Participating in the My Health Record system: a registration guide for healthcare organisations
This guide is available to help healthcare organisations understand and register for the My Health Record system. The guide explains the key terms and definitions used and the steps organisations must take to register for the My Health Record system.
IntroductionPeople in Australia can register to create their own My Health Record.
To ensure your healthcare organisation can view its patients’ My Health Records, your organisation needs to register to participate in Australia’s My Health Record system.
I want to register my organisationFor most healthcare provider organisations, registering for the My Health Record system will be straightforward. If your organisation is already registered with the Healthcare Identifiers (HI) Service, its information can be used to support your My Health Record system application.
If your organisation isn’t registered with the HI Service, this is your starting point. The HI Service provides unique identifiers for patients, individual healthcare professionals and organisations. These identifiers are used in electronic health communications to ensure information is matched to the right patient and shared between the right healthcare providers.
The My Health Record system uses the HI Service to manage an organisation’s participation in the My Health Record system. If your organisation hasn’t yet applied for a Healthcare Provider Identifier – Organisation (HPI-O) number, use the available Application to register a seed organisation form to apply.
This form will let you apply to participate in the My Health Record system at the same time that you apply to register with the HI Service.
Top of page
Your organisation and the My Health Record system – new terms and conceptsHealthcare provider organisations participate in the My Health Record system either as a ‘seed organisation’ only or as a ‘network organisation’ that is part of a wider ‘network hierarchy’ (under the responsibility of a seed organisation).
A seed organisation is a legal entity that provides or controls the delivery of healthcare services. A seed organisation could be, for example, a local GP practice, pharmacy or private medical specialist.
An example of a network organisation could be an individual department (e.g. pathology or radiology) within a wider metropolitan hospital. A network hierarchy operating in the My Health Record system consists of one seed organisation and one or more network organisations.
Deciding how you want your organisation to participate affects what you need to do to register.
The majority of Healthcare Provider Organisations in Australia are independent – for example, suburban GP practices, pharmacies, private health specialists, or allied health care organisations. They will most likely participate in the My Health Record system as an independent seed organisation, rather than part of a network hierarchy.
Your seed organisation will identify staff for two key roles – the ‘responsible officer’ (RO) and the ‘organisation maintenance officer’ (OMO). An OMO can also be identified for a network organisation.
An RO is registered with the HI Service and has authority to act on behalf of the seed organisation in its dealings with the My Health Record ‘System Operator’ (Australian Digital Health Agency) and the HI Service Operator. The RO has primary responsibility for their organisation’s compliance with participation requirements in the My Health Record system. For large organisations the RO is usually the CEO; however, for smaller business organisations the RO could be the practice manager or business owner.
The OMO is also registered with the HI Service and acts on behalf of a seed organisation and/or network organisation in its dealings with the System Operator. The OMO’s primary role is to undertake the day to day administrative tasks in relation to the HI service and the My Health Record system. A healthcare provider organisation can have multiple OMOs. An OMO needs to be someone who is familiar with the IT system used by their organisation.
Other changes your organisation may need to makeYour organisation must comply with a range of obligations when participating in the My Health Record system, as set out under the My Health Records Act 2012 ,the My Health Record Rule 2016 and the My Health Records Regulation 2012.
It is important to understand what changes your organisation may need to make before registering to participate in the My Health Record system.
Potential changes include:
- Security - review, update, maintain, enforce and promote to staff policies that ensure the My Health Record system is used safely and responsibly. These policies need to address matters such as how authorised persons access the system, the training delivered to staff before accessing the My Health Record system, and the physical and information security measures used by the organisation.
- User account management – confirm the IT system(s) staff use to access the My Health Record system employ reasonable user account management practices, including: restricting use, uniquely identifying users and secure access mechanisms (such as passwords).
- Data quality – your existing obligations to maintain your own detailed and accurate clinical records remains, and you are also responsible for ensuring that information uploaded to the My Health Record system complies with your obligations under the My Health Record system. This includes ensuring your employees are registered before they author any record that will be uploaded to the My Health Record system.
