As part of your application to take control of your My Health Record, you will need to provide information about yourself so that we know who you are, can work out whether you can take control of, and so we can manage your My Health Record.
The information you provide will be collected by the My Health Record System Operator (Australian Digital Health Agency) and shared with the Healthcare Identifiers service operator and other Commonwealth agencies to verify your identity.
We will also collect personal information about you – for example, date of birth and address – from other Commonwealth agencies (such as Chief Executive Medicare) to verify your identity, create a My Health Record and maintain the My Health Record system.
This collection and disclosure of information is authorised under the My Health Records Act 2012 and the Healthcare Identifiers Act 2010.
Once you take control, the My Health Record System Operator will collect and include in your My Health Record personal and health information about you which is uploaded by healthcare providers or by you. Your My Health Record may already include personal and health information about you which has been uploaded by your representatives or by healthcare providers. Your information may be disclosed to people or organisations that are registered to participate in the My Health Record system (including healthcare organisations as well as government and private sector organisations which deliver the technical components of the system), all of whom are subject to strict laws and regulations.
In the application process
We will use the personal information we collect from you and others for registration, administration, maintenance, monitoring and population of your My Health Record. We will also use your personal information to administer the My Health Record system more broadly. This would include, for example, monitoring the security, integrity and efficiency of the system.
We use private sector firms to help deliver the My Health Record system. They will see, use and disclose, and in some cases store, your personal information as part of this work. These firms are required to treat your information with the same level of respect, privacy and security as we are.
We will disclose information about you to the Department of Human Services and the Department of Veterans’ Affairs, in order to verify the accuracy of information you supply with your application. This includes information necessary to verify your identity and your consent to include information held by Chief Executive Medicare in your My Health Record.
Before you access or create your My Health Record, the information you provide to verify your identity is collected and used by the myGov site and Department of Human Services, and not the My Health Record System Operator. Once you have verified your identify, any information you provide is for the My Health Record System Operator.
Once you take control
Once you take control, the kinds of information collected directly from you may include:
- details that allow us to identify and contact you;
- details about medical conditions you have which you decided to upload to and publish in the My Health Record;
- details about your health which you enter in the confidential health diary feature;
- information about how you want to manage your My Health Record, including who you want to have access to your record and other access controls;
- records uploaded to your My Health Record; and
- information about your access to your My Health Record.
We will disclose your My Health Record to your representatives and to the healthcare provider organisations involved in your care that are registered with the My Health Record system, in accordance with the access controls for your My Health Record, or in a medical emergency.
Healthcare provider organisations sometimes use private sector firms to help them with computer and IT-related services (‘contracted service providers’). If a registered contracted service provider is authorised by a healthcare provider organisation to connect to the My Health Record system on its behalf, then we will disclose your information to the contracted service provider (if the healthcare provider organisation is authorised by you to access this information). A contracted service provider may only register with the My Health Record system if it agrees to meet proper security and privacy standards when connecting to the My Health Record system.
We will disclose your information to the organisations that hold documents in storage for the My Health Record system and make them available when they are requested (repository operators), for the purpose of storing, indexing and calling for records about you which form part of your My Health Record.
There are some circumstances where the My Health Records Act 2012 authorises the collection, use and disclosure of health information without consent. The main circumstance in which this is likely to occur is when there is a serious threat to the life, health or safety of an individual and the person is unable to consent to their information being accessed and used. Other circumstances are set out in the My Health Records Act 2012.
Read the full Privacy Statement.
How the My Health Record system puts you at the centre of your healthcare
The My Health Record system has been designed so you can choose how your health information is handled. Once you have registered you will be able to decide whether all or just some of the healthcare providers involved in your care can access your My Health Record or specific documents within it.
In rare cases, there may be information about your health that you don’t want to be available on your My Health Record. If so, you can:
- ask your healthcare provider not to add it to your record, and they must comply with this request; or
- remove specific health information from your record, in which case the information will not be available to your healthcare providers, but will continue to be stored by System Operator. You can choose to add the information back into your record at any time.
If you limit access to your My Health Record or a document within it, emergency access rules permit registered healthcare provider organisations to get access for a limited time in a medical emergency.
Most people are likely to allow any healthcare provider organisation involved in their care to access their My Health Record. This is the default access control setting that will apply to all My Health Records from registration. However, you can set access controls for your My Health Record by:
- limiting access to the whole of the My Health Record – if you do this you will need to provide an access code to those healthcare providers you wish to access the My Health Record; or
- limiting access to a specific document in the My Health Record – if you do this, you will need to give a healthcare provider an access code before they can see that specific document.
Information that is uploaded to the My Health Record system will be stored in repositories. Repositories are operated by a variety of public and private sector organisations that are registered to participate in the My Health Record system and must comply with strict rules to protect the security and privacy of information. However, some of your key health information will be stored by the System Operator in the National Repositories Service (NRS) – for example, if you have a shared health summary or if you have uploaded information on allergies, these will be stored in the NRS. Information uploaded to the NRS will be retained until at least 30 years after the date of your death, or if the system operator does not know this date 130 years after the information was uploaded.
To register for a My Health Record, you need to create a myGov account or log in to your existing myGov account.
Note: to access the myGov system please ensure you have a supported web browser (see compatible browsers).
If you already have an australia.gov.au account, your myGov account will be automatically created.