Australians have one month to decide who can access their health records


15th October 2018

From today, Australians who do not want their medical records stored on the national My Health Record database will have until November 15 to opt out.

While various health experts say the database could save lives, there are fears about the security of data.

Australian Patients Association executive director strategy, Michael Riley, said it was important that patients and their families did not get caught up in the emotive arguments being put forward by groups and individuals that were either for or against Australians maintaining their My Health Record.

“We encourage individuals, their families and carers to sit down and discuss the pros and cons of having their medical records stored on the My Health Record as their decision either way has a number of implications,” Mr Riley said.

“The Australian Patients Association supports the use of new technology in improving access to health services and information but patients need to be able to trust it. Patients will ultimately judge the success of the digital health strategy on how it eases their use of the health system and improves their health outcomes.

“Any uncovering of privacy data breaches in the future will severely undermine confidence in My Health Record.”

My Health Record snapshot

  • Every Australian with a Medicare card will automatically be given a health record unless they tell the agency they do not want one by the November 15, 2018 deadline.
  • Around 6.1 million Australians currently have a My Health Record, which existed as an opt-in system from 2012 until this year.
  • My Health Record grants users a number of privacy controls over their medical records, but they are not in place by default. In particular, users can set a code over the complete record or specific documents, limiting access to only those doctors with the pin code.

What the Government says:

There are thousands of registered organisations who can access My Health Record. However, only healthcare provider organisations involved in your care, who are registered with the My Health Record System Operator are allowed by law to access your My Health Record.

This may include healthcare providers such as GPs, pharmacies, pathology labs, hospitals, specialists, and allied health professionals. Organisations require compliant software to access the My Health Record system. You can allow others, such as a partner, child, parent or carer to access your Record by making them an authorised representative, or a nominated representative.

No government departments can directly access the My Health Record system.

The Australian Digital Health Agency will only consider a request from a law enforcement agency to access a My Health Record where there is a requirement by law, such as a court order or other enforceable legal instrument. Every time your My Health Record is accessed, it is recorded in an audit log which you can view by logging into your My Health Record. The System Operator cyber security team constantly monitors system access. There are strict penalties for unlawful access.

My Health Record

What doctors say:

The AMA would like the My Health Record to succeed because the clinical benefits are considerable. It has the capacity to save lives, to promote a more efficient and more effective health system, and to provide the information our world class medical practitioners need to better care for their patients. But the AMA recognises that no system is perfect. And the system will need to continue to improve and evolve.

The head of the Australian Medical Association, Dr Tony Bartone has promised to do “whatever it takes” to ensure My Health Record is subject to the “same level” of protection as existing records. Dr Bartone revealed the health minister, Greg Hunt, and the Australian Digital Health Agency had given him written undertakings that “without a court order there is no way of access to the system for anyone other than the people nominated by the patient”.

The AMA will work for a positive outcome for all stakeholders in the My Health Record. “We cannot and must not waste this historic opportunity to provide Australians with a modern, efficient, and secure electronic health record. The clinical benefits are far too important.”


What privacy experts say:

Steve Hambleton from the Australian Digital Health Agency (ADHA) said “Patients control access to the record, so they can switch off their entire record and make it only available using a pin code, or use that process with individual documents. A number of third-party health apps will be able to show patients their My Health Record data, but not store it. However, Dr Hambleton said strict security safeguards were in place. “I can absolutely categorically state that none of the apps and none of the use of the My Health Record data will be able to be sold to third parties — that’s absolutely prohibited,” he said.

Robert Merkel, a software engineering lecturer at Monash University, said he was worried the safeguards were not in place by default. “I am concerned that most people simply aren’t going to be aware of those privacy controls,” Dr Merkel said. Dr Merkel said he was worried that by design, My Health Record would make health data available to more medical practitioners than before. While this has clinical benefits, it also creates more opportunities for something to go wrong, he said, whether due to an administrative error or a hack.

To decide whether to opt out or do nothing visit

For further information: Michael Riley, 0434 237 075;

By |2018-10-12T16:10:48+00:00October 12th, 2018|
Australian Patients Association