Registering as a seed organisationThe information your organisation needs to provide to register as a seed organisation in the My Health Record system is straightforward, because we draw down most details about your seed organisation from the HI Service. Use the form, Application to register a seed organisation (PDF 614 KB), to:
a) register as a seed organisation with the HI Service (including registering the RO and OMO) and the My Health Record system (complete Part A and Part B); or
b) register as a seed organisation to participate in the My Health Record system if it is already registered with the HI Service (complete Part B only)
Important note: The person filling out the Application to register a seed organisation form must be the person who will be or is already the see organisation's RO (or OMO if completing only Part B).
Registering a network organisation
Do you need to register a network organisation?Typically, a healthcare provider organisation, such as an independent GP practice, will be able to register as a single seed organisation – outside a My Health Record network hierarchy. In this case, no network organisations will need to be registered.
However, some seed organisations will need to operate in the My Health Record system as part of a network hierarchy – a structure established through the HI Service that consists of a seed organisation and one or more network organisations.
There are a number of reasons why you would establish network organisations in the HI Service (e.g. secure messaging), but for the purposes of the My Health Record system, your decision will depend on whether you need to set Access Flags within your network hierarchy to comply with access control requirements of the My Health Records Rule 2016.
Top of page
Balancing individual patients' expectations about access, with routine workflows.Access Flags are assigned to network organisations and are a mechanism of the My Health Record system that allows individuals to determine which Healthcare Provider Organisations can access their My Health Record.
A seed organisation’s RO or OMO must set and maintain Access Flags in a way that balances reasonable expectations of individual patients about the sharing of their health care information and existing arrangements within the network hierarchy for the collection and sharing of health care information.
An RO or OMO of a seed organisation will need to decide whether it is appropriate to apply Access Flags to certain parts of their network (e.g. a mental health unit or sexual health clinic) to support an individual’s ability to make an informed choice about which parts of the network, if any, should be authorised to access their My Health Record.
Note that where access flags are set within a network, individual patients will be able to agree to or deny access for the network organisation with a flag.
For example: An individual who has chosen to restrict access to their My Health Record attends a GP practice in a multi-disciplinary health service (which is the seed organisation) which includes a psychologist, dentist and physiotherapist. If the GP practice is not registered as a network organisation with an Access Flag assigned to it, the individual will not be able to give the GP practice access to her My Health Record without giving access to the health service generally.
This may be inconsistent with the individual’s expectations about the sharing of information within the health service.
Health services should explain their local access policies directly with patients so expectations are clear.
It’s the responsibility of the seed organisation’s RO to ensure that all necessary network organisations are established in the HI Service and registered in the My Health Record system, and that the seed organisation sets access flags appropriately in accordance with the PCEHR Rules 2012.
An Access Flag is automatically assigned to a seed organisation on registration. From there, access flags are either assigned, or not, to network organisations in the wider network hierarchy.
If an Access Flag is not assigned to an organisation in a network, while that organisation can still access the My Health Record system, they inherit the access rights that patients have given the first organisation above them in the hierarchy that has been assigned a flag.
The following diagram show how Access Flags might be set up in a network hierarchy.
The Seed organisation is automatically assigned a flag on registration. This means patients have agreed to the access the seed organisation has to their My Health Record over time.
Network organisation 1 has not been assigned an Access Flag. This means its access to a patient’s My Health Record is managed under the access rights of the first organisation above it in the hierarchy that has an Access Flag – which in this case is the seed organisation.
An Access Flag has been assigned to Network organisation 2. This means a patient can agree to or deny organisation 2 access to their health information, unlike organisation 1, which will inherit the seed organisation’s access.
Network organisation 3 has not been assigned an access flag. This means its access is the same as the seed organisation, as no access flag was assigned to network organisation 1.
