The My Health Record system is managed in line with the Australian Government Protective Security Policy Framework. My Health Record data is stored in Australia, and is protected by high grade security protocols to detect and mitigate against external threats. The system is tested frequently to ensure these mechanisms are robust and working as designed.