Start of content

Information held in the My Health Record system is protected by a range of system-wide security controls.

In addition, there are a few simple things you can do to further protect the information that appears in a My Health Record, when it is accessed via a computer, tablet, mobile device or wearable device.

Safeguards to protect your My Health Record

In addition to the safeguards that protect the information in the My Health Record system, there are five simple steps you can take to keep your information safe and private:

  1. When accessing a My Health Record (via myGov) use a strong and unique passphrase and set up secret questions and answers or an access code (via SMS or the myGov Access app).
  2. Regularly check your My Health Record for accuracy using a secure connection.
  3. Review your My Health Record access log to see who has accessed your information, and choose to receive notifications (email or SMS) when a healthcare organisation accesses your record for the first time.
  4. Carefully read emails and manually enter login details rather than clicking on links or attachments (Note: we will never ask for a password to your My Health Record by email or SMS).
  5. Turn on automatic updates on the system you access My Health Record from, to apply system and software patches, including for internet browsers.

Set a strong passphrase to protect your My Health Record

A strong passphrase is a combination of at least 13 upper and lower case letters, numbers and symbols. It is similar to a password in usage but is generally longer for added security. The hardest type of passphrase to crack is one that combines at least four words and is not related to you, your work or your immediate family. Once you have selected four or more words that you can remember, change some of the letters to numbers or symbols.

Tips for a strong password

 ✔ consider creating a longer passphrase by combining at least four unrelated words

✖ don’t include names of pets or immediate family members, or their dates of birth

✔ use a combination of characters that are easy for you to remember

✖ don’t choose a password that is easy for others to guess

✔ use a separate password for each account and device

✖ never share your passwords

✔ enable multi-factor authentication if it is available – for example, use of a password plus a finger print scan or single use code

✖ avoid using repeated characters, numeric sequences (e.g. 1234), single dictionary words, and your address

You can access your My Health Record using your mobile device

To allow a mobile device application to access your My Health Record you will need to provide access within your mobile device application. When you login to your My Health Record, you will be presented with a myGov username and password screen followed by a secret question and answer page. You will then see a consent page which asks whether you allow the application to have access to your My Health Record. Read the information on this page carefully, so that you are aware of the terms and conditions.

If you change your mind after you have allowed a mobile device application (app) to access your My Health Record, you can revoke access for that app. If you decide to revoke access, it is important to note that information that has previously been accessed may still be retained by the app. Check the terms and conditions for the app before allowing access or contact the vendor to discuss any concerns.

Mobile apps will require you to set a Personal Identification Number (PIN). When selecting passwords, secret questions, codes or PINs use a combination that is not easy for someone else to guess, don’t share it with others or write it down.

Protecting your information on mobile devices

There are some extra safeguards you can do to keep your information safe when using a health app on your mobile device:

  • Choose a unique and complex password for logging onto your device (i.e. not the same as your My Health Record passphrase or other online passwords).
  • Turn on automatic updates within your mobile device settings, to apply patches that often address known security vulnerabilities.
  • Switch off Bluetooth and wi-fi connectivity when you’re not using them.
  • Check the privacy policy for your device and apps to see how your data could be used.
  • Be cautious when accepting requests to access information on your device or app.
  • Take care when using social sharing features or free wi-fi.

Use a unique passphrase for the device that you use to access the My Health Record system

It is important to use a unique passphrase for your device and for each of your online accounts. If you use the same passphrase, it could be used to access your personal information if someone were to guess your device’s passphrase.

This is good advice for all the different information you want to keep safe including your My Health Record, social media or online banking. You should also avoid recycling old passwords and passphrases or making simple and easy to guess changes like increasing a number at the end.

Turn on automatic updates to protect your information

Regularly updating your operating system and software helps to protect you from security vulnerabilities. Most systems and software applications will have an option that is accessed in the settings menu to automatically apply updates. Consult the help menu in your software for detailed instructions on how to turn automatic updates on and configure the way they are installed on your computer and devices.

Get more help with information security

You can learn more about: