Articles and Case Studies

My Health Record

02 Nov 2016

Karen Stephens 110x137

by Ms Karen Stephens

health record

Recent changes are forcing patients and doctors to pay more attention to My Health Records.

What is My Health Record?

My Health Record:

  • is a national digital health record system
  • was previously known as Personally Controlled Electronic Health Records (PCEHR) or eHealth records
  • is a summary of an individual’s key health information that can be shared securely online between the individual and their healthcare providers
  • does not replace a doctor’s own records.

The opt-out trial

Originally, My Health Record was an opt-in system and patients had to actively register. Now, an opt-out model has been trialled in Northern Queensland and the Nepean Blue Mountains area. People with a registered Medicare address in these areas had until 27 May 2016 to opt out of having a My Health Record automatically created for them. The opt-out rate was 1.9%, meaning that almost one million extra records have been added. This brings the total number of registrants to over 3.8 million at 30 June 2016.

Practice participation

For practices, participation in the My Health Record system requires a number of initial steps, and ongoing compliance with legislative requirements.1

Issues to be addressed include:

  • computer security
  • software functionality and secure messaging capability
  • data quality in the medical records2
  • training staff and appointing specific responsible staff3
  • written policies and procedures.


  • Online training is available, including specific modules for general practice and specialist practice at the My Health Record website.4
  • Software training and downloadable guides are also available from the Australian Digital Health Agency (ADHA).5
  • Face-to-face training can be organised through local Primary Health Networks.

Incentive payments for general practices

General practices can claim an incentive payment for participating in My Health Record. There are a number of criteria they must comply with to receive the full benefit, including uploading a minimum number of Shared Health Summaries.6 The RACGP also has some useful resources.7

Medico-legal issues


  • When registering for My Health Record, patients are required to give a “standing consent” for the upload of documents. The patient must be adequately informed before giving consent. There is no requirement for a provider to obtain consent on each occasion prior to uploading clinical information, except that specific consent is required to upload sensitive information such as HIV status.
  • Written consent is recommended from the patient when they register at a practice – that they understand what will be in the record and who can access it. Verbal consent can be obtained prior to uploading any information to the record.
  • Patients can control which healthcare providers have access to their My Health Record and they can remove documents themselves. They cannot edit a document that a doctor has uploaded.
  • In an emergency, a provider can assert emergency access functionality which will override the existing access controls for a specified period.


System security includes strong encryption, firewalls, secure login/authentication and audit logging (“bank-strength” security). Access to My Health Record is limited by law to specific situations, e.g. registered healthcare providers delivering health care. Practices must meet specific privacy and security requirements, including having a policy setting out access and security procedures. Worksheets and templates to help practices are available.8

The Office of the Australian Information Commissioner (OAIC) assessed seven GP practices in Victoria and NSW as being at medium to high risk of breaching privacy laws when using the My Health Record.9 Passwords were too weak or not changed often enough, a record of the master copy was kept at the clinic, and computers did not have self-locking screen savers turned on.

Legislation requires mandatory notification to the OAIC if a breach of privacy occurs, and the OAIC has a guide to mandatory notifications.10 There are significant sanctions for misuse of the information, but not where a mistake is made.

Useful websites


Karen Stephens
Risk Adviser, MDA National


  1. Australian Digital Health Agency. My Health Record System Participation Obligations. Available at:
  2. Australian Digital Health Agency. Data Quality Checklist. Available at:
  3. Staff management activities under: Managing your organisation’s digital health information. Available at:
  4. Australian Digital Health Agency. Online Training. Available at:
  5. Australian Digital Health Agency. Training Resources. Available at:
  6. Australian Digital Health Agency. Practice Incentives Program eHealth Incentive.
  7. Royal Australian College of General Practitioners. Digital Health Incentive Resources.
  8. Australian Digital Health Agency. Privacy and Security for Digital Health.
  9. Office of the Australian Information Commissioner. eHealth System: Access Security Controls of Seven Healthcare Provider Organisations 2015. Available at:
  10. Office of the Australian Information Commissioner. Guide to Mandatory Data Breach Notification in the PCEHR System. Available at:
Medical Records and Reports, Anaesthesia, Dermatology, Emergency Medicine, General Practice, Intensive Care Medicine, Obstetrics and Gynaecology, Ophthalmology, Pathology, Practice Manager Or Owner, Psychiatry, Radiology, Sports Medicine, Surgery


My Career Journey with Dr Nick Coatsworth

Dr Nick Coatsworth is an expert in health policy, public administration and a practising infectious diseases physician. He held a national role in the Australian response to COVID-19 as Deputy Chief Medical Officer of Australia, becoming one of the most recognised medical spokespeople during the pandemic. Nick engaged the Australian community through a variety of media platforms most notably as the spearhead of the national COVID-19 vaccination campaign. Dr Micheal Gannon, Obstetrician & Gynaecologist, sits down with Dr Nick Coatsworth to discuss Nick's medical career journey, and what insights and advice he has for junior doctors. MDA National would like to acknowledge the contributions of MDA National staff, Members, friends and colleagues in the production of the podcast and note that this work is copyright. Apart from any use permitted under applicable copyright law, you may not reproduce the content of this podcast without the permission of MDA National. This podcast contains generic information only, is intended to stimulate thought and discussion, and doesn’t account for requirements of any particular individual. The content may contain opinions which are not necessarily those of MDA National. We recommend that you always contact your indemnity provider when you require specific advice in relation to your insurance policy or medico-legal matters. MDA National Members need to contact us for specific medico-legal advice on freecall 1800 011 255 or email We may also refer you to other professional services.


09 Jun 2022

Career complications and contending with uncertainty

Among the many challenges of the COVID-19 pandemic for junior doctors is how to respond to medical training impacts and career uncertainty. In this podcast, Dr Caroline Elton (a psychologist who specialises in helping doctors)and Dr Benjamin Veness (a Psychiatry registrar) share advice for coping with medical training and career delays, disruptions and unknowns.


10 Aug 2020