispensing information
  • diagnostic imaging results
  • pathology results
  • if relevant, observations of children
  • other clinical care documents or health information not listed here
  • information provided by a specialist.

You can advise your healthcare providers not to upload a particular document to your My Health Record. Your healthcare provider must comply with this request.

We collect information about your relatives or other third parties where your healthcare provider has included that information in an uploaded document. Your health information can also reveal or imply genetic conditions or other genetic information about your relatives or about third parties. Inclusion of this information in My Health Record is authorised under the Privacy Act.

Information collected and used from registered repository operators

A My Health Record is not a single document stored in a single database. Rather it is made up of a collection of documents stored in a secure network of connected registered repositories. We collect information held in registered repositories and display an index of available information about you in your My Health Record. If, for example, a healthcare provider wishes to access a document held in a registered repository for the purposes of providing healthcare to you, we will call for the document from the registered repository and make it available to the healthcare provider. The descriptions below explain how we collect, use and disclose personal information held in registered repositories as part of operating the My Health Record system.

The Medicare repository

We collect your personal information held by Medicare and include it in your My Health Record where:

  • you registered for a My Health Record and consented to us collecting, using and disclosing your information held by the Chief Executive Medicare, or 
  • you live in an area where you were automatically registered for a My Health Record and you have not notified us to stop the flow of information held by Chief Executive Medicare in to your My Health Record.

The Medicare information that we may collect and include in your My Health Record includes:

  • details of your last two years of MBS claims related to you (including claims that are processed by DHS on behalf of DVA)
  • details of your last two years of PBS claims (includes DVA claims under the Repatriation Pharmaceutical Benefits Scheme (RPBS) that are processed by DHS)
  • organ and/or tissue donation decisions, which are sourced from the Australian Organ Donor Register
  • immunisations administered to the individual, which are sourced from the Australian Immunisation Register.

You can decide which of the above Medicare information is to be included in your My Health Record. You can also change your mind about including Medicare information in your My Health Record at any time and stop, or restart, the flow of that information. MBS and PBS information transferred to the System Operator before the time you change your mind will remain visible on your My Health Record and will remain accessible through the My Health Record system, unless you remove the information or otherwise restrict access to it – for example, by applying an access code to the relevant document(s).

Important: some Medicare information includes details of the types of healthcare services that you have received and the types of medications that you have been prescribed. These may indicate diagnosed conditions or illnesses or symptoms and tests.

Other Repositories

eRx Script Exchange Repository is a registered repository operator. We collect your prescriptions information from the eRx Script Exchange Repository to include it in your My Health Record.

Who do we disclose information in your My Health Record to, and why?

We and other participants in the My Health Record system disclose your personal information as part of healthcare providers providing you with healthcare. We disclose your personal information in accordance with the access controls you have set, or as otherwise required or authorised by law.

We may disclose personal information included in your My Health Record, including identification details used to create your My Health Record, to:

  • you
  • your authorised representative(s)
  • your nominated representative(s) in accordance with your access controls
  • registered healthcare providers and healthcare provider organisations involved in your healthcare in accordance with your access controls
  • a registered healthcare provider (including individuals and organisations) in an emergency situation
  • registered Contracted Service Providers (CSPs), such as companies providing information technology services to healthcare providers, in accordance with your access controls
  • registered portal operators if you, your representative or healthcare provider accesses your My Health Record through a registered portal
  • registered repository operators for the purpose of storing, indexing and calling for documents about you which form part of your My Health Record
  • participants in the My Health Record system if we need to investigate or resolve a technical, security or privacy issue
  • the Australian Commission on Safety and Quality in Health Care, where necessary to ensure the clinical safety of individuals using the My Health Record system
  • contractors and delegates of the System Operator to assist us in establishing and operating the My Health Record system. Contractors and delegates are bound by strict obligations to treat individuals’ personal information with the same level of respect, privacy and security that they are entitled to from the System Operator

We will not disclose to your healthcare providers any personal information entered by you or your authorised representative(s) into your Personal Health Notes.

Registered healthcare providers are able to access your My Health Record in emergency situations. This is only permitted where the healthcare provider reasonably believes that access is necessary to lessen or prevent a serious threat to life, health or safety (and your consent cannot be obtained), or to prevent a serious threat to public health or public safety. In emergencies, healthcare providers may override your access controls and access all information in your My Health Record to deliver emergency health care. Five days after first accessing your My Health Record to provide care, emergency access will cease. Use of the emergency access function by a healthcare provider will be logged in your Access History and you will be notified if you have requested this type of notification.

