Overview
My Health Record is a secure online summary of key patient health information. Healthcare providers can access the system to view and add information.
Healthcare provider benefits
- provides immediate access to key health information
- facilitates the validation and verification of clinical information
- avoid adverse medication events, provides access to allergy information
- avoids duplication of tests and diagnostic imaging
- provides immunisation details
- improves continuity of care, informs end of life care
Patient benefits
- prompt access to key health information in an emergency
- secure, convenient access to health information
- safer, faster more efficient care
- less need to remember key aspects of their medical history and medications
- improved management of health information
- informed self-management of health conditions
What's in a record
Records contain key health information like immunisations, pathology and diagnostic imaging reports, prescription and dispensing information, hospital discharge summaries and more, all in one place.
Views and overviews
A quick, easy way to find information in a patient's record
Views and overviews
A quick, easy way to find information in a patient's record
These documents are system generated and consolidate the information in a person’s record. In an emergency department (ED) setting, they can help clinicians find information quickly.
Immunisation Consolidated View
Immunisation Consolidated View
This view displays details of a patient's immunisations recorded in the Australian Immunisation Register (AIR) and in any shared health summaries or event summaries, in their record.
The view shows immunisation history including date, dose number, brand of administered vaccination and disease/indication. It also provides links to relevant source documents.
Medical conditions view
This view brings together a consolidated list of medical conditions and procedures from a range of clinical documents available in My Health Record. Information can include:
- the patient's most recent (up to 2 years) medical conditions and procedures
- the patient's most recent shared health summary and discharge event summary
- available event discharge summaries, specialist letters and e-Referral notes
- the patient's personal health summary, which may include any allergies or adverse reactions and other key information
Medicare Overview
Medicare Overview
Medicare information may include:
PBS/RPBS claims information
Prescription information from Pharmaceutical Benefits Scheme (PBS) and Repatriation Schedule of Pharmaceutical Benefits (RPBS).
Australian Organ Donor Register status
The patient’s organ and/or tissue donor decisions are sourced from the Australian Organ Donor Register.
Australian Immunisation Register
Details of patient's immunisations as recorded in the Australian Immunisation Register (AIR).
MBS/DVA claims information
Medicare Benefits Schedule (MBS) and Department of Veterans’ Affairs (DVA) claims information.
Medicines View
Medicines View
This view brings together medicines-related information, including allergies and adverse reactions, from documents held in a patient’s record. Information is gathered from:
- the patient's most recent (up to 2 years) prescription and dispense records and other PBS claims information
- the patient's most recent shared health summary and discharge summary
- available event summaries, specialist letters, e-Referral notes and pharmacist shared medicines list uploaded to the patient's record since their latest shared health summary
- the patient's personal health summary, which may include any allergies or adverse reactions and other key information
MyMedicare information
MyMedicare information
If a patient has registered for MyMedicare, their MyMedicare information is included:
- in the patient’s My Health Record document list for conformant clinical information systems (include Medicare documents in the list)
- at the top of their My Health Record overview page, in the National Provider Portal or the Healthcare Information Provider Service (HIPS).
Pathology and Diagnostic Imaging Reports Overview
Pathology and Diagnostic Imaging Reports Overview
Residential Care Transfer Overview
Residential Care Transfer Overview
This is a consolidated view of clinical documents uploaded by aged care residential services, such as reason for transfer, medication chart, and health summary. It includes links to other key documents available in the patient’s My Health Record, including advance care planning information, discharge summaries, shared health summaries and immunisations.
Shared health summary
Shared health summary
This is a summary of a patient’s health status at a point in time, which can include medical conditions, medicines, allergies and adverse reactions, and immunisations. A shared health summary is created by an individual’s nominated healthcare provider, as defined in the My Health Records Act, with the information extracted from their local clinical information system.
A nominated healthcare provider may be:
- a registered medical practitioner
- a registered nurse
- an Aboriginal and Torres Strait Islander health practitioner with a Cert IV in Aboriginal and/or Torres Strait Islander Primary Health Care
The nominated healthcare provider is generally the patient's usual healthcare provider who is delivering coordinated and comprehensive care to the patient (for example their regular GP).
Note: an enrolled nurse is not permitted by the My Health Records Act to author/create a shared health summary. An enrolled nurse can create an event summary to share information about a significant clinical event, provided the enrolled nurse is providing healthcare to the patient.
