Start of content
Information held in the My Health Record system is protected by a range of system-wide security controls.

In addition, there are a few simple things you can do to further protect the information that appears in a My Health Record, when it is accessed via a computer, tablet, mobile device or wearable device.

Download the guide: 

Safeguards to protect your My Health Record

In addition to the safeguards that protect the information in the My Health Record system, there are five simple steps you can take to keep your information safe and private:

  1. When accessing a My Health Record (via myGov) use a strong and unique passphrase and set up secret questions and answers or an access code (via SMS or the myGov Access app).
  2. Regularly check your My Health Record for accuracy using a secure connection.
  3. Review your My Health Record access log to see who has accessed your information, and choose to receive notifications (email or SMS) when a healthcare provider accesses your record for the first time.
  4. Carefully read emails and manually enter login details rather than clicking on links or attachments (Note: we will never ask for a password to your My Health Record by email or SMS).
  5. Turn on automatic updates on the system you access My Health Record from, to apply system and software patches, including for internet browsers.

Set a strong passphrase to protect your My Health Record

A strong passphrase is a combination of at least 12 upper and lower case letters, numbers and symbols. It is similar to a password in usage, but is generally longer for added security. The hardest type of passphrase to crack is one that combines at least four words and is not related to you, your work or your immediate family (e.g does not include their names and dates of birth). Once you have selected four or more words that you can remember, change some of the letters to numbers or symbols. It is important to avoid common practices such as capitalising the first letters or using an exclamation mark at the end.

A few ideas based on different approaches are provided in the table below (please do not use any of these as your passphrase):

ApproachPhrase/DescriptionPassphrase
Using four words and changing a few letters to numbers and special charactersA dog called SpotaDo7calledSp*t
Using more than four words and condensing by changing letters to numbers and special charactersI want to create a very secure passphraseiw2Cre@te1!sP
Using an event that has special meaning to you and is not easy to know or guess; then combine letters, numbers and special charactersI gave my niece a bracelet from Tiffany’s for her 21st birthday last year.21!TiffanYs@2016
Using the title or words of a song that you know well and substituting letters, numbers and special characters“It’s Now or Never” sung by Elvis Presleyits9oworNever#EP

 

You can access your My Health Record using your mobile device

To allow a mobile device application to access your My Health Record you will need to provide access within your mobile device application. When you login to your My Health Record, you will be presented with a myGov username and password screen followed by a secret question and answer page. You will then see a consent page which asks whether you allow the application to have access to your My Health Record. Read the information on this page carefully, so that you are aware of the terms and conditions.

If you change your mind after you have allowed a mobile device application (app) to access your My Health Record, you can revoke access for that app. If you decide to revoke access, it is important to note that information that has previously been accessed may still be retained by the app. Check the terms and conditions for the app before allowing access or contact the vendor to discuss any concerns.

Mobile apps will require you to set a Personal Identification Number (PIN). When selecting passwords, secret questions, codes or PINs use a combination that is not easy for someone else to guess, don’t share it with others or write it down.

Protecting your information on mobile devices

There are some extra safeguards you can do to keep your information safe when using a health App on your mobile device:

  • Choose a unique and complex password for logging onto your device (i.e. not the same as your My Health Record passphrase or other online passwords).
  • Turn on automatic updates within your mobile device settings, to apply patches that often address known security vulnerabilities.
  • Switch off Bluetooth and wifi connectivity when you’re not using them.
  • Check the privacy policy for your device and apps to see how your data could be used.
  • Be cautious when accepting requests to access information on your device or app.
  • Take care when using social sharing features or free wifi.

Use a unique passphrase for the device that you use to access the My Health Record system

It is important to use a unique passphrase for your device and for each of your online accounts. If you use the same passphrase, it could be used to access your personal information if someone were to guess your device’s passphrase.

This is good advice for all the different information you want to keep safe including your My Health Record, social media or online banking. You should also avoid recycling old passwords and passphrases or making simple and easy to guess changes like increasing a number at the end.

Turn on automatic updates to protect your information

Regularly updating your operating system and software helps to protect you from security vulnerabilities. Most systems and software applications will have an option that is accessed in the settings menu to automatically apply updates. Consult the help menu in your software for detailed instructions on how to turn automatic updates on and configure the way they are installed on your computer and devices.

Get more help with information security

You can learn more about: