As of February 2019 you will have a My Health Record unless you previously opted out. There have been a lot of concerns about the security and information included in this record so we wanted to clarify a few things.

What is it?

My Health Record is an online summary of your key health information. It has been in use since 2012 as an opt-in scheme and is currently used by over 6 million people. The government decided that this scheme will be more effective if more individuals and health practitioners are using it, so they changed it to an opt-out scheme.

Initially your My Health Record will automatically contain up to 2 years worth of information. This will include information from the Medicare Benefits Schedule and Pharmaceutical Benefits Scheme. Health Practitioners can add clinical documents including:

  • Shared health summary
  • Hospital discharge summaries
  • Imaging and test reports
  • Prescribed medications
  • Referral letters
  • Organ donor status
  • Immunisations
  • Allergy information etc.

Who manages it?

You control what is included in your My Health Record. If you request that a document not be included in your record, the health practitioner must respect that. You can remove or hide any files you wish, at any time. You can also protect files with a Limited Document Access Code which protects specific documents of your choosing with another password.

Personal Access Codes are passcodes that can be shared with specific individuals of your choosing and allows them to access and manage your record. If you are a parent of a minor, you have access to their My Health Record and can manage it until they turn 14. After the age of 14, parents need to be added as a ‘nominated representative’ before they can manage the record.

Importantly, you can cancel or restart your My Health Record at any time.

How secure is it?

While nothing is ever completely secure, the records are held in the same location as the Medicare Scheme data. They use multi-layered security with 24 hour monitoring, encryption, firewalls, secure login, authentication mechanisms and audit logging. There are very large penalties for individuals and organisations who gain unauthorized access and misuse the data. With these security measures and deterrants in place, there have been no breaches since the scheme started in 2012.

To gain access to your My Health Record an individual needs your name, date of birth, Medicare number and access to the Health Practitioner portal. You can add another layer of protection by setting up a Record Access Code. You can set this is a password and give it to those practitioners you wish to have access to your record.

Within your My Health Record there is an audit history which records every time the record is accessed by a health practitioner or yourself. It also keeps a record of any changes made to the files. You have access to this audit history and can check the activity for unwanted access. You can also set up automatic notifications to receive an email or SMS if anyone accesses your record for the first time or adds any files.

See this link for further FAQs about the security. Note that the penalties have been increased to maximum 5 years jail time since the webpage was updated.

What happens in Emergencies?

In an emergency a health practitioner can gain access to your My Health Record in a ‘read only’ format for 5 days through the ‘break glass’ function. This is only allowed in an emergency where the individual is unable to give consent (eg. unconscious) and there is reasonable reason to access it. Every break glass incident is checked by the Australian Digital Health Agency and there are large penalties for misuse so no health practitioner uses this process lightly.

For more information visit or call the Help Line on 1800 723 471.

Share This