Examples of when to create a shared health summary include:
- when completing a patient health assessment (for example a GP Management Plan, 75+ Assessment, or child health check)
- when there are significant changes to a patient’s health status in any of the four key areas: patient’s medical conditions, medicines, allergies/adverse reactions or immunisations
The shared health summary should be created in consultation with the patient. A patient has only one current shared health summary at a time.
Discharge summaries
Discharge summaries
Discharge summaries provide the details of the patient's hospital stay and recommendations for care after discharge.
When a discharge summary is created, it is sent directly to the intended recipient, in accordance with current practices. When a hospital is connected to the system, a copy of the discharge summary can also be uploaded to the patient's record.
Prescription and dispense records
Prescription and dispense records
Pathology reports
Pathology reports
Pathology reports can be uploaded by registered pathology laboratories.
The reports are immediately available to all members of the patient’s healthcare team, subject to any access controls the patient may have set. Patients will need to wait 7 days before they can view the reports in their record, with some exceptions. The following reports are available as soon as they are uploaded:
- international normalised ratio (INR)
- HbA1c
- COVID-19
- respiratory infection tests (such as flu)
Learn more about pathology reports.
See which pathology labs are connected.
Diagnostic imaging reports
Diagnostic imaging reports
Diagnostic imaging reports can be uploaded by registered diagnostic imaging services.
The reports will be immediately available to all members of the patient’s healthcare team, subject to any access controls the patient may have set. Patients will need to wait seven days before being able to view them in their record (with some exceptions).
Learn more about diagnostic imaging reports.
See which diagnostic imaging services are connected.
Specialist letters
Specialist letters
Event summaries
Event summaries
Event summaries capture health information about a significant healthcare event that is relevant to the ongoing care of an individual. It may be used to indicate a clinical intervention, improvement in a condition or that a treatment has been started or completed.
An event summary may contain:
- allergies and adverse reactions
- medicines
- diagnoses
- interventions
- immunisations
- diagnostic investigations
Event summaries are intended for healthcare providers who are not the patient’s regular provider / nominated healthcare provider.
They can be created and uploaded by any healthcare provider with a Healthcare Provider Identifier–Individual (HPI-I) who is working at a participating healthcare organisation and involved in the patient’s care with conformant software.
Examples of when to create an Event Summary include:
- Patients visiting an after-hours medical service
- Holidaying patients
- Patients visiting from another area
- Patients receiving an immunisation or flu vaccine.
Generally, an event summary is used when it is not appropriate for the healthcare provider to create and upload a shared health summary, discharge summary or specialist letter.
Goals of care
Goals of care
eReferrals
eReferrals
Pharmacist shared medicines list
Pharmacist shared medicines list
Aged care transfer information
Aged care transfer information
This may include information such as reason for transfer, residential care medication chart and residential care health summary.
Personal health summary
Personal health summary
Personal health notes
Personal health notes
Advance care planning information
Advance care planning information
Advance care planning information can be uploaded to a patient's record and can contain their wishes for future health and care. The individual can also enter details of their Advance Care Document Custodian who holds a copy of their advance care planning document. This could be an individual or organisation.
Emergency contact details
Emergency contact details
Register and set up access
Discover how to establish policies, register your organisation, and access the system via conformant clinical software, the National Provider Portal (NPP) or hospital applications:
Implementing My Health Record in your healthcare organisation
Education and training
Find resources to help you feel confident using the system. Detailed information, software summary sheets, training and support are all available here.
Aboriginal and Torres Strait Islander health
Aboriginal and Torres Strait Islander health
eLearning modules
Clinical software summary sheets
Scroll down to find summary sheets for these and other software products:
- Communicare
- MMEx
Videos
Webinar recordings
Training
Patient resources
- My Health Record youth storybook pdf (PDF, 2.9 MB)
- My Health Record adult storybook (PDF, 2.81 MB)
- My Health Record parent storybook (PDF, 4.52 MB)
Allied health
Allied health
eLearning modules
Information sharing report
Access to the National Provider Portal
- See "National Provider Portal (NPP)" section above.
Training
- Find out more about how My Health Record works as a consumer
- Find the full range of eLearning courses for allied healthcare providers
Further resources
Community pharmacy
Community pharmacy
eLearning modules
- Using My Health Record in Community Pharmacy
- Introduction to My Health Record for healthcare providers
- My Health Record Security, Privacy and Access
Clinical software summary sheets
Scroll down to find summary sheets for these and other software products:
- Aquarius
- Corum LOTS
- Dispense Works
- Fred, Minfos
- Z Dispense
- National Provider Portal
Resources
On demand training environment
- Fred Dispense - see "Training simulators" section below.
