Last updated: 17 January 2024

This privacy guidance is intended to assist healthcare providers to understand their privacy obligations when using the My Health Record emergency access function.

The emergency access function may be used in certain emergency situations to override a patient’s My Health Record access controls to obtain key health information. It will allow you to view your patient’s My Health Record, including any restricted information or documents, except for deleted information, hidden documents and personal health notes.

Most patients do not have access controls in place, and you will be able to view their record in the normal course of using the My Health Record system. It is possible that you will not obtain any additional information by using the emergency access function.

If you require use of the emergency access function, your organisation will be granted emergency access for 5 days. Once this period ends, all access to the patient’s My Health Record reverts to their access control settings.

You may wish to print a copy of the flow chart to help healthcare providers in your organisation to decide whether to use the emergency access function.

You may also like to listen to a podcast that discusses the appropriate use of the emergency access function.

Key points

  • You can only override a patient’s access controls to collect, use or disclose health information contained in a patient’s My Health Record where you reasonably believe that:
    • it is necessary to lessen or prevent a serious threat to an individual’s life, health or safety, and it is unreasonable or impracticable to obtain the healthcare recipient’s consent, or

    • it is necessary to lessen or prevent a serious threat to public health or safety.[1]

  • Unless these requirements are met, you can generally only access an individual’s My Health Record in accordance with any access controls they have in place, and for the purpose of providing them with healthcare.[2]
  • After using the emergency access function, you will need to maintain accurate records of the circumstances that triggered your use of the emergency access function, including the circumstances of access and the reasons why it was not reasonable or practicable to obtain the patient’s consent.[3]
  • Your organisation is required to take steps that are reasonable in the circumstances to implement practices, procedures and systems to ensure that the emergency access function is used appropriately.[4] Any unauthorised use of emergency access may be a contravention of the My Health Records Act 2012 and may constitute an interference with privacy under the Privacy Act 1988 which can be subject to civil and/or criminal penalties.
  • If you become aware that a contravention of the My Health Records Act has or may have occurred, you have reporting obligations under section 75 of the My Health Records Act to notify the System Operator (Australian Digital Health Agency) and, where relevant the Information Commissioner as soon as practicable. This could include situations where the emergency access function is used by mistake.

When to use emergency access

There may be emergency situations where you need to override your patient’s My Health Record access controls to obtain key health information. You are able to do so, but only in accordance with section 64 of the My Health Records Act.

However, it is expected that the need to use the emergency access function will be rare. You can only override a patient’s access controls to collect, use or disclose health information contained in a patient’s My Health Record where you reasonably believe that:

  • the collection, use or disclosure of My Health Record information is necessary to lessen or prevent a serious threat to an individual’s life, health or safety, and it is unreasonable or impracticable to obtain the patient’s consent to access their My Health Record, or
  • the collection, use or disclosure of My Health Record information is necessary to lessen or prevent a serious threat to public health or safety.

Unless these requirements are met, you can generally[5] only access an individual’s My Health Record in accordance with any access controls they have in place for the purpose of providing healthcare.

When not to use emergency access

You are not authorised to use the emergency access function for the following:

  • to view your own record or a family member's record. Individuals can access their own record via myGov or selected mobile applications.
  • to demonstrate how to use the emergency access function. Training resources are available from the Australian Digital Health Agency (ADHA) website for this purpose.
  • to check whether any restricted documents exist (other than in circumstances authorised by section 64 of the My Health Records Act).

The unlawful collection, use or disclosure of My Health Record information, including via the use of the emergency access function, is subject to civil and/or criminal penalties under the My Health Records Act.

The emergency access function is not intended to be used when an individual has forgotten the record access code they have set on their My Health Record. Instead, individuals should reset their access code.

Tip If your patient has forgotten their Record Access Code or Limited Document Access Code, you should advise the patient to log in to their My Health Record via myGov to reset their code(s) or contact the System Operator for assistance via the My Health Record Help line: 1800 723 471.

How to use the emergency access function

When you click on the emergency access function in your clinical information system, you will receive an automated message requesting your confirmation that the requirements for emergency access have been satisfied. Where possible, it is recommended that you consult a peer or colleague regarding your intention to use the emergency access function.

As outlined above, emergency access is granted for 5 days. If the emergency situation continues beyond the initial 5-day period, your organisation will need to request emergency access again.

