The Australian Medical Association Limited and state AMA entities comply with the Privacy Act 1988. Please refer to the AMA Privacy Policy to understand our commitment to you and information on how we store and protect your data.



09 Oct 2018


The policy problems the My Health Record seeks to address are genuine. The Australian health system operates as a collection of disconnected siloes. Patient records exist as isolated fractions scattered among their treating doctors. Without the MHR there is no other institutional mechanism that facilitates the flow of patient information between healthcare settings, and between healthcare practitioners. 

Many of the greatest failures in patient care and safety result when patients are required to move across the health system but their clinical information does not follow them. 

At the recent Senate Community Affairs Inquiry into the My Health Record System, the Chair of the AMA’s Ethics and Medico-Legal Committee, Dr Chris Moy, used the following case study to illustrate the practical benefits generated by a My Health Record. The story was provided to Dr Moy by a colleague and an AMA member, Dr Danny Byrne. He wrote:

Earlier this year I had a new patient move to Adelaide from Nepean Blue Mountains in NSW, one of the opt out trial areas.

He had a serious neurological condition and could no longer look after himself, so he had to move to Adelaide to be looked after by his brother.

Normally a new patient like this would arrive with little or no information. I would have to write to his GP and specialists in NSW for copies of his clinical records.

Invariably I would expect to receive little or no information. After weeks of waiting I would usually then start from scratch by repeating the patient's tests and starting another merry-go-round of specialist referrals. This would be at huge cost of time and money in duplication of tests and specialist referrals already done in NSW.

However, in this case the patient had a MyHR. It was immediately able to see his NSW hospital letters and results of his investigations. Within minutes I was able to pick up the required treatment plan for him recommended by his NSW specialists and begin implementing it from day one in Adelaide. This was something I had never experienced before.

The savings in time, stress and money were enormous – for the patient, his family and the wider health system. 

It is ironic that I received better information from a NSW hospital that uses MyHR than I get from my local hospital a few kilometres away from me that does not.

I can see clearly now how much better care can be for patients in an opt out world for MyHR."

Despite general agreement on the need for an electronic health record, the debate about My Health Record data security and patient privacy reached fever pitch following the Minister’s announcement of the start of the three-month opt out period. 

The hyperbolic nature of the media debate means that it is not easy to decipher between discussion of genuine flaws in the security and privacy of the My Health Record System, and ill-informed alarmism. 

What we know

The My Health Record System has multiple layers of security. Software cannot connect to the My Health Record unless it is secure, encrypted and certified as conformant. All connected software is subject to automated checks to ensure it maintains conformity standards. To access the My Health Record System through a clinical information system a health practitioner must:

  1. Install conformant clinical software;
  2. Apply for a NASH PKI certificate for healthcare provider organisations;
  3. Install the NASH PKI; and then
  4. Access the system using local log on details.

Conformant clinical software assigns unique staff member identification codes. A log is automatically generated to record each time a patient’s My Health Record is accessed by a health provider organisation. It is unlawful to access a My Health Record unless it is for the purpose of providing treatment to a patient who is a registered patient in the healthcare practice. Unlawful access to a patient’s record is subject to criminal and civil penalties. 

The privacy controls available to patients add further security to patient data. Patients can instruct their health provider at the point of care not to upload information they consider sensitive. They can put a Record Access Code across their whole record or an individual document so only the providers who have been given the pin code can see them. Patients can also set up alerts to receive a text or email notification if their Record is accessed by a new health provider. Patients can also remove documents from their Record. 

This represents a logged communication chain that far surpasses the existing standard in the vast majority of institutions and practices.

Proposed amendments

At the President’s press club address in on July 25, he told journalists he would “do what-ever it takes” to prevent the rich data base of sensitive patient information in the My Health Record System being used by Governments for purposes unrelated to healthcare. The Minister responded quickly to these concerns and introduced a new bill – the My Health Records Amendment (Strengthening Privacy) Bill 2018 (the Bill). 

The amendments in the Bill provide protection to data stored in the My Health Record data base that is substantially tighter than the controls that apply under the Privacy Act 1988 (Commonwealth) to patient data stored in the clinicians own patient records. If the Bill passes the Parliament, the system operator will be prohibited from releasing My Health Record information without a court/tribunal order and only for very limited purposes. 

Australians who opt out will have their MHR extinguished; as will also happen when they die. There will be no centrally collated echo to prompt privacy concerns.

Fit for purpose?

If the Bill passes Parliament and authorised disclosure concerns are addressed, will the My Health Record then be fit for purpose and acceptable to doctors? Depends who you ask. If you ask a Specialist, the answer is likely ‘no’.

Many Specialists remain deterred from connecting to the My Health Record because their clinical software providers have not invested in the upgrades necessary to provide seamless interoperability with the My Health Record System. Most specialist software does not provide the option to upload Specialist letters, despite this being the most important function for Specialists’ communication. It is time for Government intervention to remove this barrier to Specialist participation.

Specialists have not received anywhere near the same level of support to adopt the My Health Record as that provided to general practitioners over a number of years to date. It is vital this Government does not repeat the mistakes of the United Kingdom where they realised too late they had failed to provide sufficient technical support to clinicians who had trouble using the e-health records. Apart from the problematic interoperability between Specialist software and the My Health Record System, the compliance obligations on and doctors are substantial. Much more needs to be done to help specialists engage with the My Health Record if it is to succeed.

Published: 09 Oct 2018