Training
General practitioners
General practitioners
eLearning modules
- Preparing for My Health Record
- Using My Health Record in General Practice
- My Health Record Security, Privacy and Access
Fact sheets
Clinical software summary sheets
Scroll to the next section to find step-by-step guides to performing tasks within the system, for general practice.
- Best Practice Premier
- Communicare
- Genie
- MedicalDirector
- Medtech32
- Naitonal Provider Portal
- Zedmed
Videos
Webinar recordings
Training
Also see RACGP Resources about My Health Record.
Nursing and midwifery
Nursing and midwifery
eLearning modules
Fact sheets
- Overview of My Health Record for Nurses (PDF, 625.93 KB)
- Overview of My Health Record for Community Nurses (PDF, 565.1 KB)
Training
Pathology services
Pathology services
Please refer to the software guides used in your laboratory or radiology information systems to learn more about viewing and uploading information to My Health Record in your organisation.
Staff in the pathology laboratory or diagnostic imaging practice need to be aware of how to action a request to ‘Do not send’. Further information can also be found in the eLearning modules below.
eLearning modules
In practice
- See a list of pathology services which upload to the system.
Training
Diagnostic imaging services
Diagnostic imaging services
Please refer to the software guides used in your laboratory or radiology information systems to learn more about viewing and uploading information to My Health Record in your organisation.
Staff in the pathology laboratory or diagnostic imaging practice need to be aware of how to action a request to ‘Do not send’. Further information can also be found in the eLearning modules below.
eLearning modules
In practice
- See a list of diagnostic imaging providers which upload to the system.
Training
Practice management
Practice management
eLearning modules
Resources
Videos
Training
- Find out more about how My Health Record works as a consumer and browse the full range of eLearning courses available
Specialists
Specialists
eLearning modules
Clinical software summary sheets
Scroll down to find summary sheets for these and other software products:
- Bp VIPnet
- Clinic to Cloud
- Genie
- Gentu
- Shexie
- National Provider Portal
Webinar recordings
Training
- CPD accredited training
- Find the full range of eLearn courses for specialists, including electronic prescriptions and cyber security
Further resources
Audit4
Audit4
Best Practice Premier
Best Practice Premier
How to access and view:
- Accessing advance care planning information (PDF, 1006.39 KB)
- Accessing immunisation information (PDF, 435.75 KB)
- Accessing prescription and dispense view (PDF, 1.37 MB)
- Accessing the Medicare overview (PDF, 1006.18 KB)
- Accessing the medicines information view (PDF, 277.38 KB)
- View pathology and diagnostic imaging reports overview (PDF, 454.51 KB)
- Viewing clinical documents in My Health Record (PDF, 1.01 MB)
- Emergency access to My Health Record (PDF, 656.4 KB)
How to upload:
- Uploading a shared health summary (PDF, 338.61 KB)
- Uploading an event summary (PDF, 295.65 KB)
- Uploading advance care plans (PDF, 1.93 MB)
How to stop records or documents from being sent:
- Stop prescribing records being sent to My Health Record (PDF, 427.99 KB)
- Request for pathology report not to be sent to My Health Record (PDF, 238.18 KB)
- Request for diagnostic imaging report not to be sent to My Health Record (PDF, 241.49 KB)
- Removing and superseding uploaded documents (PDF, 1.41 MB)
Bp VIPnet
Bp VIPnet
How to access and view:
How to upload:
Communicare
Communicare
How to access and view:
- Accessing immunisation information (PDF, 397.5 KB)
- Accessing the medicines information view (PDF, 283.27 KB)
- Accessing prescription and dispense view (PDF, 346.94 KB)
- Accessing advance care planning information (PDF, 924.92 KB)
- Accessing the Medicare overview (PDF, 892.91 KB)
- View pathology and diagnostic imaging reports overviews (PDF, 384.34 KB)
- Viewing clinical documents in My Health Record (PDF, 1019.45 KB)
How to upload:
How to stop records and documents from being sent:
- Stop prescribing records being sent to My Health Record (PDF, 194.51 KB)
- How to prevent specific health information being uploaded to My Health Record (PDF, 1 MB)
- Removing and superseding uploaded documents (PDF, 1.2 MB)
- Request for diagnostic imaging report not to be sent to My Health Record (PDF, 248.04 KB)
Patient assistance:
Clinic to Cloud
Clinic to Cloud
How to access and view:
How to upload:
