Start of content

This page contains answers to frequently asked questions about My Health Record. Check back for regular updates.

Privacy and security

Who can access my private health information?

Only healthcare provider organisations involved in your care, who are registered with the My Health Record System Operator, are allowed by law to access your My Health Record.

This may include GPs, pharmacies, pathology labs, hospitals, specialists and allied health professionals. These organisations need to use conformant clinical software containing an authenticated digital certificate to access the My Health Record system.

If you wish, you can allow others, such as a partner, child, parent or carer, to access your record by making them a nominated representative.

The Australia Digital Health Agency has not and will not release any documents without a court/coronial or similar order. No documents have been released in the last six years and none will be released in the future without a court order/coronial or similar order. Additionally, no other government agencies have direct access to the My Health Record system, other than the System Operator.

The only healthcare providers authorised to access a healthcare recipient’s information in a My Health Record are those who are providing healthcare to the individual. Every time a healthcare provider accesses a My Health Record, a log is automatically created. This allows an individual to monitor every access to their My Health Record.

If you have concerns about who has accessed your My Health Record, contact us immediately on 1800 723 471.

Who is the System Operator of the My Health Record system?

The Australian Digital Health Agency (the Agency) is the System Operator of the My Health Record system. 

How do healthcare providers get access to the My Health Record system?

For a healthcare provider such as a doctor or pharmacist to gain access to the My Health Record system they must: 

  • work for an organisation which is registered with the My Health Record System Operator, and 
  • use clinical software and have proper security identification. 

If the healthcare provider downloads a patient’s information, this continues to be subject to Australian privacy, security and jurisdictional laws.

Administration staff within your doctor’s office must be authorised by the medical practice to access the My Health Record system for the purposes of providing healthcare to you. 
In the current health system, paper and digital records about you may be held in various health locations. 

The addition of My Health Record to your doctor’s practice and process of care does not change the privacy and confidentiality obligations that practice staff are already subject to under Australian law. 

Is My Health Record safe and secure?

The My Health Record system meets the strictest cyber security standards. It has robust multi-tiered security controls to protect the system from malicious attack.

The system has been built and tested to Australian Government standards to protect the confidentiality, integrity, and availability of information within an individual’s My Health Record.

The Australian Digital Health Agency actively monitors and responds to threats and risks within the cyber security environment and uses the internationally recognised management framework, Information Technology Infrastructure Library (ITIL).

All access and use of the My Health Record system is monitored by the Australian Digital Health Agency Cyber Security Centre.

If an individual’s My Health Record is deliberately accessed without authorisation, criminal penalties may apply. These may include up to two years in jail and up to $126,000 in fines.

Will my records be available on the open internet? (For example, via Google search)

My Health Record cannot be accessed on the open internet. Healthcare provider organisations must be authorised to connect to the system and use conformant clinical software.

Past and sensitive clinical information

Will my past medical history be added into my record?

Your previous medical history such as older tests and medical reports will not be available within your new My Health Record.

Will my doctor be able to find out about past or current medical issues that I consider sensitive?

It’s your choice what information is in your My Health Record, and who you share it with.

You can advise your doctor not to upload any information about sensitive clinical conditions. You can also choose to remove or restrict access to clinical documents by setting privacy controls.

You can place a record access code on your record. You will need to provide a healthcare provider organisation with the code for them to access your record.

You can place a limited document access code to restrict access to specific documents relating to visits to healthcare providers, or medicines you are taking. You will need to provide the code for the healthcare provider organisation to access your restricted documents.

I’ve seen a new tick box on pathology reports that says “Do not send to My Health Record”. Are records uploaded by default?

The ‘Do not send to My Health Record’ tick box on the new pathology form is an opportunity for you and your GP to discuss if you would like your results uploaded to your record (if you have one) before you take the test. Which diagnostic imaging and pathology providers are uploading to My Health Record?

You can also instruct your doctor or the pathology or diagnostic imaging service not to upload the report.

In addition, you can set document access controls within your My Health Record, and remove pathology and diagnostic imaging reports from your record.

In some circumstances, certain pathology reports may not appear in your My Health Record, even if you have not withdrawn consent for upload, in accordance with legislation. For example, reports may not be uploaded on a person’s AIDS or HIV status if there are disclosure restrictions set by state or territory legislation.

Are genetic / DNA reports uploaded to My Health Record?

