Start of content

This page contains answers to frequently asked questions about My Health Record. Check back for regular updates.

New laws to strengthen My Health Record privacy protections

On 26 November 2018, the Australian Parliament passed the My Health Records Amendment (Strengthening Privacy) Bill 2018.

These changes are in response to the Australian community’s calls for even stronger privacy protections for people using My Health Record.

See a summary of these changes and what they mean. 

Privacy and security

Which doctors and other healthcare providers can look at my health information?

Only healthcare provider organisations involved in your care, who are registered with the My Health Record System Operator, are allowed by law to access your My Health Record.

This may include GPs, pharmacies, pathology labs, hospitals, specialists and allied health professionals. These organisations need to use conformant clinical software containing an authenticated digital certificate to access the My Health Record system.

Every time a healthcare provider accesses your My Health Record, this is recorded in the Record Access History within your record. This allows you to see who has accessed your My Health Record. You can also set up to be automatically notified by email or SMS when a healthcare organisation accesses your record for the first time.

It is criminal for someone to access your record for a purpose other than providing you with healthcare, and there are serious penalties. If you have concerns about who has accessed your My Health Record, contact us immediately on 1800 723 471.

Can the police, Centrelink and ATO access my record?

Under new Health Record privacy laws, no information can be released to law enforcement or a government agency without your consent or an order from a judicial officer.

Can an insurance company or my employer access my record?

Under new laws, no-one is permitted to access, or ask you to disclose, any information within your My Health Record for insurance or employment purposes.

Can my health information be used for research purposes?

The My Health Record system is a valuable source of information on Australia’s health system and the outcomes of care being achieved. This information can guide service planning, policy development and research to further improve the Australian health system.

Following significant public consultation, the Framework to guide the secondary use of My Health Record system data (the Framework) has been developed and published.

At present, the policy decision has been taken that My Health Record data will not be made available for research and public health purposes pending the establishment of robust processes and governance arrangements. These arrangements will ensure the privacy of healthcare recipients whose de-identified data and health information is made available for approved research and public health purposes. In accordance with the time frames in the Framework, data will not be made available before 2020 in order to provide sufficient time for governance, security, privacy and technical arrangements to be implemented.

Data in the My Health Record system will be de-identified for use in research and public health purposes.  You can request your information is not included in these data sets in the profile section of your My Health Record.

Can my health information be sold?

The Framework to guide the secondary use of My Health Record system data does not permit the provision of data for solely commercial or non-health-related purposes.

Can My Health Record data be used for commercial purposes?

Under new laws, the My Health Record system cannot be privatised or used for commercial purposes. Only a government organisation will ever be able to manage the My Health Record system.

Will my health information in My Health Record be available on the open internet? (For example, via Google search)

My Health Record cannot be accessed on the open internet. Healthcare provider organisations must be authorised to connect to the My Health Record system and conformant clinical software containing an authenticated digital certificate.

Is My Health Record safe and secure?

The My Health Record system meets the strictest cyber security standards. It has robust multi-tiered security controls to protect the system from malicious attack.

The system has been built and tested to Australian Government standards to protect the confidentiality, integrity, and availability of information within an individual’s My Health Record.

The Agency actively monitors and responds to threats and risks within the cyber security environment and uses the internationally recognised management framework, Information Technology Infrastructure Library (ITIL).

What if someone has unauthorised access to my record?

All access and use of the My Health Record system is monitored by the Australian Digital Health Agency Cyber Security Centre.

If an individual’s My Health Record is deliberately accessed without authorisation, new harsher penalties may apply. These may include up to five years in jail and up to $315,000 in fines.

Can I share my record with a family member or trusted friend?

If you wish, you can allow others, such as a partner, family member or other trusted friend, to access your record by making them a nominated representative.

How do healthcare providers access the My Health Record system?

For a healthcare provider such as a doctor or pharmacist to use to the My Health Record system they must: 

  • work for an organisation which is registered with the My Health Record System Operator, and 
  • use conformant clinical software containing an authenticated digital certificate to access the My Health Record system. 

Healthcare providers using My Health Record 

What can I do if my healthcare provider doesn't want to, or doesn't know how to use My Health Record?

It is not compulsory for healthcare providers to use your My Health Record when providing you with healthcare. For example, your GP can use their own digital records in their medical practice.

By asking your healthcare providers to actively use your My Health Record, you can encourage them to start using it to better track and manage your health together.

More and more healthcare providers are connecting to the My Health Record system. Over 15,000 healthcare providers are already connected, and 90% of Australians now have a My Health Record. Many patients and their healthcare providers are already seeing the benefits of uploading and sharing health summaries and medicines information. We continue to provide ongoing support to healthcare providers through training and support to use the My Health Record system.  

Even when a healthcare provider does not access your My Health Record, it can still be a useful way for you to track your medical information.

You can view and track your Medicare and Pharmaceutical Benefits claims information, see your immunisations and your organ donation decisions. Even if your GP isn’t using My Health Record, a hospital pharmacy or other healthcare provider may be able to add and view your health information. In addition, you can add your own medicines, allergies and contacts, so that in an emergency your doctors have access to this information at a critical time.

Adolescents and My Health Record

At what age do I stop having access to my child’s record?