Fred Dispense
Fred Dispense
How to access and view:
- Accessing immunisation information (PDF, 493.33 KB)
- Access, view and dispense to My Health Record (PDF, 906.73 KB)
- Accessing the medicines information view (PDF, 966.63 KB)
- Emergency access to My Health Record (PDF, 553.76 KB)
How to upload:
How to stop records and documents from being sent:
Genie
Genie
How to access and view:
- Accessing immunisation information (PDF, 500.66 KB)
- Accessing the medicines information view (PDF, 461.57 KB)
- Accessing prescription and dispense view (PDF, 1.17 MB)
- Accessing advance care planning information (PDF, 1.08 MB)
- Accessing the Medicare overview (PDF, 489.74 KB)
- View pathology and diagnostic imaging reports overviews (PDF, 628.9 KB)
- Viewing clinical documents in My Health Record (PDF, 1.15 MB)
How to upload:
- Uploading a shared health summary (PDF, 411.94 KB)
- Uploading an event summary (PDF, 463.52 KB)
- Uploading a specialist letter (PDF, 1.08 MB)
How to stop records and documents from being sent:
- Stop prescribing records being sent to My Health Record (PDF, 280.27 KB)
- Request for pathology report not to be sent to My Health Record (PDF, 711.73 KB)
- Request for diagnostic imaging report not to be sent to My Health Record (PDF, 260.49 KB)
- Removing and superseding uploaded documents (PDF, 1.3 MB)
Patient assistance:
Gentu
Gentu
How to access and view:
How to upload:
MedicalDirector
MedicalDirector
How to access and view:
- Accessing immunisation information (PDF, 442.68 KB)
- Accessing the medicines information view (PDF, 282.65 KB)
- Accessing advance care planning information (PDF, 813.58 KB)
- Accessing prescription and dispense view (PDF, 1.06 MB)
- Accessing the Medicare overview (PDF, 1.16 MB)
- View pathology and diagnostic imaging reports overviews (PDF, 288.79 KB)
- Validate IHI number and status (PDF, 689.76 KB)
- Viewing clinical documents in My Health Record (PDF, 1.33 MB)
- Emergency access to My Health Record (PDF, 595.52 KB)
How to upload:
How to stop records and documents from being sent:
- Request for pathology report not to be sent to My Health Record (PDF, 222.2 KB)
- Request for diagnostic imaging report not to be sent to My Health Record (PDF, 216.12 KB)
- Stop a prescription record being uploaded to My Health Record (PDF, 838.57 KB)
- Removing and superseding uploaded documents (PDF, 1.4 MB)
Patient assistance
Medtech32
Medtech32
How to access and view:
How to upload:
Patient assistance:
Minfos
Minfos
MMEx
MMEx
How to access and view:
- Accessing the medicines information view (PDF, 734.32 KB)
- Accessing the Medicare overview (PDF, 417.31 KB)
- Accessing the prescription and dispense view (PDF, 539.57 KB)
- View pathology and diagnostic imaging reports overviews (PDF, 652.32 KB)
- Viewing clinical documents (PDF, 606.34 KB)
How to upload
- Uploading a shared health summary (PDF, 648.57 KB)
- Uploading an event summary (PDF, 553.57 KB)
- Uploading advanced care directives (PDF, 470.7 KB)
How to stop records and documents from being sent:
National Provider Portal (NPP)
National Provider Portal (NPP)
How to access and view:
- Accessing the medicines information view (PDF, 352.37 KB)
- Accessing prescription and dispense view (PDF, 369.66 KB)
- Accessing advance care planning information (PDF, 875.26 KB)
- Accessing immunisation information (PDF, 949.05 KB)
- Accessing the Medicare overview (PDF, 859.74 KB)
- Viewing clinical documents in My Health Record (PDF, 1007.91 KB)
Shexie
Shexie
How to access and view:
How to upload:
Z Dispense
Z Dispense
How to access and view:
Zedmed
Zedmed
How to access and view:
- Accessing advance care planning information (PDF, 911.08 KB)
- Accessing immunisation information (PDF, 349.77 KB)
- Accessing prescription and dispense view (PDF, 353.38 KB)
- Accessing the medicines information view (PDF, 442.74 KB)
- Accessing the Medicare overview (PDF, 991.41 KB)
- View pathology and diagnostic imaging reports overviews (PDF, 293.61 KB)
- Viewing clinical documents in My Health Record (PDF, 950.65 KB)
How to upload:
How to stop records and documents from being sent:
- Request for pathology report not to be sent to My Health Record (PDF, 237.13 KB)
- Request for diagnostic imaging report not to be sent to My Health Record (PDF, 251.07 KB)
- Removing and superseding uploaded documents (PDF, 1.41 MB)
- Stop a prescription record being uploaded to My Health Record (PDF, 321.92 KB)
Patient support:
Healthcare professionals and consumers can now simulate the use of My Health Record functionality in clinical software products.