If you have a dependant who has a My Health Record, their personal information will be collected, used and disclosed in the same way as discussed in this section.

There are limited other circumstances in which your information may be collected, used and disclosed under the My Health Records Act. These limited circumstances include the provision of indemnity cover for healthcare providers, disclosure to courts and tribunals, for the purposes of coroner's investigations, and for law enforcement purposes.

Access to My Health Record for law enforcement

The law does not permit direct access by any third party to the My Health Record system, unless they are providing healthcare to an individual.

Under Section 70 of the My Health Record Act 2012, the Australian Digital Health Agency as the System Operator of  My Health Record has formally placed on the record that it will not approve the release of any individual's personal or health information to a third party unless it is required to by law. 

Law enforcement agencies cannot access a My Health Record and would need to apply to the Agency for access.

The Australian Digital Health Agency, as System Operator of the My Health Record system, takes its role as custodian of Australian’s health information seriously.  Protecting the integrity of the My Health Record system and maintaining public confidence and trust in the system is paramount.

There is no open access to the My Health Record system. The System was designed at its core to have the highest level or security and privacy to protect people’s health information.

Only clinicians who are providing care to a person can access a person’s My Health Record. For a provider to access the My Health Record, they must be a registered healthcare provider (for example Registered with the Australian Health Practitioner Regulation Agency (AHPRA)) and have a valid HPI-I  (a Provider Identifier).   

A person with an HPI-I must work within an organisation that has registered as a healthcare organisation and received an HPI-O (organisational Identifier) and must meet the following conditions to access the My Health Record system:

  1. The organisation must have conformant software, which has a secure and encrypted connection to the My Health Record system.   
  2. The conformant software must have an HPI-I linked within the software to the HPI-O in the administrative system.
  3. The patient must have a record on the local system (clinical information system), as a patient of the practice, before an IHI search can be conducted.  
  4. The conformant system must have 5 pieces of information to find or validate the patient, including:        
  • medicare or DVA number
  • First name
  • Surname
  • DOB
  • Gender
  1. there must be a valid IHI search, which can only occur if the above conditions are met.

The Agency is constantly surveying the system for unauthorised access to people’s health information. If a person deliberately accessed an individual’s My Health Record without authorisation, criminal penalties may apply. These may include up to two years in jail and up to $126,000 in fines.

In addition to the security and privacy of the system design, consumers can also use additional privacy and security features. These features include:

  • email or SMS notifications when a healthcare provider organisation accesses their record for the first time. The individual can also view a real time log of every access to their My Health Record by a provider organisation;
  • Setting a Record Access Code (RAC) which the individual can give to their healthcare provider organisation to allow access to their record, and prevent other healthcare providers from access unless in an emergency
  • Flagging specific documents in their record as ‘limited access’, and controlling who can view
  • Removing documents from view within their record
  • Asking healthcare providers not to upload information and, under the My Health Records Act 2012, healthcare providers must comply with this request.

Access controls

The My Health Record system allows you to:

  • limit access by healthcare provider organisations to your whole My Health Record
  • prevent healthcare providers’ clinical information systems from automatically checking and displaying whether you have a My Health Record
  • limit access to documents within your My Health Record (except for the Shared Health Summary, Personal Health Summary or advance care planning information)
  • remove documents from your My Health Record.

For more information on managing access controls, go to the 'Help' section of your My Health Record or see Control Access to my record.

Information collected, used and disclosed to allow a representative to act on behalf of a person

I am an authorised representative

If you are an authorised representative we will collect your personal information, including name, contact details, gender, Medicare or DVA number (if relevant) and date of birth.

We will use and disclose this information to the HI Service Operator, Medicare or DVA (if relevant), to verify your identity, to collect or confirm your IHI and its status, and to allow secure access for you to the My Health Record system.

To simplify the process of verifying your identity, we may also collect and use identification details from your passport, drivers licence, Immicard or other identity document and disclose this information to the Document Verification Service.

So we can determine whether you are able to act on behalf of a person as an authorised representative, we also collect from you:

  • documentation to verify that you should be recognised as an authorised representative of the individual, such as a power of attorney, court order, or a statutory declaration about your relationship with the individual
  • information from the documentation establishing your authority, including type of authority, issuing authority, start date of authority, end date of authority (if specified) and review date of authority (if specified).

This information is used to satisfy us that you are authorised to act, and as part of a register that lists which representatives are permitted to act on behalf of other individuals. Some of this information will be disclosed to healthcare providers who access the register so they can ensure they are dealing with the right person.

