When registering your organisation with the My Health Record system, you entered into an agreement to comply with the My Health Records Act 2012 and My Health Record Rule 2016 outlining the obligations for participating organisations.
The legislative framework specifies the security, privacy and particularly the access and use of My Health Record and the information within the system.
At the time of registration, your organisation will have established their own My Health Record policy. You are obligated to review your My Health Record policy at least once a year, and make changes when any updates to system, organisation or regulation is made.
Areas which need to be reviewed and included in your policy include:
- Reviewing, maintaining, enforcing and communicating policies, including changes to the policies
- Conducting ongoing user account management practices
- Responding to requests for assistance made by the System Operator
- Exercising due care when viewing or uploading documents to My Health Record
- Notifying when errors or data breaches occur
- Keeping the Responsible Officer (RO) and Organisation Maintenance Officers (OMO) up to date
- Providing My Health Record training to all staff authorised to use My Health Record
Helpful resources
Here are some Australian Digital Health Agency (ADHA) resources to support your organisation to conduct an annual review:
- Download the My Health Record health check guide
- Visit the Ongoing participation obligations page on the ADHA’s website
- Complete ADHA’s eLearning module, Developing a My Health Record Security and Access policy for your organisation.
- My Health Record on HealthPathways (username: manchealth, password: conn3ct3d)