The simulations have been developed to support demonstration, training, and self-paced learning of the functionality and benefits of the My Health Record system and contains fictional patients and medical information.
To access a simulation, select one of the environments below then enter the following username and case sensitive password to log in:
- Username: OnDemandTrainingUser
- Password: TrainMe
General practice
Best PracticeCommunicareGenieMedical DirectorZedmed
Pharmacy
Hospitals, Pathology and Diagnostic Imaging
The simulation environment uses the latest released versions of each clinical information system software.
To demonstrate the use of My Health Record functionality, best endeavours have been made to provide clinically validated data and scenarios that are relevant and demographically diverse for use in the software simulations.
Please note: Test patients and clinical records used in the software simulations are provided for training purposes only.
If you would prefer to attend a CPD accredited training session led by one of our instructors, please register for "On Demand Training" sessions.
Support
Support
The environment is available 24 hours 7 days a week. Support is provided by the Australian Digital Health Agency during business hours only (8am - 5pm (AEST/AEDT), Monday - Friday). For any assistance or enquiries that you may have with the environment, please contact us on [email protected] or phone: 1300 901 001.
Frequently asked questions
Why is my software not listed?
Why is my software not listed?
The software simulators are regularly updated as new features become available.
Not all clinical software is conformant to the national digital health specifications and standards. There are necessary steps required to ensure the software integrated to My Health Record is conformant. Software developers that have declared conformance are included in the agency’s Conformance Register.
If you would like to see a particular digital health feature or software product demonstration and it is not included here, please email [email protected].
What My Health Record functionality can be simulated?
What My Health Record functionality can be simulated?
My Health Record functionality that can be simulated in the Clinical information systems (Best Practice, Medical Director, Zedmed and Genie)
- View My Health Record – accessing clinical documents and views
- Practice creating and uploading a shared health summary document for a patient
- Practice creating and uploading an event summary document for a patient
- View My Health Record with access code restrictions in place.
Additional My Health Record functionality that can be simulated in the pharmacy system (Fred Dispense):
- Upload a dispense record to My Health Record and consent
- Upload an event summary to My Health Record containing allergies/conditions
- Adding a new patient and validating IHI to connect to My Health Record
- Adding a new pharmacist and retrieving /validating a HPI-I
- Enable pharmacist access to My Health Record within Fred Dispense.
My Health Record functionality that can be simulated in the portals:
Provider Portal
- Access to My Health Record system without using conformant clinical software
Consumer Portal
- Access to a child’s My Health Record as an authorised representative
- Access to clinical documents and Medicare information in My Health Record
- Adding a personal health summary and a personal health note into My Health Record
- Management of advance care documents and custodian details for My Health Record
- Manage document access settings and provider access in My Health Record
- Manage notification settings and view the list of who has accessed My Health Record
- Remove Document from my Health Record
What screen resolution do I need?
What screen resolution do I need?
Recommended screen resolution is 1280x1024.
Some software products mandate minimum display settings. Setting below the recommended settings may impact on users' ability to access the software.
Why can’t I connect?
Why can’t I connect?
The following are possible reasons you may not be able to connect.
- The latest version Firefox/Chrome/Internet Explorer may not be downloaded
- Port 8443 on the user’s network may be closed. This is used for authentication by VMware Horizon
- Wrong username/password may have been entered
- IP address is outside of Australia.
While the Agency will try to notify visitors to this page of any known outages or degradations, this will not always be possible. If the simulation is not performing as expected, please contact the Help Centre.
For further assistance please go to our Contact us page in the healthcare providers section, or call Support during business hours on 1300 901 001.
