The My Health Record (MHR) is a dynamic online summary of a patient’s health information. A patient can allow their authorised and nominated representatives and healthcare providers involved in their care to access and add to their MHR.

The MHR is not intended to be a patient’s entire medical record so it is not complete. It is not a substitute for the patient’s medical record held by any healthcare organisation.

The MHR does not replace the need for healthcare providers or healthcare organisations to create and keep an appropriate patient medical record updated, and communicate with patients or other practitioners about clinically significant results that may be received between consultations.

The MHR is operated by the Australian Digital Health Agency (the system operator).

Much of the information in a patient’s MHR is already held in other places, including Medicare information, immunisation records, pharmaceutical benefits scheme dispense records, discharge summaries, and pathology and diagnostic imaging reports.

Where I can direct my patients for more information?

You can refer your patient to the My Health Record website for you and your family.

No. The MHR is intended to be a summary of a patient’s health information and is not a substitute for the patient’s medical record.

In general, it includes a collection of clinical information such as:

• • medical history
• • medication records
• • allergies and adverse reactions
• • immunisations - patients can elect to have information from the Australian Childhood Immunisation Register uploaded
• • shared health summary (see https://www.myhealthrecord.gov.au/for-healthcare-professionals/shared-health-summaries )
• • hospital discharge summaries
• • event summaries – used to capture key health information about a significant healthcare event that is relevant to the ongoing treatment or care of a patient
• • Medicare information including claims history, Pharmaceutical Benefits scheme dispense records, organ donor and immunisation information
• • pathology and diagnostic imaging reports
• • prescription and dispensing records
• • specialist correspondence and referrals

Clinical documents are uploaded by healthcare providers. Information can also be uploaded by the individual or their authorised or nominated representative using the consumer portal.

See further the Australian Digital Health Agency’s information on how to upload clinical information.

Yes. Patients can enter:

• 1. personal health summary information – this can be viewed by healthcare providers
• 2. personal health notes – this is akin to a health journal and allows a patient to keep track of their own health. It is not visible to healthcare providers
• 3. advance care documents and custodians – this can be viewed by healthcare
• 4. emergency contact information – this can be viewed by healthcare providers

A Shared Health Summary (SHS) is a summary of a patient’s medical history such as: medical conditions, relevant family history, allergies, immunisations and medications. It is based on the RACGP’s health summary template (see RACGP Standards for General Practices 5th ed).

The healthcare provider who creates a SHS is usually the patient’s GP, referred to as the “nominated healthcare provider”.

The Australian Digital Health Agency says that a patient should only have one nominated provider at a time who creates and updates a SHS. Any other doctor, who is not the patient’s regular doctor, should use an event summary to upload relevant clinical information such as an after-hours consultation note, or travel vaccination information.

There is no legal restriction on patients asking multiple doctors to update their SHS, but any doctor who uploads a SHS will automatically become the nominated healthcare provider.

For more information on shared health summaries and event summaries see the Australian Digital Health Agency’s factsheet.

The legislation does not specify when a SHS is required to be created or updated but there is some guidance. It is a matter for your clinical judgement as to when it is appropriate to create or update a patient’s SHS.

The Australian Digital Health Agency suggests that [practitioners should create] a SHS when there are significant changes to a patient’s health status or when completing a patient health assessment. Examples given are when new medical conditions are diagnosed or new medications are prescribed, or events such as: GP management plan, 75+ health assessment, four-year-old health check or a flu vaccination.

You are permitted to bill Medicare for the time taken to create a SHS when it forms part of a clinical consultation. On this basis, it would be appropriate to review and create a new SHS when:

• • a patient attends for a clinical consultation; and
• • there is a clinically relevant development for the patient that warrants updating the SHS.

You should discuss with your patients how you will be using the MHR system with them including the circumstances in and frequency with which you will update their SHS.

No. You do not need a patient’s consent to upload each individual document to the MHR. Patients provide a standing consent for doctors to upload documents to their MHR, but they can request certain information or documents are not uploaded. The authority to upload information is provided for in the legislation.

There is no legal obligation for patients to review a document before it is uploaded. However, if you upload a document you are obliged to ensure that it is accurate, up -to-date, not misleading and not defamatory. We suggest that you discuss the information with the patient before you upload it, to ensure that it is accurate, up-to-date, not misleading and not defamatory.

It is also good practice to inform the patient, particularly where you are uploading information that could be regarded as sensitive, so as to not compromise the therapeutic relationship. If the patient requests that you do not upload a clinical document then you must follow their request.

It is good privacy practice for healthcare providers to inform their patients that they participate in the My Health Record system and how they use the My Health Record system in providing care to the patient.

