As a healthcare provider, by now, you would have heard all about the My Health Record (MHR). Despite concerns about privacy and security, there has been a record number of people signing up for the MHR since opt-out commenced 16 July 2018.
Patients are recognising and appreciating that the benefits of having a MHR outweigh the risks. For example, interaction with the MHR system can:
- Reduce duplication of tests.
- Provide safer care with better patient outcomes through knowledge of allergies, potential drug interactions and contraindications when prescribing.
- Reduce time gathering information so more quality time spent with patient.
- Encourage patients to take more initiative and be more involved with their healthcare.
- Provide 24/7 access to information.
On 31st July 2018, The Hon. Greg Hunt MP, Minister for Health, announced the Government will strengthen privacy provisions under the MHR Act to ensure that:
- No record can be released to police or government agencies, for any purpose, without a court order.
- If someone wishes to cancel their record they will be able to do so permanently, with their record deleted from the system.
There continues to be a lot of misinformation, untruths and misinterpretations of the MHR facts. It is important that healthcare providers and community members make an informed choice about whether or not they want a MHR.
Read below for some responses to MHR myths and frequently asked questions.
My Health Record: Frequently asked questions
There are thousands of registered organisations who can access My Health Record, however, only healthcare provider organisations involved in your care, who are registered with the My Health Record System Operator, are allowed by law to access your My Health Record.
This may include healthcare providers such as GPs, pharmacies, pathology labs, hospitals, specialists, and allied health professionals. You can allow others, such as a partner, child, parent or carer to access your Record by making them an authorised representative, or a nominated representative.
No government departments can directly access the My Health Record system.
Every time your My Health Record is accessed, it is recorded in an audit log which you can view by logging into your My Health Record. There are strict penalties for unlawful access.
Your previous medical history such as older tests and medical reports will not be available within your new My Health Record.
Medicare data can be added to your record. This includes:
- Medicare and Pharmaceutical Benefits Scheme (PBS) information stored by the Department of Human Services
- Medicare and Repatriation Schedule of Pharmaceutical Benefits (RPBS) information stored by the Department of Veterans’ Affairs
- Organ donation decisions
- Immunisations that are included in the Australian Immunisation Register
You can ask your doctor to add a shared health summary to summarise your medical history, or add your own personal health summary.
You can log into your record at any time to change your settings, see who has accessed your record, hide documents, remove Medicare or PBS data or add emergency contacts and any allergies you may have.
As System Operator of the My Health Record system, the Australian Digital Health Agency (ADHA) takes its role as custodian of Australian’s health information seriously. Protecting the integrity of the My Health Record system and maintaining public confidence and trust in the system is paramount.
ADHA will consider any formal request on a case by case basis. However, their operating policy is to release information only where we are legally compelled to do so, including in the instance of receiving a court order.
The Agency would not permit access to a My Health Record in a scenario where a request to access the My Health Record system was for protecting public revenue.
Employers cannot access a My Health Record and would need to apply to ADHA for such access.
ADHA will not approve the release of an individual’s personal or health information to a third party except where it is related to the provision of healthcare or is otherwise authorised or required by law.
ADHA does not consider that an employment check is healthcare and therefore use of the My Health Record would not be permitted.
The use of My Health Record data solely for commercial and non-health related purposes is not permitted – your data will not be sold.
Some secondary uses of My Health Record system data may be possible for research and public health purposes from 2020. Learn more about this here.
You can choose not to have your data used for secondary use purposes by selecting the ‘withdraw participation’ function in your record.
Administration staff within your doctor’s office must be authorised by the medical practice to access the My Health Record system for the purposes of providing healthcare to you.
In the current health system, paper and digital records about you may be held in various health locations. There is no way you can currently track who has viewed, photocopied, faxed, shared or filed your medical information.
The addition of My Health Record to your doctor’s practice and process of care does not change the privacy and confidentiality obligations that practice staff are already subject to under Australian law.
The My Health Record system has the highest level of security and meets the strictest cyber security standards. It has robust multi-tiered security controls to protect the system from malicious attack.
The system has been built and tested to Australian Government standards to protect the confidentiality, integrity, and availability of information within an individual’s My Health Record.
The Australian Digital Health Agency actively monitors and respond to threats and risks within the cyber security environment, and have a program of continuous improvement using the internationally recognised management framework, Information Technology Infrastructure Library (ITIL).
The System is monitored around the clock by the Australian Digital Health Agency Cyber Security Centre and has been tested by the Defence Departments Australian Signals Directorate.
If a person deliberately accessed an individual’s My Health Record without authorisation, criminal penalties may apply. These may include up to two years in jail and up to $126,000 in fines.
For more frequently asked questions, please visit: bit.ly/mhrFAQs
This myth busting article will help you get the facts about My Health Record.
A few other links we recommend to visit are:
For more information, contact NCPHN at [email protected] or (02) 6618 5400, or visit www.myhealthrecord.gov.au or phone 1800 723 471.
NCPHN is seeking community members to share their experience of My Health Record. They could enter the draw to win one of 2 x $100 shopping vouchers (prize drawn 15 October 2018).
To find out how you can refer a patient, click here.
HealthPathways has recently added a My Health Record pathway that can give you the information you need as a practitioner about My Health Record.
Click here to visit the HealthPathway for My Health Record.
For a list of all localised pathways see:
Mid and North Coast Localised Pathways
Username: manchealth
Password: conn3ct3d
For further information about HealthPathways email [email protected] or [email protected].