The Agency also has a recommended training list (PDF, 189.58 KB)
Privacy and access
Under the My Health Records Act, staff members authorised by a healthcare organisation can access and view a patient’s record for the purpose of providing that patient with healthcare, and provided it is in accordance with any access controls. In addition to clinicians, a healthcare organisation may authorise other staff to access the system as part of their role in healthcare delivery.
Who can access My Health Record in a healthcare organisation?
Who can access My Health Record in a healthcare organisation?
Subject to any access controls the patient may have set, a registered healthcare provider organisation’s staff can access My Health Record if:
- they are providing healthcare or undertaking activities to support the provision of healthcare to the patient, and
- the organisation authorises them to do so.
Access to My Health Record is not limited to healthcare professionals, such as medical practitioners or nurses. It may extend to others, such as practice managers, clerical/administrative staff, and receptionists.
A staff member is considered to access My Health Record when they view and/or upload clinical information to a record, including when they manually prepare and upload information and when information is uploaded automatically by their clinical information system.
The My Health Records Rule 2016 requires registered healthcare provider organisations to:
- have a My Health Record policy that addresses, among other matters, how staff are trained and authorised to access My Health Record (rule 42), and
- employ reasonable user account management practices and mechanisms (rule 44).
When to access My Health Record
When to access My Health Record
How and when a registered healthcare provider organisation’s staff access My Health Record should be guided by their need for information to support their healthcare provision. Staff are under no legal obligation to access the system with every interaction. However, an organisation may choose to implement a policy around when staff access the system.
An authorised staff member can access a patient’s My Health Record before, during, or post consultation for the purpose of providing healthcare to that patient, as authorised under section 61 of the My Health Records Act 2012.
For example:
- A GP accesses a new patient’s My Health Record to view their shared health summary before their initial consultation to understand of their health status.
- A practice receptionist accesses a patient’s My Health Record, prints out their shared health summary, and provides it for review while they wait for a consultation with the GP. The patient reviews the shared health summary, identifies any updates, and raises them with the GP. This action ensures the GP and other healthcare providers involved in the patient’s care, have access to current information to inform their clinical decision-making.
- Following a consultation, a specialist accesses results of the pathology and diagnostic imaging tests they ordered, to identify what action is needed to support the health of the patient.
If a staff member deliberately accesses an individual’s My Health Record for a purpose other than providing healthcare to that patient, or another purpose authorised by law, penalties could apply, including:
- civil penalty of up to $469,500 (up to $2,347,500 for bodies corporate),
- criminal penalty of five years imprisonment and/or $93,900 (up to $469,500 for bodies corporate).
Who can author clinical information to upload to My Health Record?
Who can author clinical information to upload to My Health Record?
Staff can only author clinical information to upload to My Health Record if:
- they have a Healthcare Provider Identifier – Individual (HPI-I), and
- their registration by a registration authority, or membership of a professional association, is not conditional, suspended, cancelled, or lapsed.
This ensures that all clinical information uploaded to the system is of the required quality and standard (i.e., a person with valid clinical expertise has authored them).
*For example, a GP’s registration by the Medical Board may face suspension pending investigation for professional misconduct; or a dietitian’s professional membership in the Dietitians Association of Australia has lapsed because they haven’t paid their membership fees for more than six months. Staff registered with the Australian Health Practitioner Regulation Agency (Ahpra) will have been assigned an HPI-I through that registration. Those who have not can register for an HPI-I through the Healthcare Identifiers Service, subject to eligibility.
Note: Additional requirements apply to preparing and uploading shared health summaries.
When to upload to My Health Record
When to upload to My Health Record
When and what a registered healthcare provider organisation uploads to My Health Record should be guided by whether that information benefits other healthcare providers, the patient, and those involved in their shared care, such as any representatives they may have.
Healthcare provider organisations are under no legal obligation to upload clinical information to My Health Record with every interaction. However, an organisation may impose a policy around when staff upload to the system.
The healthcare provider organisation must comply if a patient requests that information not be uploaded to their My Health Record. If a patient requests this, the healthcare provider organisation should inform the patient that Medicare information relating to the clinical encounter may be visible in their My Health Record, so the patient will have to remove or manage access to that information themselves through the National Consumer Portal. This is particularly relevant where the information may be regarded as sensitive.
Generally, there is no need to obtain a patient’s consent to upload information to their My Health Record. However, ACT, NSW, and Qld have laws that require a patient’s consent to upload specific health information to their My Health Record. These laws are specified by the My Health Records Regulation 2012 and generally prohibit the disclosure of information relating to HIV (ACT, NSW, Qld), notifiable conditions (ACT, Qld), contagious conditions (Qld), environmental health events (Qld), and perinatal history (Qld). This information can only be disclosed with consent.