From 14 years, a young person can manage their own My Health Record.

Under new My Health Record privacy laws, when a child turns 14, their authorised representatives, usually their parent/s or guardian/s, will automatically be removed from being able to access their child’s record.

If the young person would like a parent or guardian or other trusted person to have access to their record, they can add them as a nominated representative.

Technical changes to the My Health Record system to reflect these new laws were implemented on 4 February 2019. On this date, all existing authorised representatives for teenagers over the age of 14 were removed from their teenager’s record.

I’m a GP, what do the new My Health Record privacy laws mean for my young patients?

The new privacy laws mean parents of children aged 14-17 years will no longer be able to access their child’s My Health Record, unless invited by their child.

These changes will be implemented in the My Health Record system at the time of record creation.

Until then, as is best practice, it is advised for you to continue to discuss with your young patients what information should be uploaded to their My Health Record.

Children and My Health Record

Will my newborn get a My Health Record?

You can indicate whether you would like a My Health Record created for your newborn as part of your child's Medicare registration. This includes after the opt-out period ends on 31 January 2019.

Past and sensitive clinical information

Will my past medical history be in my record?

Your previous medical history such as older test results and medical reports will not be in your new My Health Record.

When your new My Health Record is activated, when you or your doctor or pharmacist access it for the first time, there may be little or no information in it.

There may be around two years’ worth of Medicare/PBS claims history from your doctor’s visits and medicines a pharmacist has dispensed for you.

If you want details of your medical history to be added to your My Health Record, ask your GP to add a summary next time you see them.

Will my doctor be able to find out about past or current medical issues that I consider sensitive?

It’s your choice what information is in your My Health Record, and who you share it with.

You can let your doctor or pathology or diagnostic imaging service know during your visit if you don’t want them to upload documents or reports to your record. This is also called ‘withdrawing consent’ for upload.

Your health information may be held in local medical records systems such as computers and paper files as part of your care, but it will not be added to your My Health Record unless you reinstate your consent for them to do so.

In some circumstances, certain pathology reports may not appear in your My Health Record, even if you have not withdrawn consent. This is in accordance with legislation. For example, reports may not be uploaded on a person’s AIDS or HIV status if there are disclosure restrictions set by state or territory legislation.

As an additional privacy control, you can restrict which healthcare organisations can look at your record or individual documents in it by setting secure access codes.

You can also permanently delete documents at any time, with no backups kept.

Are genetic / DNA reports uploaded to My Health Record?

There are a number of genetic tests used by clinicians every day to provide health care for conditions like cystic fibrosis, anaemia and iron disorders. These tests have been used for diagnostic purposes in general practice for many years. These tests are vital in ensuring the best and most appropriate treatment by an individual’s health care team. In an emergency, this important information could be lifesaving.

Only the reports from these tests can be uploaded into a person’s My Health Record so that an authorised healthcare provider and the patient can view them. No genetic data is uploaded.

Like any other pathology test, you can ask your doctor at any time for a specific test report not to be uploaded into your My Health Record.

You can also remove a document from your record or apply a limited document access code restricting access to that document for only those who you give the code to.

Permanently deleting your record

I don’t want a My Health Record anymore, can I permanently delete it?

In November 2018, new laws were made to provide even more privacy protections for people using My Health Record – this includes the ability to permanently delete your record at any time.

When you delete a My Health Record, all information in the record, including any backups, will be permanently deleted from the system. Deleted information cannot be recovered. Your health information will no longer be available to you and your healthcare providers, including in an emergency. How to permanently delete a record.

What is the My Health Record opt-out period?

Between 16 July 2018 and 31 January 2019, Australians had the opportunity to decide if they wanted a My Health Record and to opt out if they didn’t want one.

Records have now been created for eligible Australians who didn’t opt out.

If you opted out of having a My Health Record and change your mind in future, you can register for one at any time.

I didn’t opt out but I don’t want a My Health Record. What can I do?

The last day to opt out of having a My Health record was 31 January 2019.

Records have now been created for eligible Australians who didn’t opt out.

If you have now decided that you don’t want a My Health Record, you can cancel it at any time, and your record will be permanently deleted.

If you decide to cancel your record, no backup copies will be kept in the My Health Record system, and your information cannot be recovered. Note that any copies stored on your healthcare provider’s own record-keeping systems will not be deleted. 

Learn more about deleting your record.

Will my record be deleted if I previously cancelled it?

Any My Health Record that has previously been cancelled will also be permanently deleted from the system. The process to permanently delete these records will start from 23 January 2019 and is expected to take up to 90 days.

How do I know a My Health Record won’t be created for me?

If you have cancelled your My Health Record or you have opted out, we keep some details about you to ensure that a new record is not automatically created for you. It is not possible for your healthcare providers to upload documents about you if you don’t have a record.

Can I still access Medicare services if don’t have a My Health Record?

If you are eligible to access Medicare services, you will continue to have access to these services and receive Medicare benefits, whether you have a My Health Record or not.

If I delete my record, will my GP still be able to upload to my record?

If you don’t have a My Health Record, your health information cannot be uploaded to it. 

My Health Record system operator

Who is the System Operator of the My Health Record system?

The Australian Digital Health Agency (the Agency) is the System Operator of the My Health Record system.