Tips to protect your My Health Record

Last updated: 25 June 2019

On this page

  • Consider setting up access controls
  • Get an alert when a new provider views your record
  • Make sure your health information is up to date

1. Read the privacy policy carefully

Make sure you understand how the information in your My Health Record can be collected, used and disclosed. The Australian Digital Health Agency runs the My Health Record system. You should read their privacy policy and contact them if you have any questions.

2. Think about setting access controls

Log in to your My Health Record and take a look at the access controls. You can use them to set the level of privacy on your My Health Record that you prefer. Your My Health Record uses default access control settings unless you change them, so you should know what these settings are and what they could mean for you.

The access controls allow you to limit which healthcare provider organisations can access your My Health Record. You can also limit access to particular documents. If you set up a record access code, a healthcare provider will only be able to check if you have a My Health Record. They will not be able to view it unless you give them your access code.

It’s a good idea to review your access controls regularly, especially if you begin treatment with a new healthcare provider. Check your My Health Record access list regularly to see who can access your My Health Record.

Your access controls may be overridden in an emergency, if it is unreasonable or not practical to get your consent. This is called emergency access.

3. Talk to your healthcare provider about what information they will add or access

If you don’t want a certain document added to your My Health Record, make sure you tell your healthcare provider. If they've added a document that you don’t want on your record, ask them to remove it. You can also remove it yourself by accessing your My Health Record. You can ask for it to be reinstated later if you choose.

4. Check your My Health Record access history regularly

Check for any unexpected or unauthorised access. Your My Health Record includes an option to view the access history. Use it to see which healthcare providers have accessed your My Health Record or uploaded a document to your My Health Record. However, to find out the name of an individual who has accessed your record, phone the My Health Record help line on 1800 723 471 and ask them.

For more information about who has viewed your My Health Record, visit My Health Record.

5. Set up notifications

You can be alerted when your My Health Record has been accessed by choosing to receive an email or text message when:

  • a healthcare provider organisation (for example, a hospital or medical practice) opens your My Health Record for the first time
  • a healthcare provider opens your My Health Record in an emergency
  • a new shared health summary is uploaded to your My Health Record
  • advance care planning document changes (added, removed or reinstated) occur on your My Health Record
  • a nominated representative opens your record
  • someone new is able to access your My Health Record

It’s not possible to receive an email or text message when a healthcare provider uploads a new document to your My Health Record (except a shared health summary). You can check this by logging into your My Health Record regularly to see the access history.

To set up notifications, log in to your My Health Record and use the access controls.

6. Check your My Health Record regularly to ensure your information is accurate, up to date and complete

If any information is inaccurate, out of date or incomplete, ask the healthcare provider who uploaded the information to correct or complete it. If they disagree, you can ask them to attach a statement to the document stating what you consider to be inaccurate, out of date or incomplete. If you don’t feel comfortable approaching the healthcare provider directly, phone the My Health Record help line on 1800 723 471. 

If a healthcare provider in the private sector (such as a GP practice or private hospital) and is unwilling to correct your My Health Record, you can also lodge a complaint with us.

7. Secure your My Health Record

Make sure you set a strong password for your My Health Record and don’t share it with anyone else.

When accessing your My Health Record, make sure that the device and connection you use is secure. For example, you should install reputable anti-spyware, anti-virus scanners and firewall software on your device and avoid unsecured wi-fi networks.

For more information about keeping your online information safe, visit Stay Smart Online.

8. Exercise your privacy rights

The My Health Records Act 2012 (My Health Records Act) contains privacy safeguards for your My Health Record. The safeguards in the Privacy Act 1988—or other laws such as state or territory privacy laws—will apply to My Health Record information downloaded to a local record.

There are civil and criminal penalties for individuals and healthcare providers who don’t comply with the My Health Records Act.

If you suspect the information on your My Health Record has been mishandled, you can make a complaint

9. You can choose to cancel your My Health Record at any time

If you decide you no longer want a My Health Record, call the help line on 1800 723 471 and ask to have your record cancelled. You can also log in through myGov to cancel your My Health Record.

If you cancel your My Health Record, all information in the record will be permanently deleted. If you change your mind later, you can register for a new My Health Record.

Visit My Health Record for more information about how to cancel your record.

Was this page helpful?

Thank you.

If you would like to provide more feedback, please email us at websitefeedback@oaic.gov.au