Staff must ensure they are familiar with the process for preventing an upload of information to My Health Record, should the patient request that it not be uploaded or if there is a State or Territory law requiring consent that and consent has not been obtained.
Access controls
Access controls
Individuals can decide which of their healthcare provider organisations can view their health information by restricting access to their entire record, or to specific documents within it. Restricted information is not generally visible to healthcare provider organisations unless access has been granted by the individual.
The healthcare recipient can revoke a healthcare provider organisation’s access to restricted information at any time via the Manage Access screen within their My Health Record.
Note: It is important that any access codes provided by the individual (see below) are not retained by the healthcare provider organisation and are destroyed following their use.
Record Access Codes
Individuals can decide which healthcare provider organisations can view their record by setting a Record Access Code (RAC).
Where a RAC has been set, the healthcare recipient can choose to share this code with you, so that you can access their record. Once the patient has shared their RAC with you, you will be listed on their provider access list. Healthcare provider organisations that are listed on a patient’s provider access list won’t need the patient’s RAC to continue accessing their record.
Limited Document Access Codes
Where an individual has restricted access to specific documents, they can set a limited document access code (LDAC). The healthcare recipient (or their representative(s)) can choose to provide healthcare provider organisation(s) with the LDAC. Once a healthcare provider enters the LDAC into their clinical information system, or the National Provider Portal, they will be able to access the restricted document(s). Healthcare providers can still view restricted documents in an emergency.
Access history
Access history
An individual or their nominated or authorised representative can view a list of access to their record at any time. This is known as the access history.
An individual can also choose to be notified by SMS or email when someone accesses their record or when certain changes are made.
When an individual can choose to be notified:
- a change is made to the immunisation information in their record
- a healthcare provider organisation accesses their record for the first time
- a new myGov account has been linked to their record
- a new shared health summary is added
- a nominated representative accesses their record
- an advance care document is added, removed or reinstated
- the emergency access function is used by a healthcare provider organisation
Emergency access
Emergency access
Healthcare providers can access information within the system for the purpose of lessening or preventing a serious threat.
By default, documents in an individual’s record are set to general access for registered healthcare provider organisations. This means a treating healthcare provider can view all documents within an individual’s record, except for information that has been entered in the personal health notes section of the record, and any documents that have been removed or hidden by the healthcare recipient (or their representative(s)).
Healthcare recipients (or their representative(s)) can choose to restrict access to their record (using a record access code) or to restrict access to specific documents (which they can share with selected organisations, using a limited document access code):
- Where a record access code has been set, a treating healthcare provider will be prompted by their clinical information system, or the My Health Record National Provider Portal, if a record access code is required. When this occurs, the healthcare provider can ask the healthcare recipient to share the record access code.
- Where a limited document access code has been set, the healthcare recipient (or their representative(s)) can choose to provide the treating healthcare provider with the limited document access code. The healthcare provider will need to enter the limited document access code into their clinical information system, or the My Health Record National Provider Portal, to gain access to the restricted document(s).
There are certain urgent situations, defined in Section 64 of the My Health Records Act, where it may be permissible for treating healthcare providers to access information in a person’s record without entering the relevant access code(s) using a function known as Emergency Access. This is sometimes referred to as a ‘break glass’ function. It is important to understand when this function can lawfully be used.
Appropriate use of emergency access
It is expected that the need to use Emergency Access will be rare, as Emergency Access to a healthcare recipient's record (or a restricted document within it) is only authorised under the My Health Records Act if the healthcare organisation reasonably believes that:
- the access is necessary to lessen or prevent a serious threat to an individual’s life, health or safety and the healthcare recipient's consent cannot reasonably be obtained. For example, due to being unconscious; or
- the access to the healthcare recipient’s My Heath Record is necessary to lessen or prevent a serious threat to public health or safety. For example, to identify the source of a serious infection and prevent its spread.
In addition, the majority of people have not set any access controls, which means information in their record is not restricted. In most cases, therefore, you will be able to see all available health information, for the purpose of providing healthcare, without needing to use Emergency Access.
