Many safeguards are in place to protect the information held in the My Health Record system, such as strong encryption, firewalls, secure login processes and audit logging.
In addition, there are people, processes, technologies and legislation that keep your information safe.
The system is monitored by the Cyber Security Centre within the Australian Digital Health Agency. All personnel involved with the administration of the My Health Record System are required to undergo security checks.
A range of security processes limit access to the My Health Record system, servers and administration computers. External software goes through a conformance process before it is allowed to connect the My Health Record system. This includes medical practice software or mobile applications such as the Children's Health App.
We use a range of technology to protect the sensitive personal and health information held in the My Health Record system. This includes:
- firewalls to block unauthorised access
- audit logs to track access to records
- initial and regular anti-virus scanning of documents uploaded to records, and
- system monitoring to detect suspicious activity.
My Health Record legislation provides protections for privacy of health information stored in the system. The My Health Records Act 2012 and Privacy Act 1998 seek to protect personal and health information. These Acts outline the Agency’s obligations, including protecting the privacy of the information stored in the system.
The Healthcare Identifiers Act 2010 and the My Health Records Rule 2016 outline healthcare provider obligations to protect personal and health information within the My Health Record system. Significant penalties apply for deliberate misuse of this information.