• GL
Choose your location?
  • Global Global
  • Australia
  • France
  • Germany
  • Ireland
  • Italy
  • Poland
  • Qatar
  • Spain
  • UAE
  • UK

My Health Record

04 October 2018

My Health Record – Is it an IT relic of the past and ‘not fit for this purpose’?

The security of digital health information has been the subject of recent controversy.  Australians should be able to make an informed decision as to who has access to their health information. They have until 15 November 2018 to opt out to preclude a My Health Record being created by the end of the year.  As of September 2018, 900,000 Australians, 3 % of the population, have opted out.1

The creation of a My Health Record will effectively allow approximately 900,000 healthcare providers access to an individual’s health information. This arguably provides a vulnerable interface open to malicious or criminal attacks and/or human error(s).

The laws underpinning the My Health Record as well as records held by General Practitioners and private hospitals currently permits the sharing of records with the police, Centrelink, the Tax Office and other government departments if the information is “reasonably necessary” for a criminal investigation or to protect tax revenue. This is concerning, particularly as some Australians have recently discovered that a My Health Record has been created without their knowledge or consent.  Others have reported that their My Health Records attached to the myGov accounts of the wrong people.

IT experts have stated that the use of a Google function on the My Health Record opt out page, leaks information to Google’s global servers which contravenes a privacy policy that data will be contained within Australia.

The creator of the FHIR2 standard, Grahame Grieve, who has provided technical advice to the My Health Record program since its inception, called for an overhaul of the national health information platform, which he says was built on technology that was state-of-the-art in 2007 and that the standards and overall design of My Health Record are "not fit for purpose".3

A leaked Australian Digital Health Agency document detailed numerous concerns about My Health Record, including doctors’ being unable to sign up, unsecure details of children in care, a communications strategy which did not adequately reach vulnerable groups, technical problems and clinician burden(s) amongst other issues.

On 15 August 2018, the Senate referred the My Health Record system to the Senate Community Affairs References Committee for inquiry and report. The expected reporting date is 8 October 2018. The main reference items included, but were not limed to: the expected benefits of the My Health Record system; the decision to shift from opt-in to opt-out; the Government’s administration of the My Health Record system roll-out; the necessary measures to address community privacy and security concerns and a comparison of My Health Record alternatives internationally.4

Few would deny the potential value to patients and clinicians of a national source of secure, accurate patient data, but the current access control arrangements arguably places confidential medical information at risk. The system is also heavily reliant upon patients and treatment providers uploading accurate data.

Whilst there is clear benefit in the centralization of data in order to facilitate a timelier and accurate diagnosis in certain circumstances, we await the outcome of the inquiry as to whether the My Health Record is deemed a fit and proper system to provide the requisite integration of secure health care data within Australia. According to Grahame, Australia is clearly lagging behind other countries, which is "holding back innovation and improvements to the Australian Healthcare system.” 5

Like with any other industry, in order to improve the protection of health care information, cyber security requires ongoing collegiate commitment by many organizations. Even basic practices, such as informing staff about potential cyber scams and the importance of regularly changing passwords can go a long way towards protecting health information data.

If you have any general enquiries on any Health Law related matters please contact Hamish Broadbent or Natalie Mason.



1 CEO Tim Kelsey, of the Australian Digital Health Agency Submission 31, to the Senate Inquiry on the My Health Record August 2018, 20 September 2018

2 The Fast Healthcare Interoperability Resources standard is published through HL7 - the leading international healthcare standards provider http://hl7.org/fhir

3 Grahame Grieve, Director and Community Lead for the FHIR standard, Submission to the Senate Inquiry on the My Health Record August 2018, 7 September 2018 cited at


4 Parliament of Australia, My Health Record System, cited at https://www.aph.gov.au/Parliamentary_Business/Committees/Senate/Community_Affairs/MyHealthRecordsystem

5 Above at 3

Further Reading

We use cookies to give you the best user experience on our website. Please let us know if you accept our use of cookies.

Manage cookies

Your Privacy

When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. We mainly use this information to ensure the site works as you expect it to, and to learn how we can improve the experience in the future. The information does not usually directly identify you, but it can give you a more personalised web experience.
Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change permissions. However, blocking some types of cookies may prevent certain site functionality from working as expected

Functional cookies


These cookies let you use the website and are required for the website to function as expected.

These cookies are required

Tracking cookies

Anonymous cookies that help us understand the performance of our website and how we can improve the website experience for our users. Some of these may be set by third parties we trust, such as Google Analytics.

They may also be used to personalise your experience on our website by remembering your preferences and settings.

Marketing cookies

These cookies are used to improve and personalise your experience with our brands. We may use these cookies to show adverts for our products, or measure the performance of our adverts.