When not to use emergency access
The emergency access function is not designed to be used for the following:
- to view their own record or a family member's record - people can access their own record via myGov or a mobile app
- to demonstrate how to use the Emergency Access function. Training resources are available for this purpose
- to check whether any restricted documents exist (except, in accordance with section 64 of the My Health Records Act, where the treating healthcare provider reasonably believes that access is necessary to lessen or prevent a serious threat to the individual’s life, health or safety and it is unreasonable or impracticable to provide consent; or to lessen or prevent a serious threat to public health or safety).
- when an individual has forgotten the access code they have set (except, in accordance with section 64 of the My Health Records Act, where the treating healthcare provider reasonably believes that access is necessary to lesson or prevent a serious threat to the person’s life, health or safety; or to lessen or prevent a serious threat to public health or safety) – a person can reset their access code by logging into their record, or telephoning the My Health Record Helpline 1800 723 471.
Use of the Emergency Access function that is not authorised by section 64 of the My Health Records Act is subject to civil and/or criminal penalties under the My Health Records Act.
Additional Information
Once granted, emergency access to a record is available for a maximum of five days. When this period ends, the record reverts to the previous settings. If the emergency situation continues beyond the initial five-day period, you will need to request Emergency Access again.
Use of the Emergency Access function is recorded in the access history of the record, which can be viewed by the healthcare recipient and their authorised or nominated representative(s). In addition, healthcare recipients can choose to receive an SMS or email notification each time the Emergency Access function is used to view their record.
With Emergency Access, any access controls that the individual has set will be overridden. This means the treating healthcare provider who uses the Emergency Access function will have full access to the healthcare recipient’s record, except for information that has been entered in the personal health notes section of the record, and any documents that healthcare recipient (or its authorised representative(s) has previously removed or hidden.
Notification provisions under section 75 of the Act
It is important to note that registered healthcare provider organisations are subject to reporting obligations under section 75 of the My Health Records Act. Consequently, unauthorised use of the Emergency Access function may be reportable to the Office of the Australian Information Commissioner (OAIC) and the Agency (as System Operator).
Note
This information is general in nature, and you should obtain your own professional legal advice relevant to your circumstances.
More information
You can find out more about the My Health Record Emergency Access function by listening to the Emergency Access Podcast.
In addition, from the OAIC provides a number of resources, including:
Penalties
Penalties
There are significant fines and penalties for inappropriate or unauthorised use of information.
Actions subject to penalties include, for example:
- unauthorised collection, use or disclosure of health information in a record
- use of health information in a record for prohibited purposes
- unauthorised use or disclosure of healthcare identifiers or other information obtained for the purposes of the Healthcare Identifiers Service
- failure to give written notice within 14 days if the healthcare provider or organisation ceases to be eligible to be registered - please notify the Agency if you or your organisation ceases to be registered
- failure to notify an actual or potential data breach in which the healthcare provider or organisation were directly involved
- holding, taking, processing or handling, records held for the purposes of the system outside Australia, or causing someone else to do so
System security
System security
Security is a key design element of the system, which adheres to Australian Government security requirements.
System security
The system is managed in line with the Australian Government Protective Security Policy Framework. Data is stored in Australia, and is protected by high grade security protocols to detect and mitigate against external threats. The system is tested frequently to ensure these mechanisms are robust and working as designed.
Design features include many safeguards to protect the information stored within the system, including audit trails, technology and data management controls, as well as appropriate security measures to minimise the likelihood of unauthorised access to information in a patient’s record. In addition to these measures, the My Health Record system is protected by legislation which governs the way the system is accessed, managed and used.
In addition, healthcare providers have obligations to protect personal and health information.
Information security advice for your business
Your business is responsible for ensuring that the systems you use to access the system are secure. Find five simple steps to protect health, personal and financial information in the guide: Information Security for small healthcare businesses.
The Australian Government strongly encourages individuals, business and organisations to take steps to ensure they provide safe and secure digital health services. For online security advice and tips visit the Australian Cyber Security Centre.
Participation obligations
Healthcare provider organisations participating in the system are required to understand and comply with a range of legislative obligations. Please see Legislation section at the top of this page.
Participating organisations must:
- Establish a security and access policy
- Comply with ongoing participation obligations.
To learn more about how to meet these obligations, visit the Participation obligations page.
Incident management
Clinical incidents
All healthcare systems, including the My Health Record system and other digital health products, require careful monitoring to ensure that potential clinical incidents are identified and addressed.
How to manage clinical incidents
Data breaches
Healthcare provider organisations must notify the Australian Digital Health Agency of any potential or actual data breaches that relate to (or may relate to) the My Health Record system.