Managing access, privacy and security
The My Health Record system has bank-strength security features. These include strong encryption, firewalls, secure login/authentication mechanisms and audit logging. To date, there have been no identified instances of malicious attacks.
In more detail the security measures of the My Health Record system include, but are not limited to:
- A multi-layered ICT system of firewalls, gateways and portals to ensure only authorised users can access the My Health Record system
- Personal information transmitted or stored by or on behalf of the System Operator will be encrypted to government standards published in the Australian Government Information Security Manual
- Developing education and awareness programs to highlight the need for individuals to protect themselves against security threats and other hoaxes or scamming activities
- Not registering an individual if the System Operator is satisfied the individual may compromise the security or integrity of the My Health Record system, having regard to the matters prescribed by the My Health Records Rules
- Monitoring of access to My Health Records in order to detect suspicious or inappropriate behaviour
- Maintaining an Access History of access to My Health Records which individuals can access
- Requiring the System Operator, registered healthcare provider organisations, registered contracted service providers, registered repository operators and registered portal operators to report a data breach to the Australian Information Commissioner (and/or in some cases, the System Operator who in turn must report the breach to the Australian Information Commissioner), as soon as practicable after becoming aware of the breach, event or circumstances
- Requiring the System Operator, registered healthcare provider organisations, registered contracted service providers, registered repository operators and registered portal operators to contain the data breach as soon as practicable after becoming aware of the breach, event or circumstances
- Requiring the System Operator to notify all affected individuals (or the general public if a significant number of individuals are affected) if a data breach occurs
- Rigorous security testing, to be conducted both prior to and after commencement of the My Health Record system
- Imposing requirements for participants to comply with specific business rules and other relevant legislation which support security in the My Health Record system
- Educating employees of DHS and other delegates of the System Operator as to their obligations when handling personal information
- Requiring employees of DHS and other delegates of the System Operator to individually authenticate themselves when accessing the My Health Record system. Furthermore, the System Operator complies with the Australian Government’s Information Security Manual and Protective Security Policy Framework.
Your doctor and other healthcare providers connected to the system and involved in your healthcare will see your My Health Record unless you have set access controls. You can limit who can see your My Health Record or grant restricted access to doctors, specialists or hospitals.
You can find privacy fact sheets on The My Health Record on Office of the Australian Information Commissioner's website
Legislation has been put in place to protect your My Health Record against unauthorised access.
If you think your My Health Record has been compromised, call the helpline on 1800 723 471. Let the operators know if your request is urgent.
The My Health Records Act 2012 compels all participants in My Health Records system to report actual or potential data breaches (that is, unauthorised access or actions that may compromise the security of integrity of the system). Participants include registered healthcare provider organisations, registered repository operators, registered contracted service providers, registered portal operators and the System Operator. Depending on the circumstances, entities may have to report a data breach to the System Operator, the Australian Information Commissioner or both.
If the System Operator is involved in a data breach, it is required to notify the Australian Information Commissioner.
If an entity fails to notify a data breach, they may be subject to a civil and/or criminal penalty.
If there is a data breach, the System Operator will notify all affected individuals. The System Operator may notify the general public if a significant number of individuals are affected.
As the privacy regulator of My Health Record system, the Australian Information Commissioner can undertake investigations, effect conciliations, accept enforceable undertakings, or seek injunctions or civil penalties.
Authorised representatives (such as a parent or legal guardian) will have control of their children's My Health Record from 0 to 14 years.
After a child turns 14, they will be able to choose whether to manage their own My Health Record. If a child chooses not to take control of their My Health Record between 14 and 17, their Authorised Representative (which may or may not be a parent) can continue to manage their record until they turn 18. Once an individual turns 18, Authorised Representative(s) will automatically lose access to that My Health Record. If an individual still wants their parent(s) or guardian(s) to view information in their My Health Record after they turn 18, they will need to take control of their record and set them up as Nominated Representatives.
Parents will not be able to view the MBS, PBS or Immunisation Register details of children aged over 14.
The department has no intention to sell de-identified data from the My Health Record system. The My Health Record legislation provides authority to the preparation and issue of de-identified reports for public health and research purposes. A framework is being developed for the secondary use of My Health Records information. This will inform how the My Health Record System Operator (CEO of the Australian Digital Health Agency) prepares and discloses de-identified information. There will be an opportunity for community consultation and stakeholder engagement in the development and implementation of this framework. Consultation is expected to begin in the second half of 2016. The final framework will address issues, including expectations for management of data including use, storage and transfer, in order to ensure that the privacy provisions in legislation will be met. Until this framework is in place, there will be no secondary use of the data provided by The Agency.