Network organisation 4 has an Access Flag assigned. This means a patient can agree or deny access to organisation 4 to their health information.
No Access Flag has been assigned to Network organisation 5. This means its access to a patient’s My Health Record will be inherited from organisation 4 – the first organisation above it in the hierarchy with an access flag assigned.
Note: the details of the actual network organisation (regardless of whether an Access flag is allocated) accessing an My Health Record will be included in the Access history, as well as the details of the seed or network organisation from which the access rights were inherited.
Top of page
How to register a network organisationThe registration of a network organisation in both the HI Service and the My Health Record system is managed by the seed organisation for their network hierarchy.
Each organisation operating within a network hierarchy must first be registered with the HI Service and only once the seed organisation has been issued with its HPI-O. The easiest way to register a network organisation in the HI Service is via Medicare’s Health Professional Online Service (HPOS) portal. Alternatively, you can submit the Application to register a network organisation in the HI Service form, which can be downloaded from the ‘health professionals’ pages of the Department of Human Services website.
Once a network organisation is registered in the HI Service, you can apply to register it in the My Health Record system using the Application to register Network Organisation in the My Health Record system (PDF 130 KB) form.
You assign Access Flags to a network organisation as part of the application.
- Submit Application to register a seed organisation form (with any necessary supporting documentation)
- Determine whether network organisations need to be established, and if so:
- Register online via HPOS or use the Application to register a network organisation form available via the HI Service.
- Submit Application to register Network Organisation in the My Health Record system.
Further advice and registration assistanceYou can also call the My Health Record helpline on 1800 723 471.
The My Health Record system uses the Department of Human Services to manage aspects of the registration process.
Accessing the My Health Record systemA confirmation letter will be sent to the seed organisation (and network organisations. if relevant) when your application has been processed and accepted.
Once an organisation is registered in the My Health Record system, staff authorised by the organisation to access the My Health Record system can do so, either:
- using conformant clinical computer software that is installed on the organisation's IT system, or
- via the My Health Record record Provider Portal (read access only).
In both cases, digital credentials will need to be obtained.
Conformant clinical softwareClinical and GP software products are being updated by IT vendors with recent releases of conformant companion tools and desktop software products.
Contact your software vendor for more information about My Health Record system-conformant products.
A digital credential – the Department of Human Services’ National Authentication Service for Health (NASH) Public Key Infrastructure (PKI) Certificate – is required for each Healthcare Provider Organisation, either a seed or an organisation in a network hierarchy that wants to access the My Health Record system using conformant clinical software.
Installing the NASH PKI Certificate on your organisation’s IT system provides access to the My Health Record system and ensures secure electronic communications with other healthcare provider organisations.
For information and application details about the NASH PKI Certificate visit the Medicare Australia website.
Using conformant clinical software will allow your organisation to create and upload clinical information to patients’ My Health Records.
Authorised healthcare providers in your organisation will be able to create and upload clinical documents such as:
- an Event Summary – a record of a patient’s significant consultation; and
- a Shared Health Summary – a clinical document summarising a patient’s overall health status. The Shared Health Summary includes information about a patient’s medical conditions, medications they are currently taking, and allergies they may have.
The My Health Record Provider PortalThe Provider Portal is a read and download-only facility and does not allow healthcare professionals to upload clinical information to a patient’s My Health Record.
Healthcare providers can access a patient's existing My Health Record via the Provider Portal to check and clarify their medical history, rather than relying only on the patient's memory.
A NASH PKI certificate is required for each healthcare provider individual in a registered organisation (either seed or network) who wants to access the My Health Record system via the Provider Portal. To get a digital credential, the individual must have been assigned a Healthcare Provider Identifier - Individual (HPI-I) number.
You can link each individual by calling 1800 723 471 or completing the Application to establish list of authorised healthcare provider individuals form.
Forms for individual providers with an HPI-I to apply for a My Health Record-compliant digital credential are available on Medicare Australia's website.