A quick internet search will reveal that My Health Record is a contentious issue right now. Various objections are spurted out while others praise the idea – with no proper debate between either side.

To combat the current media mishmash, here’s our comprehensive neutral overview of the viability of My Health Record:


According to Timothy Pilgrim PSM, former Australian Information and Privacy Commissioner at the Office of the Australian Information Commissioner (OAIC), “even organisations with great information security can fall victim to a data breach, due to the rapid evolution of data security threats and the difficulty of removing the risk of human error in large and complex organisations.” Which means, if you don’t want to risk your personal information being hacked, you should remove yourself from the internet altogether – because that’s the only surefire way to fully protect your personal information. In all seriousness, reverting to the age before the internet is not going to happen. So, the next best option is to minimise the risks and follow proper procedures for when breaches occur. My Health Record does this in various ways.

According to My Health Records Act 2012, only “healthcare providers” – who are registered with the system and are involved in your care – can gain access to your health records. This may include health care providers such as your General Practitioner (GP), pharmacies, pathology labs, hospitals, specialists, and allied health professionals. You can also allow – to your discretion – spouses, friends or family members to access your records.

And then there are these provisions:

  • You can get notified when a new healthcare provider accesses your My Health Record for the first time and view all the times it has been accessed in an audit log.
  • You can set access codes on your My Health Records account or on specific documents within it, which only the health care providers who know it can access it. In an emergency, where you cannot respond, healthcare providers can override and gain access.
  • You can block specific organisations or health care providers from accessing your information
  • You have control in what goes up on your record and removing what you don’t want.

The My Health Record Cyber Security Team are also constantly monitoring the system, with strict penalties for any unlawful access or breaches.

Man watching computer screens. Image: Gorodenkoff / Shutterstock

In the instance of a data breach, My Health Record has procedures in place. Healthcare professionals who use the system are obligated to notify the Australian Digital Health Agency (ADHA) – the System Operator of My Health Record – whenever a breach has occurred (even if rectified); whenever their own computer systems have been breached or infected with malware; or whenever they believe that a breach has occurred. Their response to breaches falls under the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988.

There is also the issue of secondary use, which is ultimately decided by you. Secondary use is when your health data is shared anonymously with approved third-party institutions for non-commercial and health-related reasons (meaning no insurers can access). This includes research and public health, law enforcement or System Operator functions. For the prime reason in public health and research, this could help create a better understanding of health within communities, giving medical professionals better knowledge of how to deal with health issues that affect specific groups. In the end, this is a personal decision.

Lastly, Federal Health Minister Greg Hunt announced earlier this year his plan to strengthen privacy provisions around the My Health Record. It would require police, government agencies and other entities to provide a court order to access any My Health Record account without consent. They also plan to ensure that if someone wishes to cancel their record, it will be done permanently with their entire record deleted from the system.


The best plan for effective healthcare is to avoid changing GPs because they will know all the small details about our health history. However, healthcare professionals have some discretion as to how much or how little detail they add to your My Health Record. Plus, as the user, you can control what goes in or what doesn’t go in – and which documents have access codes and which don’t. Details such as allergies, previous surgeries or treatments, medications, current or former medical conditions and pathology tests are important pieces of information when medical professionals are dealing with any medical procedure – whether an emergency or not. But, in order for your record to work in your favour, you should make sure all the necessary information about your health is uploaded to the system. For Rose O’Donnell, who cares for her 92-year-old mother, My Health Record makes it easier for her than before.

“At age 92, my mother has several chronic conditions including asthma, sinus problems, dry eyes, reflux, low blood pressure and a more serious condition of the nervous system that affects the use of her left hand,” Rose said.

“For decades we were told to carry around a list of her medications and allergies on a piece of paper in her pocket or purse. We would often forget it or question whether it was up to date. With the My Health Record, this is all information we put up there for Mum and ask her GP to do the same.

“It’s a convenient way to record and track your own health information over time. And it is controlled by you.”

On the other side of the spectrum, Dr Hans Blom, a local GP from Sydney’s Northern Beaches, believes the system works well for emergency departments.

“This is a huge issue especially for out-of-hours presentations (patient visits) when it can be challenging to access records quickly,” Dr Blom said. “Indirectly, it saves costs to the health system by reducing investigations that have already been performed, and it can reduce medication errors which are a major cause of hospital presentations.”

In the video below, Eric Dunn, Digital Health Manager at the Sydney North Primary Health Network, explains My Health Record in detail.

Drug dependence is another concern being relayed on the internet, with medical professionals stating that My Health Record won’t stop patients from “doctor shopping” for opiate prescriptions, as they can remove information from their record. But, even in the current climate “doctor shopping” is able to persist. Also, why would a patient go out of their way deleting files from their My Health Record when they can simply opt out altogether?

The other issue, which has been touched on before, is accuracy. Being a patient-controlled system, consumers can remove specific information from their My Health Record accounts, which brings the question of whether doctors can rely on the information (or lack thereof) all of the time. The answer is no. If in doubt, ask. But, if a patient’s record states that they have had a previous surgery, or if they are allergic to something, or if they are taking specific medications, then that can help the doctor take a safer course of action.


While it’s only a summary of a patient’s medical history and not a comprehensive clinical rundown, My Health Record can only provide effective treatment for patients receiving medical care if it’s used correctly. It is highly suitable for those with a complicated medical history who do not wish to relay everything every time they visit a new GP or specialist and is also good for those who don’t see medical professionals that often and are worried about forgetting important information. But it needs to be updated regularly and correctly in order for it to work effectively. That being said, any medical professional using My Health Record should make decisions based on what they see on each patient’s record and question everything they don’t see.

If you do wish to stay in but are worried about certain people accessing, you do have the option to set up codes for your whole account or specific areas. You can also block specific organisations or people from accessing your information. According to current laws, the sharing of your information to government departments or law enforcement is left to the discretion of Australian Digital Health Agency (ADHA), which could be a problem for those wishing to avoid police or government investigation.

As for data breaches, that’s an unfortunate threat faced by every organisation involved in the online world. If you’re reading this article from a social media account, then good luck controlling that.