Skip to main content
Skip to secondary navigation
Australian Government - Office of the Australian Information Commissioner - Home

My Health Records

The My Health Record system is the Australian government’s digital health record system. It contains My Health Records which are online summaries of an individual’s health information, such as medicines they are taking, any allergies they may have and treatments they have received. It was previously known as a Personally Controlled Electronic Health Record (PCEHR) or eHealth record.

A My Health Record allows an individual’s doctors, hospitals and other healthcare providers (such as physiotherapists) to view the individual’s health information, in accordance with their access controls. Individuals are also able to access their record online.

The My Health Record system opt-out period commenced on 16 July 2018, and you now have until 31 January 2019 to advise the Australian Digital Health Agency if you do not want a My Health Record to be automatically created for you. Although the My Health Record system has previously been a self-register model, every individual with a Medicare or Department of Veterans’ Affairs card who does not already have a record will now be automatically registered to have a My Health Record, unless they choose not to have one.

For further information about the My Health Record and what to do if you don’t want a record created, visit the My Health Record website or call the My Health Record Help line on 1800 723 471. You can also read the OAIC’s opt-out FAQs.

The My Health Records Act 2012 (My Health Records Act), My Health Records Rule 2016 and My Health Records Regulation 2012 create the legislative framework for the Australian Government’s My Health Record system.

The My Health Records Act limits when and how health information included in a My Health Record can be collected, used and disclosed. Unauthorised collection, use or disclosure of My Health Record information is both a breach of the My Health Records Act and an interference with privacy.

View our video presentation:

Privacy and the My Health Record system

Video download and transcript

The OAIC’s role in the My Health Record system

The Office of the Australian Information Commissioner (OAIC) regulates the handling of personal information under the My Health Record system by individuals, Australian Government agencies, private sector organisations and some state and territory agencies (in particular circumstances).

The OAIC’s role includes investigating complaints about the mishandling of health information in an individual’s My Health Record. The OAIC can also conduct ‘Commissioner initiated investigations’.

The functions and enforcement powers available to the OAIC under the My Health Records Act and Privacy Act 1988 include:

  • investigating and conciliating complaints
  • accepting enforceable undertakings
  • making determinations
  • seeking an injunction to prohibit or require particular conduct
  • seeking a civil penalty from the Courts
  • accepting mandatory data breach notifications from the System Operator (the Australian Digital Health Agency), health care provider organisations, repository operators and portal operators


If an individual thinks that information in their My Health Record has been mishandled, they should first complain to the healthcare provider or other entity that they think is at fault. If they are not satisfied with the response, an individual can complain to the Australian Digital Health Agency via the My Health Record Help line: 1800 723 471, the OAIC or the relevant state and territory regulator (if the healthcare provider is a state or territory entity).

To complain to the OAIC about the handling of a My Health Record, go to the Individuals section of this website.

Where can you get more information?

For more information about healthcare providers’ responsibilities under the My Health Record system, and the OAIC’s role as the independent regulator of the privacy aspects of the system please see our business resources:

The OAIC has also developed the following video presentations to assist healthcare providers to understand their obligations in relation to the My Health Record system.

Handling sensitive information in the My Health Record system

Your legislative requirements under the My Health Records Act 2012 when handling patients' sensitive information and how you can apply privacy best practice.

Video download and transcript

Data breach requirements in the My Health Record system

My Health Record mandatory data breach requirements and how to respond.

Video download and transcript


Information for consumers

The OAIC has developed FAQs about your choice to opt-out of having a My Health Record and fact sheets for individuals about the My Health Record system.

OAIC Guidelines

Healthcare Identifiers

More information about Healthcare Identifiers can be found on the Healthcare Identifiers page of this site.

Australian Digital Health Agency

My Health Record Help line: 1800 723 471