GOOD TO KNOW: The My Health Record system contains an online summary of a patient’s health information, it’s not their complete medical history. It may include information such as pre-existing conditions, allergies, and the medicines they need.

Emergency access is recorded in the patient’s My Health Record access history. The patient may opt to receive an email or text message notification when their record is accessed using the emergency access function.

Emergency department staff

If you work in an emergency department, this does not automatically authorise you to use the emergency access function. Regardless of which healthcare setting you work in, you must ensure that the requirements for using the emergency access function have been met.

Serious threat to an individual’s life, health or safety

One of the circumstances where you may be authorised to use the emergency access function is where there is a serious threat to an individual’s life, health or safety.

Before using the emergency access function, you must form the reasonable belief that access to your patient’s My Health Record is necessary to lessen or prevent a serious threat to the life, health or safety of an individual, and it is unreasonable or impracticable to obtain your patient’s consent.

You must have a reasonable basis for your belief that access to My Health Record is necessary. The test is what a reasonable person, who is properly informed, would believe in the circumstances.

A ‘serious’ threat is one that poses a significant danger to an individual. This can include a threat to a patient’s physical or mental health and safety. It can also include a potentially life-threatening situation or one that might reasonably result in other serious injury or illness.

The threat may be to the life, health or safety of any individual and is not limited to the person seeking treatment and care.

Example: serious threat

A patient arrives via ambulance at an Emergency Department in a critical condition, following a motor vehicle accident. The patient’s identity has been determined from a check of their licence and Medicare card. The hospital has no prior records for this patient who is unconscious. The Emergency Department staff decide to use emergency access to access health information that may assist with treating the serious threat to the patient.

It would be appropriate for the healthcare provider to use the emergency access function because:

  • the healthcare provider reasonably believes that access to the patient’s My Health Record is necessary to prevent serious threat to the patient’s life, health or safety, and
  • it is impracticable to obtain the healthcare recipient’s consent because they are unconscious.

Unreasonable or impracticable to obtain consent

Once you have established that access to your patient’s My Health Record is necessary to lessen or prevent a serious threat to an individual’s life, health or safety, you must also form the reasonable belief that it is unreasonable or impracticable to obtain your patient’s consent before using the emergency access function.

Obtaining consent in relation to emergency access means obtaining the Record Access Code (where the entire record has been restricted) or the Limited Document Access Code (where specific documents have been restricted) from the patient or their Authorised Representative.[6] Emergency access is only intended to be used where it is unreasonable or impracticable for the patient to provide the relevant access code (except in the case of a threat to public health or safety as outlined below).

You cannot avoid obtaining consent just because it would be inconvenient or time-consuming, although they may be relevant in some circumstances. Whether these factors make it impracticable to obtain consent will depend on whether the burden is excessive in all the circumstances. Other relevant considerations may include:

  • the nature of, and potential consequences associated with, the serious threat
  • the source of the threat
  • the capacity of the individual to give consent.

Example: impracticable to obtain consent

A patient attends a new GP clinic for the first time. During his appointment, he collapses and becomes unconscious.[7]

The new GP is not aware of the patient’s medical history or whether the patient is taking any regular medications. Accessing the patient’s My Health Record may confirm whether the patient has any pre-existing illnesses and enable the healthcare provider administer the appropriate care.

The GP determines that, in this instance, access to the patient’s My Health Record is necessary to prevent serious threat to the patient’s life, health or safety. Further, given the patient’s unconscious condition, it is not possible to obtain his consent.

The GP can use the emergency access function because the requirements are met in this instance.

Example: unreasonable to obtain consent

A patient attends a pharmacy to collect his prescription medication. He becomes agitated and behaves in a threatening manner towards the staff and other customers. His speech is incoherent.

The patient’s My Health Record may contain useful health information. The pharmacist determines that access to the patient’s My Health Record is necessary to prevent or lessen the serious threat to their own safety or the safety of staff and other customers.

Further, it is unreasonable or impracticable to obtain the patient’s consent where the patient is unable to communicate clearly and be understood by others.

The pharmacist can use the emergency access function because the requirements are met in this instance.

Serious threat to public health or safety

The second circumstance where you may be authorised to use the emergency access function is where there is a ‘serious threat to public health or safety’ relating to broader concerns affecting a number of people. An example might be the potential spread of a communicable disease.