My Health Record cannot store genomic or genetic data, but it can support the uploading of genetic test reports so that your authorised healthcare providers and you can view them.

The choice is yours if you want a genetic test report uploaded into your My Health Record. Like any other pathology test, you can ask your doctor at any time for a specific test not to be uploaded into your My Health Record.  It’s best to speak with your doctor to decide what’s best for your individual care needs.

You can also remove a document from your record or apply a limited document access code restricting access to that document for only those who you give the code to.

Genetic screening plays an important role in the early diagnosis and screening for cancers like breast cancer and ovarian cancer, and plays a vital role in tailoring specific treatments for people with many different types of cancers. In addition, conditions like cystic fibrosis, types of anaemia and iron storage disorders have been diagnosed with genetic tests for many years. Doctors also depend on genetic testing to routinely screen for neural tube and other issues in early pregnancy as a standard practice for all Australian women as part of routine antenatal care.

These tests are vital in ensuring the best and most appropriate treatment by your healthcare team. In an emergency, clinicians knowing about your healthcare conditions is important information that could be lifesaving.

Who can access a My Health Record?

Will the police, Centrelink and ATO have access to my medical records?

As System Operator of the My Health Record system, the Australian Digital Health Agency takes its role as custodian of Australian’s health information seriously. Protecting the integrity of the My Health Record system and maintaining public confidence and trust in the system is paramount.

The Agency considers any formal request for access on a case by case basis. However, the Agency’s operating policy is to release information only where legally compelled to do so, such as by court order/coronial or similar order.

Can insurance companies and other third parties access my data?

The Australian Government has developed a framework to guide the secondary use of My Health Record system data for research, policy and planning purposes.

Insurance is not healthcare and therefore insurance agencies are explicitly not permitted access to My Health Record system data for secondary use.

Only authorised employees of healthcare provider organisations who are providing care to a patient are permitted to access My Health Record data.

Can my employers access my record?

Employers cannot access a My Health Record and would need to apply to the Agency for access.

The Agency will not approve the release of an individual's personal or health information to a third party except where it is related to the provision of healthcare or is otherwise authorised or required by law. 

The Agency does not consider that an employment check is healthcare and therefore use of the My Health Record would not be permitted.

Children and My Health Record

How do parents currently decide whether to register newborns for a My Health Record?

Currently, you can choose whether to register your newborn for My Health Record as part of the Newborn Child Declaration form in the 'Parent Pack' you receive from your hospital or midwife.

After the opt-out period finishes, how will parents decide whether they want their children to have a My Health Record?  

Parents of newborns will be able to opt out of having a My Health Record created for their child as part of their child's Medicare registration

How do I opt out my child?

If you have parental responsibility for children under the age of 18, and they are listed on your Medicare card, you can opt out of My Health Record on their behalf online or by calling the Help line on 1800 723 471.

Why do I already have a My Health Record? I don’t remember signing up for one 

Over six million Australians currently have a My Health Record. Most people have registered themselves or their children for a My Health Record in one of the following ways

  • Via their myGov account
  • Using a Medicare enrolment form (for a newborn) 
  • At a Medicare Service Centre 
  • By calling the My Health Record Help line
  • They may have been a resident in the opt-out participation trial areas in 2016.

Cancelling your My Health Record

How can I cancel a My Health Record?

If you already have a My Health Record, and decide you don’t want one anymore, you can cancel it at any time.

You can also contact the Help line on 1800 723 471 for assistance to cancel a record. Please check wait times before you call us.

Opting out of My Health Record

Why do I need to provide my personal details to opt out?

Basic demographic information is needed to ensure the system can identify you, and record your choice to opt out. This information is not used for any other purpose.

Will I lose access to Medicare services if I opt out?

If you are eligible to access Medicare services, you will continue to have access to these services and receive Medicare benefits, even if you decide to opt out.

When can I access my new record?

The new records will be available in 2019. If you want a My Health Record before then you register now. 

Changes to My Health Record legislation to increase privacy provisions

On 16 November 2018, the Senate passed the My Health Records Amendment (Strengthening Privacy) Bill 2018 to strengthen privacy and security protections for people using My Health Record. 

Following the Senate’s approval, the bill will need to go back to the House of Representatives, which sits again on 26 November 2018. If passed by the House of Representatives in its current form, it will then be assented and become law.

See a summary of these changes and what they mean