Many safeguards are in place to protect the information held in the My Health Record system, such as strong encryption, firewalls, secure login processes and audit logging.
There are people, processes, technologies and legislation keeping the information held in My Health Record safe.
The My Health Record system is monitored by the Cyber Security Centre within the Australian Digital Health Agency. All personnel involved with the administration of the system undergo security checks.
A range of security processes limit access to the My Health Record system. External software goes through a conformance process before it is allowed to connect to the system. This includes healthcare provider software and mobile applications.
We use a range of technology to protect the sensitive personal and health information held in the My Health Record system, including:
- firewalls to block unauthorised access
- audit logs to track access to records
- initial and regular anti-virus scanning of documents uploaded to records, and
- system monitoring to detect suspicious activity.
The privacy of information in the My Health Record system is protected by legislation which includes:
- My Health Records Act 2012
- Privacy Act 1988
- Healthcare Identifiers Act 2010
- My Health Records Rule 2016
Significant penalties apply for deliberate misuse of this information.