Example: serious threat to public health

A dangerous infection has been detected within a hospital and it is necessary to identify the source of the infection to prevent its spread.[8]

If the hospital staff reasonably believe that accessing information in My Health Records of recent arrivals to the hospital may assist with lessening or preventing the serious threat, and there are, or may be, access controls in place on any of those records, they may choose to use the emergency access function. For example, this may assist in identifying the source of the infection. There is no requirement to obtain the patients’ consent in circumstances where there is a serious threat to public health or safety. If the hospital staff believe that access to the patients’ My Health Records is necessary to prevent serious threat to public health or safety, they can use the emergency access function in this instance.

What to do after using emergency access

Healthcare providers have certain obligations under the My Health Records Act and My Health Records Rule 2016 that govern how they must handle and secure information contained in the My Health Record system.

Your organisation is also required to take reasonable steps in the circumstances to protect personal information you hold, including information in the My Health Record system, from misuse, interference and loss, and unauthorised access, modification or disclosure under Australian Privacy Principles (APPs) 1.2 and 11. The precise steps that your organisation is required to take, or the degree to which they are implemented, may depend on the individual circumstances of your organisation. Examples are listed below under ‘Compliance tips’.

More information about these obligations is available in the Australian Privacy Principles (APP) guidelines and the OAIC’s Security and Access – Rule 42 guidance.

Keep records

The use of the emergency access function sends an automatic notification to the System Operator, the ADHA, who monitors emergency access use. You may be asked by the System Operator to explain the circumstances surrounding emergency access use in each instance.

Your organisation should maintain an accurate register of all instances of emergency access including the time and date of the access, circumstances that triggered your use of the emergency access function, and the reasons why it was not reasonable or possible to obtain the patient’s consent (if applicable). You should also add this information to the patient’s consultation notes in your local record keeping system immediately after the event.

Healthcare providers have other existing obligations under section 74 of the My Health Record Act to maintain records of individual access to the My Health Record system. You must document your processes for identifying who has accessed the My Health Record system within your organisation in your Security and Access policy.

Reviewing access

If you are using conformant software audit logs record when the My Health Record system is accessed, including the user’s identity, date, and time of access, whose My Health Record was accessed and the information that was accessed. If you access the My Health Record system via the National Provider Portal you should make your own records of access to patients’ My Health Records (e.g. on the patient file).

Proactively reviewing audit logs or records is an effective means of detecting and investigating unauthorised access to the My Health Record system, including misuse of the emergency access function.

Audit logs should be regularly reviewed in conjunction with local records to identify when the emergency access function has been used to access a My Health Record and whether that access was authorised under the My Health Record Act.

Report unauthorised use

Any unauthorised use of the emergency access function may be considered a contravention of the My Health Records Act and constitute an interference with privacy under the Privacy Act.

If you become aware that a contravention of the My Health Records Act has or may have occurred, you have reporting obligations under section 75 of the My Health Records Act to notify the System Operator and where relevant, the Information Commissioner as soon as practicable. This includes using the emergency access function by mistake.

The OAIC has published various resources which will assist you in meeting your regulatory obligations in relation to data breaches in the My Health Record system. This includes a:

The ADHA has also prepared a podcast about the emergency access function.

The Guide sets out the steps that must be taken once an entity becomes aware of certain My Health Record data breaches.

Compliance tips

Your organisation must take such steps as are reasonable in the circumstances to implement practices, procedures and systems to ensure that the emergency access function is used according to the Australian Privacy Principles (APPs) and the My Health Records Act 2012. For example, these steps may include:

  • Preparing written policies and procedures, including your organisation’s Security and Access policy.
  • Placing quick reference posters in workspaces for staff (example flow chart).
  • Encouraging or requiring staff to consult with their peers or colleagues where possible and safe, to ensure that access via the emergency access function is appropriate.
  • Including clear and comprehensive information about how and when to use the emergency access function in regular My Health Record staff training.
  • Ensuring staff understand how to use the emergency access function correctly in the software your organisation uses to access the My Health Record system. The ADHA has prepared fact sheets on how to use the emergency access function in different clinical software on the My Health Record for healthcare providers webpage under Education and training, Clinical software summary sheets (current fact sheets include FRED Dispense, MedicalDirector and Best Practice).
  • Maintaining accurate records of the circumstances of all emergency accesses including identifying the time and date of access, the patient, the serious threat that the access was required to lessen or prevent, and why it was not reasonable or possible to obtain the patient’s consent.
  • Regularly reviewing a log or register of all accesses to the My Health Record system to ensure that access is appropriate.