Where an individual is under the care of a care agency – for example, as a ward of the State – information about other authorised representatives of the individual may be disclosed to employees of the care agency who have responsibility for the individual.

I am a nominated representative

If you are a nominated representative for a person, we collect use and disclose the following information about you to allow you to act on that person’s behalf:

  • If the relevant individual appoints you as a read-only nominated representative, they are required to assign you a preferred name to identify you when you access their My Health Record. While this name could be any word (for example, "mum"), it is possible that an individual will use your real name or include other personal information about you in the name field
  • If the individual appoints you as a full access nominated representative, we collect identification details (which may include your name, address, age and gender) from you. We use, and disclose to Medicare and the HI Service Operator, this information to verify your identity and to contact you. We will collect updates of this information from time-to-time so that our records remain current.

Where an individual is under the care of a care agency – for example, as a ward of the State – information about nominated representatives of the individual may be disclosed to employees of the care agency who have responsibility for the individual.

Information collected, used and disclosed when using this website

We will collect your electronic address – for example, an email address – if you provide it when using the My Health Records website. We will use and disclose your electronic address for the purpose for which you provided it (as noted on the My Health Records website). Your first name and the content of your post/comments/suggestions, and any information you provide, may be used on the My Health Records website, or for reporting and feedback purposes.

Cookies used on the My Health Records website do not collect, use or disclose any personal information.

Information collected, used and disclosed for research and evaluation

Research and public health purposes

We are authorised under the My Health Records Act to prepare and provide de-identified data for research and other public health purposes. De-identified data is data that has had information removed that could reasonably identify any individuals such as name, date of birth or address.

Will information in My Health Records be disclosed overseas?

Where My Health Records are created, they are stored in Australia. We will not disclose your health or other personal information overseas.

Individuals and their healthcare providers may securely access their My Health Record while overseas. Information is not disclosed to any third parties when individuals or their providers access a My Health Record from outside Australia.

Can I use a pseudonym?

You may be eligible to have a My Health Record under a pseudonym. For information, including to see if you are eligible, please contact us.

If you contact us with a general question, we will not ask for your name unless we need it to adequately handle your question.

In limited circumstances, we will allow you to interact with us anonymously or using a pseudonym. However, we usually need your name, contact information and enough information about your particular matter to enable us to fairly and efficiently handle your inquiry, request or complaint.

How is my personal information stored and kept secure?

How your information is stored

Your My Health Record is not a single document stored in a single database. Rather it is made up of a collection of documents stored in a secure network of connected registered repositories.

The System Operator itself stores information including:

  • personal information about you and other individuals who have registered for a My Health Record
  • an index of available documents about you, stored in registered repositories
  • Medicare information if (a) you have consented to the inclusion of this information in your My Health Record; or (b) if you live in a trial area and have not told us that you do not want Medicare information included in your My Health Record
  • your Shared Health Summary and other key clinical documents uploaded by your healthcare providers, and information uploaded by you in your Personal Health Summary and Personal Health Notes, in the National Repositories Service.

How long your information is stored and what happens when you cancel it

If you cancel your registration with the My Health Record system or you die, the following will occur:

  • all documents in your My Health Record will be kept in the My Health Record system. Documents held by us will be retained for a period of 30 years after your death or, if the date of death is unknown, for a period of 130 years after the date of your birth
  • your My Health Record will not be able to be accessed in an emergency situation
  • you, or your representative, will only be able to access your My Health Record by making a request to us
  • healthcare providers will only be able to access your My Health Record where required or authorised by law
  • healthcare providers will not be able to upload documents to your My Health Record
  • your My Health Record may still be accessed by us for the purposes of maintenance, audit and other purposes required or authorised by law
  • all other documents that are held by registered repository operators will be subject to local state or territory retention requirements.

Healthcare providers that authored or downloaded a clinical document which is also included in your My Health Record will retain this clinical document – for example, as part of their clinical information system. Even if you cancel your My Health Record, these documents will remain outside of the My Health Record system.

If cancel your My Health Record, but later re-register for a My Health Record, your reactivated My Health Record may include personal information (including health information) which was included in the My Health Record prior to it being cancelled.

How your information is kept secure

The protection and security of your personal information is something we take very seriously. We are committed to keeping your personal information secure. We take robust precautions to protect personal information from misuse and loss, and from unauthorised access, modification or disclosure. We have a range of practices and policies in place to provide a secure My Health Record system.

