The collection, storage and electronic transmission of our personal data is a regular part of modern life. We want to know that our personal health information is safe and protected.
Moving to an electronic health system is similar to the electronic banking revolution. While internet banking has increased the privacy and security risk to our accounts, few of us would want to go back to the queues and time-consuming nature of pre-internet banking.
My Health Record (MHR) has the potential for consumers to be active in their own care. The more that Australians use MHR, the more useful it will become. Leanne Wells, Chief Executive of Consumers Health Forum of Australia, explains: “Having your own and your family’s health information such as immunisations, allergies, medicines, and end-of-life wishes available for access from a central database makes it much easier to ensure it is available wherever and whenever you need it.”
There has been recent public misinformation, untruths and misinterpretations of the MHR facts. North Coast Primary Health Network (NCPHN) is available to address questions about MHR, including your privacy and security concerns. Read below for some responses to MHR frequently asked questions. For more My Health Record frequently asked questions visit: bit.ly/mhrFAQs
Through to 15 October 2018, NCPHN will have MHR information stalls at local community events and host Community Information sessions at various locations. For information on session times and locations, click here. Alternatively, if you would like the MHR team to come along to your community group or event, please contact [email protected] or (02) 6618 5400.
My Health Record: Frequently asked questions
There are thousands of registered organisations who can access My Health Record, however, only healthcare provider organisations involved in your care, who are registered with the My Health Record System Operator, are allowed by law to access your My Health Record.
This may include healthcare providers such as GPs, pharmacies, pathology labs, hospitals, specialists, and allied health professionals. You can allow others, such as a partner, child, parent or carer to access your Record by making them an authorised representative, or a nominated representative.
No government departments can directly access the My Health Record system.
Every time your My Health Record is accessed, it is recorded in an audit log which you can view by logging into your My Health Record. There are strict penalties for unlawful access.
Your previous medical history such as older tests and medical reports will not be available within your new My Health Record.
Medicare data can be added to your record. This includes:
- Medicare and Pharmaceutical Benefits Scheme (PBS) information stored by the Department of Human Services
- Medicare and Repatriation Schedule of Pharmaceutical Benefits (RPBS) information stored by the Department of Veterans’ Affairs
- Organ donation decisions
- Immunisations that are included in the Australian Immunisation Register
You can ask your doctor to add a shared health summary to summarise your medical history, or add your own personal health summary.
You can log into your record at any time to change your settings, see who has accessed your record, hide documents, remove Medicare or PBS data or add emergency contacts and any allergies you may have.
As System Operator of the My Health Record system, the Australian Digital Health Agency (ADHA) takes its role as custodian of Australian’s health information seriously. Protecting the integrity of the My Health Record system and maintaining public confidence and trust in the system is paramount.
ADHA will consider any formal request on a case by case basis. However, their operating policy is to release information only where we are legally compelled to do so, including in the instance of receiving a court order.
The Agency would not permit access to a My Health Record in a scenario where a request to access the My Health Record system was for protecting public revenue.
Employers cannot access a My Health Record and would need to apply to ADHA for such access.
ADHA will not approve the release of an individual’s personal or health information to a third party except where it is related to the provision of healthcare or is otherwise authorised or required by law.
ADHA does not consider that an employment check is healthcare and therefore use of the My Health Record would not be permitted.
The use of My Health Record data solely for commercial and non-health related purposes is not permitted – your data will not be sold.
Some secondary uses of My Health Record system data may be possible for research and public health purposes from 2020. Learn more about this here.
You can choose not to have your data used for secondary use purposes by selecting the ‘withdraw participation’ function in your record.
Administration staff within your doctor’s office must be authorised by the medical practice to access the My Health Record system for the purposes of providing healthcare to you.
In the current health system, paper and digital records about you may be held in various health locations. There is no way you can currently track who has viewed, photocopied, faxed, shared or filed your medical information.
The addition of My Health Record to your doctor’s practice and process of care does not change the privacy and confidentiality obligations that practice staff are already subject to under Australian law.
The My Health Record system has the highest level of security and meets the strictest cyber security standards. It has robust multi-tiered security controls to protect the system from malicious attack.
The system has been built and tested to Australian Government standards to protect the confidentiality, integrity, and availability of information within an individual’s My Health Record.
The Australian Digital Health Agency actively monitors and respond to threats and risks within the cyber security environment, and have a program of continuous improvement using the internationally recognised management framework, Information Technology Infrastructure Library (ITIL).
The System is monitored around the clock by the Australian Digital Health Agency Cyber Security Centre and has been tested by the Defence Departments Australian Signals Directorate.
If a person deliberately accessed an individual’s My Health Record without authorisation, criminal penalties may apply. These may include up to two years in jail and up to $126,000 in fines.