Frequently asked questions

When can I use the emergency access function to access a patient’s My Health Record?

You may need to override a patient’s My Health Record access controls to obtain key health information in certain emergency situations.

However, it is expected that the need to use the emergency access function will be rare. You can only override a patient’s access controls to collect, use or disclose health information contained in their My Health Record where you reasonably believe that:

  • it is necessary to lessen or prevent a serious threat to an individual’s life, health or safety, and it is unreasonable or impracticable to obtain the healthcare recipient’s consent, or
  • it is necessary to lessen or prevent a serious threat to public health or safety.

Unless these requirements are met, you can generally only access a patient’s My Health Record in accordance with the access controls they have in place for the purpose of providing healthcare. Otherwise, you may be breaching the law and penalties may apply.[9]

Your organisation will be granted emergency access for 5 days. You will need to maintain accurate records of the circumstances that triggered your use of the emergency access function, so that you can refer to this information if further information is requested (e.g., to respond to a patient enquiry or a request for information by the Australian Digital Health Agency or the Office of the Australian Information Commissioner (OAIC)).

If I work in an emergency department, can I use the emergency access function for all patients?

Working in an emergency department does not automatically authorise you to use the emergency access function for your patients. Regardless of where you work, you must ensure that the requirements for using the emergency access function have been met.

However, most patients do not have access controls in place, and you will be able to view their record in the normal course of using the My Health Record system.

What information can I view using the emergency access function?

The emergency access function overrides any access controls set by the patient. Your organisation will have access to all your patient’s My Health Record information when you use the emergency access function, except for deleted information, hidden documents, and personal health notes.

Note: As most patients don’t have any restricted information, additional information may not be available.

What should I do if I have used the emergency access function in error or in an unauthorised way?

A data breach occurs when someone has collected, used or disclosed information without authorisation or something has happened to compromise the security or integrity of the My Health Record system. This includes where the emergency access function has been used by mistake, or other circumstances where the requirements for using the function have not been met. If you know or suspect a My Health Record data breach has occurred your organisation must take certain steps:

  1. Contain the breach
  2. Evaluate any risks associated with the breach
  3. Notify the System Operator and the OAIC of the breach
  4. Take steps to prevent/mitigate further breaches.

These FAQs complement the OAIC’s guidance on My Health Record emergency access function and flow chart (below) to help healthcare providers in your organisation to decide whether to use the emergency access function.

More information about notifiable data breaches under the My Health Records Act and how to report a potential breach can be found in the OAIC’s video, flow chart and Guide to mandatory data breach notification in the My Health Record system.

Unauthorised use of the emergency access function may be subject to civil and/or criminal penalties under the My Health Records Act and will constitute an interference with privacy under the Privacy Act 1988.

My Health Record emergency access function flow chart

Download the flow chart

MHR Flowchart LowRes


Footnotes

[1] See sections 64(1) and 64(2) of the My Health Records Act 2012.

[2] Collection, use and disclosure of My Health Record information may be authorised in other circumstances which are prescribed in Part 4, Division 2 of the My Health Records Act 2012, such as where collection, use or disclosure is required or authorised by law or where the collection, use or disclosure takes place with the patient’s consent.

[3] The precise steps that your organisation is required to take, or the degree to which they are implemented, may depend on the individual circumstances of your organisation. This is discussed in more detail under What to do after using emergency access.

[4] For example, please see Australian Privacy Principle 1 and Australian Privacy Principle 11 for more information.

[5] Collection, use and disclosure of My Health Record information may be authorised in other circumstances which are prescribed in Part 4, Division 2 of the My Health Records Act 2012, such as where collection, use or disclosure is required or authorised by law.

[6] As defined in the My Health Records Act 2012, see Section 6.

[7] This scenario was inspired by the Pharmaceutical Society of Australia’s My Health Record Guidelines for Pharmacists at page 12.
[8] This scenario is taken from the Explanatory Memorandum, Personally Controlled Electronic Health Records Bill 2011 (Cth) at page 41.
[9] Collection, use and disclosure of My Health Record information may be authorised in other circumstances which are prescribed in Part 4, Division 2 of the My Health Records Act 2012, such as where collection, use or disclosure is required or authorised by law.