Skip to main content
Skip to secondary navigation
Menu
Australian Government - Office of the Australian Information Commissioner - Home

About My Health Record

Your My Health Record is an online summary of your health information, such as the medicines you are taking, any allergies you may have and treatments you have received. It was previously known as a Personally Controlled Electronic Health Record (PCEHR) or eHealth record.

Your My Health Record allows doctors, hospitals and certain other health service providers (such as a physiotherapist) involved in your care to view your health information. You can also access it online yourself.

You'll have a My Health Record unless you opted out by 31 January 2019 or you’ve cancelled your record.

How do you access your My Health Record?

To access your My Health Record online, you need to sign in to your myGov account and link it to your record.

Who runs My Health Record?

The Australian Digital Health Agency (ADHA) is the System Operator and runs the My Health Record system.

What law applies?

The My Health Records Act 2012 (My Health Records Act) limits when and how health information included in a My Health Record can be collected, used and disclosed. Unauthorised collection, use or disclosure of My Health Record information is both a breach of the My Health Records Act and an interference with privacy. If you feel that information in your My Health Record has been used inappropriately, you can lodge a complaint.

Why are we involved?

The OAIC oversees the privacy aspects of the My Health Record system. This includes:

  • investigating the mishandling of health information in someone's My Health Record
  • providing privacy guidance to users of the My Health record system
  • accepting and assessing data breach notifications
  • conducting privacy assessments

We can use a range of investigative and enforcement mechanisms under the My Health Records Act 2012 and the Privacy Act 1988.

Mandatory data breach notifications

Healthcare providers and other system participants are required to report potential or confirmed data breaches involving the My Health Record system to the System Operator (the ADHA). My Health Record data breaches must also be reported to us (the OAIC) except where the healthcare organisation is a state or territory authority or instrumentality.

The System Operator should notify you if your record is involved in a confirmed data breach, or there is a reasonable likelihood that a breach occurred and the effects might be serious.