The security and protection measures of the My Health Record system include:

  • developing and delivering education and awareness programs which highlight the need for individuals to protect themselves against security threats, hoaxes and scamming activities
  • not registering an individual if we are satisfied the individual may compromise the security or integrity of the My Health Record system
  • monitoring access to My Health Records and the My Health Record system to quickly detect suspicious or inappropriate behaviour
  • requiring participants in the My Health Record system, such as healthcare providers and app developers, to comply with a number of security obligations in the Act and the My Health Records Rule 2016 in order to be eligible and remain eligible for registration
  • a multi-layered ICT system of firewalls, gateways and portals to ensure only authorised users can access the My Health Record system
  • personal information transmitted or stored by or on behalf of us will be encrypted in accordance with the Australian Government Information Security Manual
  • a graduated range of enforcement options where privacy or security are breached. For serious breaches, these options include the ability to seek civil and criminal penalties for unauthorised collection, use or disclosure of health information in My Health Records
  • maintaining Access History of access to your My Health Record which you can access
  • rigorous, on-going security testing, including penetration testing
  • a framework which details how any person who wishes to access a My Health Record is appropriately identified and authenticated
  • educating employees of contractors and delegates of the System Operator of their obligations when handling personal information
  • requiring employees of contractors and delegates of the System Operator to individually authenticate themselves when accessing the My Health Record system.
  • a mandatory data breach reporting framework under the My Health Records Act which:
    • requires participants in the My Health Record system to report data breaches as soon as practicable after becoming aware of the breach (and a failure to notify a breach may result in a civil penalty)
    • requires affected participants in the My Health Record system to contain and evaluate any data breach as soon as practicable after becoming aware of the breach
    • requires notification of all affected individuals, or the general public if a significant number of individuals are affected
    • requires affected entities to take steps to prevent or mitigate the effects of further contraventions, events or circumstances from occurring in the future. 

Where a healthcare provider or mobile app operator lawfully downloads information from your My Health Record – for example, into the provider’s clinical information system – the protections in the My Health Records Act will generally cease to apply to the downloaded information. Instead, the Privacy Act and/or state or territory privacy and health records laws (where relevant) will apply to the downloaded information.

How can I access and correct my personal information?

Access

You have a right to request access to personal information that we hold about you. If you can’t access personal information in your My Health Record by logging in online or through a mobile app. You will need a myGov account and to verify your identity to access your record. If you need assistance you can contact the System Operator using the contact details at the end of this Policy.

Correcting information in uploaded documents

If you consider that the health or other personal information we hold about you in a specific document in your My Health Record is not accurate, complete or up-to-date, or if your information has changed, please first contact the healthcare provider who authored the document to correct it.

If a healthcare provider refuses to correct the information you may complain to us or the Office of the Australian Information Commissioner.

We have the power to request a healthcare provider organisation correct personal information contained in a My Health Record and to upload the corrected document to the My Health Record system.

Correcting other information 

If you consider other personal information that we hold about you, which is not part of an uploaded document, is inaccurate, incomplete or out-of-date, please contact us to let us know immediately. For example, if you have changed your name or your address.

How can I make a complaint?

If you have a complaint in relation to the collection, storage, use or disclosure of your personal information, you should first complain to the entity you think is at fault. If you are not satisfied with their response, please contact us.

You may also complain directly to us if you think we have mishandled your personal information. 

We will review all complaints received and one of our privacy officers will respond to you. Following receipt of your complaint, and depending on the facts, we may refer your complaint to the Office of the Australian Information Commissioner or to a privacy regulator in a state or territory.

We may need to disclose personal information about you and/or your authorised representative to the Information Commissioner or equivalent body in a state or territory, or to a healthcare provider organisation or other participant in the My Health Record system to which the issue or complaint relates.

If you are not satisfied with our response, and we have not already made the referral, you may complain to the Office of the Australian Information Commissioner or to the privacy regulator in your state or territory.

As the privacy regulator of My Health Record system, the Information Commissioner can undertake investigations, effect conciliations, accept enforceable undertakings, or seek injunctions or civil penalties.

I am an individual healthcare provider

What information will we collect, use, and disclose, how and why?

Personal information from an uploaded document

If you are an individual healthcare provider that is interacting with the My Health Record system, we may collect, use and disclose your personal information included in any documents or information that you or another healthcare provider upload to a My Health Record.

You may not be aware that you are providing this information as your clinical information system may automatically provide us with these details. If you are unsure, please contact your software provider. This information may be disclosed to the healthcare recipient and other healthcare providers when they access the uploaded document from the My Health Record system.

