Handling sensitive information in the My Health Record system

11 October 2017

Download the video (11.8MB)

Your legislative requirements under the My Health Records Act 2012 when handling patients' sensitive information and how you can apply privacy best practice.


Patient confidentiality has been a cornerstone of medical treatment since its very beginnings.

And this is a key reason why healthcare providers are among the most highly trusted group of professionals.

The My Health Records Act applies this longstanding ethical standard to the 21st century by setting out specific circumstances in which sensitive health information can be handled.

Healthcare providers can generally only collect, use and disclose health information in a patient’s Record in order to provide healthcare.

Any uses outside of those allowed by the My Health Records Act may constitute a data breach.

So it’s important for healthcare providers to communicate with their patients and reach a shared understanding of how the My Health Record system will be used for them.

Remember, if patients ask a healthcare provider to not upload information to their My Health Record, then they must comply with this request.

To understand how privacy and confidentiality continue to be respected and protected in the My Health Record system, please visit our website.

Was this page helpful?

Thank you.

If you would like to provide more feedback, please email us at websitefeedback@oaic.gov.au