In the operation of the My Health Record, the Australian Digital Health Agency (the Agency) has reconfirmed there has not been a security or privacy breach, meaning that there has been no unauthorised viewing of any individual’s health information.
There are now close to six million people who have chosen to have a My Health Record.
The system has been operating for six years.
To ensure transparency, the Agency must report notifiable data breaches to the Information Commissioner and will continue to do so.
Last year, six cases were reported – these occurred due to either alleged fraudulent Medicare claims or administrative processing errors.
It was these items which were previously published by the Information Commissioner.
However, these is no evidence that any of these cases led to unauthorised viewing of any individual’s health information.
In the context of the My Health Record system, a notifiable data breach must be reported when data may have been accessed or viewed by someone who does not have appropriate authorisation. Errors of this type have occurred due to either alleged fraudulent Medicare claims or administrative processing errors.
A security breach occurs where the system or data is accessed by bypassing the security controls in place, for example if a person were to break the authentication controls and gain access to a record for which they don’t have authorisation.
This has never occurred for the My Health Record system and there have been no security breaches detected in six years of operation.