The System Operator is the person with responsibility for operating the My Health Record system. This person is the CEO of the Australian Digital Health Agency. On 1 July 2016 the Australian Digital Health Agency became the System Operator. Customer service officers from the Department of Human Services (DHS-Medicare) and officers from the Department of Health will undertake some of the My Health Record system's day-to-day tasks on behalf of the System Operator.
You can contact the System Operator by calling 1800 723 471 or visiting your local Medicare Service Centre.
The System Operator may contact you via Short Message Service (SMS) on your mobile phone, telephone call, email, or letter to advise that a document in your My Health Record (or a document you uploaded) has been quarantined because the system has detected it contains a computer virus or other malicious content. If you are unsure if the message came from the System Operator, please call the helpline on 1800 723 471 and ask the operator to confirm the message is genuine.
The staysmartonline website provides guidance on ways you can protect yourself online. You can try uploading your document again, once you have created a new version of the document that is free from computer viruses.
The System Operator scans all documents that are uploaded to the My Health Record system. A computer virus was detected in your document so it was not saved into the My Health Record. Please check that your computer is not infected with a computer virus. The staysmartonline website provides guidance on ways you can protect yourself online. You can try uploading your document again, once you have confirmed your document is free from computer viruses.
Privacy impact assessment 2011
A detailed privacy impact assessment into the My Health Record system was undertaken by Minter Ellison Lawyers and Salinger Privacy in 2011. The assessment report made 112 recommendations.
Personally Controlled Electronic Health Record (PCEHR) - Privacy Impact Assessment Report (PDF 1.27MB)
Following consideration of the report recommendations by the Department of Health and Ageing:
- 77 recommendations were accepted or supported in full
- 26 recommendations were accepted in principle or in part
- eight recommendations were not accepted
- one recommendation was subject to further consideration.
Of the eight recommendations not accepted, the department would seek views of the Senate Community Affairs Committee on six where an implementation would be feasible. For the remaining two, the department considers that implementing these recommendations would not deliver their intended objectives.
Departmental response to Personally Controlled Electronic Health Record (PCEHR) - Privacy Impact Assessment Report 2011 (PDF 148KB)
Privacy Impact Assessment Report 2015 – Opt-Out Model
The Privacy Impact Assessment (PIA) analyses the potential privacy risks and impacts of implementing an opt-out approach for participation in the My Health Record system at a national level reflecting the recommendation of the Review of the Personally Controlled Electronic Health Record (PCEHR). The PIA was commissioned following the stakeholder consultations held between July and September 2014, and intended to inform the consideration of options for the implementation of the opt-out recommendation.
In conducting this PIA, a range of assumptions have been used to determine the possible flows of information as well as the processes for communication and opting out of the system. The report makes recommendations for managing, minimising or eliminating negative impacts on the privacy of an individual’s personal information.
The PIA identified a number of key privacy risks relating to the Opt-Out model including ensuring that:
- individuals are made aware of how their personal information will be handled and how to opt-out or adjust privacy control settings so they can make informed decisions; and
- there is legislative authority for the use and disclosure of identifying information and healthcare identifiers.
The PIA made 46 recommendations that would be appropriate at a national level, to address these key privacy risks including:
- amendments to the Personally Controlled Electronic Health Records Act 2012 and Health Care Identifiers Act 2010 Act;
- developing appropriate forms of communication to better inform and reach vulnerable and disadvantaged individuals;
- further consultation and publishing of the consultation and PIA reports to increase transparency about privacy risks and benefits of the Opt-Out participation model; and
- re-designing the labelling, layout and explanation of various privacy control settings such that it is clear, neutral, explicit and easy for individuals to understand.
Many of the findings in this PIA have been used in forming the approach to trialing participation arrangements, including opt-out as announced in the 2015-16 Federal Budget. It has also been used to frame the proposed legislative amendments and planning for the trials.
Work is underway with states and territories and Primary Healthcare Networks on trial site selection, and further detailed planning including the evaluation criteria and methodology. A further PIA will be undertaken specifically for the opt-out trials as funded in the 2015-16 Federal Budget, and will be made available once accepted by the Department of Health.
Accessible word version of the Privacy Impact Assessment Report 2015 - System Opt-Out Model (Word 391 KB)
Printable version of the Privacy Impact Assessment Report 2015 - System Opt-Out Model (PDF 2076 KB)
You can find privacy fact sheets on The My Health Record on Office of the Australian Information Commissioner's website
The My Child’s eHealth Record mobile app uses your myGov username and password to confirm your identity and what mobile device you’re using. After the initial login to the mobile app, you will choose a four-digit PIN which will be used for future access.
You must take care to safeguard you PIN. Steps you can take to protect your PIN include:
- Choose a PIN that is easy to remember, but hard to guess (e.g. don’t use date of birth or address details)
- Memorise your PIN and do not tell anyone your PIN or where you may have recorded it (should you need to)
- Make sure no one watches you enter your PIN when you log into the mobile app