On this page
- What's in your My Health Record and how to access it
- Who runs My Health Record and the law that applies
- Why we're involved and mandatory data breach notifications
Your My Health Record is an online summary of your health information, such as the medicines you are taking, any allergies you may have and treatments you have received. It was previously known as a Personally Controlled Electronic Health Record (PCEHR) or eHealth record.
Your My Health Record allows doctors, hospitals and certain other healthcare providers (such as a physiotherapist) involved in your care to view your health information. You can also access it online yourself.
You'll have a My Health Record unless you opted out by 31 January 2019 or you've cancelled your record.
How do you access your My Health Record?
To access your My Health Record online, you need to sign in to your myGov account and link it to your record.
Who runs My Health Record?
The Australian Digital Health Agency is the System Operator and runs the My Health Record system.
What law applies?
The My Health Records Act 2012 (My Health Records Act) limits when and how health information included in a My Health Record can be collected, used and disclosed. Unauthorised collection, use or disclosure of My Health Record information is both a breach of the My Health Records Act and an interference with privacy. If you feel that information in your My Health Record has been used inappropriately, you can lodge a complaint.
Why are we involved?
We oversee the privacy aspects of the My Health Record system. This includes:
- investigating the mishandling of health information in someone's My Health Record
- giving privacy guidance to users of the My Health Record system
- accepting and assessing data breach notifications
- conducting privacy assessments
We can use a range of investigative and enforcement mechanisms under the My Health Records Act 2012 and the Privacy Act 1988.
Mandatory data breach notifications
Healthcare providers and other system participants are required to report potential or confirmed data breaches involving the My Health Record system to the System Operator (the ADHA). My Health Record data breaches must also be reported to us (the OAIC) except where the healthcare provider organisation is a state or territory authority or instrumentality.
The System Operator should notify you if your record is involved in a confirmed data breach, or there is a reasonable likelihood that a breach occurred and the effects might be serious.
Was this page helpful?
If you would like to provide more feedback, please email us at firstname.lastname@example.org