We will disclose your personal information contained in a clinical document to an app or portal operator, where a healthcare recipient, or their representative, consents to the disclosure of their My Health Record information to that app or portal operator. An app or portal operator is bound to comply with the obligations set out in the My Health Record Act for a Portal Operator, including not transferring information outside of Australia

Personal information from the training module

If you use the training module available for individual healthcare providers to educate yourself about the My Health Record system, you will be required to enter your personal information into the module including your name, electronic address and linked healthcare provider organisation details. We will collect this information and use it to allow you to log back into the module at any point and continue your training. We will not disclose this information to anyone else.

Personal information in the Healthcare Provider Directory

We may also disclose your personal information to the HI Service Operator, and collect and use information about you disclosed to us by the HI Service Operator, for the purposes of correctly identifying you for the Healthcare Provider Directory, and helping keep the Directory current, subject to the requirements of the Healthcare Identifiers Act.

Will my personal information be disclosed overseas?

We will not disclose or store any personal information about you overseas.

Individuals and their healthcare providers may securely access My Health Records while overseas. Information is not disclosed to any third parties when individuals or their providers access a My Health Record from outside Australia.

How is my personal information stored and kept secure?

A My Health Record is not a single document stored in a single database. Rather it is made up of a collection of documents stored in a secure network of connected registered repositories.

The protection and security of your personal information is something we take very seriously. We are committed to keeping your personal information secure. We take robust precautions to protect personal information from misuse and loss, and from unauthorised access, modification or disclosure. We have a range of practices and policies in place to provide a secure My Health Record system.

The security and protection measures of the My Health Record system include:

  • developing and delivering education and awareness programs which highlight the need for individuals to protect themselves against security threats, hoaxes and scamming activities
  • not registering an individual if we are satisfied the individual may compromise the security or integrity of the My Health Record system
  • monitoring access to My Health Records and the My Health Record system to quickly detect suspicious or inappropriate behaviour
  • requiring participants in the My Health Record system to comply with a number of security obligations in the Act and the My Health Records Rule 2016 in order to be eligible and remain eligible for registration
  • a multi-layered ICT system of firewalls, gateways and portals to ensure only authorised users can access the My Health Record system
  • personal information transmitted or stored by or on behalf of us will be encrypted in accordance with the Australian Government Information Security Manual
  • a graduated range of enforcement options where privacy or security are breached. For serious breaches, these options include the ability to seek civil and criminal penalties for unauthorised collection, use or disclosure of health information in My Health Records
  • maintaining Access History of access to your My Health Record which you can access
  • rigorous, on-going security testing, including penetration testing
  • a framework which details how any person who wishes to access a My Health Record is appropriately identified and authenticated
  • educating employees of contractors and delegates of the System Operator of their obligations when handling personal information
  • requiring employees of contractors and delegates of the System Operator to individually authenticate themselves when accessing the My Health Record system
  • a mandatory data breach reporting framework under the My Health Records Act which:
    • requires participants in the My Health Record system to report data breaches as soon as practicable after becoming aware of the breach (and a failure to notify may result in a civil penalty)
    • requires affected participants in the My Health Record system to contain and evaluate any data breach as soon as practicable after becoming aware of the breach
    • requires notification of all affected individuals, or the general public if a significant number of individuals are affected
    • requires affected entities to take steps to prevent or mitigate the effects of further contraventions, events or circumstances from occurring in the future.

How can I access or correct my information?

You are entitled to request access to, or correction of, the personal information that we hold about you. If you have access, you may be able to review the personal information that we hold – for example, when you are viewing a My Health Record as part of providing healthcare. If you cannot access the information, but wish to do so, please contact us. Our details are at the end of this policy.

The personal information that we store about you is information that you have provided us via the registered healthcare provider organisation you work for or via a document that you upload to the My Health Record system. It is therefore important that you carefully review any personal information that you are providing to us. However if you consider that the personal information that we hold about you is not accurate, complete or up-to-date you may contact us. Depending on the circumstances, we may be able to correct information that we hold.

How can I make a complaint?

If you have a complaint in relation to the collection, storage, use or disclosure of your personal information, you should contact us. 

Following receipt of your complaint, we may refer your complaint to the Office of the Australian Information Commissioner or, depending on the facts, to a privacy regulator in a state or territory.

If you are not satisfied with our response, and we have not already made the referral, you may complain to the Office of the Australian Information Commissioner or to the privacy regulator in your state or territory.

Contact us

Contact us for further information.  

Changes to this privacy policy 

We reserve the right to revise this privacy policy or any part of it from time to time. Please review this Policy periodically for changes. Any revised policy will be placed on our website. Your continued use of our website, the My Health Record system, requesting our assistance, or the provision of further personal information to us after this privacy policy has been revised, constitutes your acceptance of the revised privacy policy.