If the patient has requested that a prescription record not be uploaded to their MHR, the Australian Digital Health Agency recommends you uncheck the 'consent to send to My Health Record' flag (which can be done per line item of the prescription). The e-prescription will still be sent to the e-prescription exchange, but will not show up on the patient’s MHR. The dispensing system will mirror the consent decision so that the corresponding dispense record will not be uploaded (unless it is overridden by the patient or the dispensing provider at the point of care).

Pathology and diagnostic imaging reports will continue to be sent directly to the requesting doctor as happens now. They will also be uploaded to the MHR unless the patient withdraws consent to upload them. We outline below how a patient can withdraw consent.

No. While healthcare providers will be able to view the reports immediately they are uploaded to the patient’s MHR, the reports will not be visible to patients via the consumer portal for 7 days. This enables the healthcare provider to review the report and contact the patient to discuss results if necessary before the patient sees the results in their MHR.

For more information see the Australian Digital Health Agency’s material on pathology reports and diagnostic imaging.

You can communicate withdrawal of consent to the pathology provider by:

• • Checking the “Do not send to My Health Record” box in the practice management software or
• • Checking the “Do not send to My Health Record” box on the paper referral form or
• • Writing “Do not send to My Health Record” on the request form.

The MHR Rules require that any record that is uploaded to the MHR system is “…accurate, up-to-date, not misleading and not defamatory”. At the same time, healthcare organisations are not allowed to upload documents that patients have advised are not to be uploaded.

A conflict could potentially arise between a doctor/practice and a patient when a patient asks a doctor not to upload information that the doctor considers is necessary to keep a record accurate, up-to-date and not misleading.

It is a matter for your clinical judgment as to the relevance of the information the patient is asking you to withhold and the extent to which you consider it is necessary for that information to be included to ensure that other doctors are aware of the patient’s condition. This should be discussed with the patient so they understand the relevance of the information.

There may be some cases where the information can be withheld as it is unlikely to impact on any future treatment for the patient. However, you can decline to upload a health summary if the information the patient wishes to withhold is in your view critical information for other doctors. You should always document this discussion in the patient’s medical records.

Also, a request from a patient of this nature would not prevent doctors from communicating with the patient’s other treating health professionals about something clinically relevant as would occur now.

Under the MHR legislation you must not upload the document to the MHR, and you may wish to document the patient’s wishes in their medical record in case you are ever asked why it was not uploaded.

Yes. If a document was created before 1 March 2016, you will need permission from the author of the document before you can upload it to a patient’s MHR. However if a document was created from 1 March 2016 you do not need the author’s permission to upload the document.

Some documents are restricted under the My Health Record regulations (currently documents under state and territory Public Health legislation) so cannot be uploaded whenever they were created.

It is possible to access MHR either using software such as practice management systems (as long as they conform to national digital health requirements) or via the provider portal (which is read-only). The Australian Digital Health Agency has a list of software products using digital health.

You access the MHR system using your unique healthcare identifier. These are assigned to every registered healthcare practitioner (HPI-I) and to the healthcare provider organisations (HPI-O) registered to participate in the MHR system. The system operator (the Australian Digital Health Agency) is able to trace who is accessing a patient’s MHR by reference to the healthcare identifiers of the practitioner or organisation accessing the system.

There is more information on how to access the MHR via your clinical information system or via the provider portal on the My Health Record website.

Not necessarily.

Patients can restrict who can see either their entire MHR or specific documents within the record.

If no access controls are in place then the default access operates to allow unlimited access to documents by all of the relevant healthcare providers for a patient.

If a patient has set a Record Access Code (RAC), restricting access to the entire record, or if they have set a Limited Document Access Code (LDAC) restricting access to individual documents, the patient needs to provide you with their access code so you can access their MHR for the first time. Your details are then added to the patient’s access list on the system. Under the MHR legislation you are not permitted to retain a copy of the patient’s record code so you should destroy it once it has been used.

The MHR system does not indicate if access controls have been set by a patient, so it is advisable to assume that the record may not be complete and always check with a patient that the information is up-to-date and complete before relying on the information to make clinical decisions.

Under the MHR Act you cannot discriminate against patients because they choose to impose access controls, but this should not prevent doctors from informing patients that if they do impose controls it could reduce the effectiveness and undermine the purpose of having a MHR.

This should be discussed with patients from the outset and documented in the patient’s notes, which may assist a doctor if any issues subsequently arise about reliance on the MHR.

In an emergency any access limits can be overridden for a limited period of time (5 days) without consent, if this is necessary to lessen or prevent a serious threat to the patient or another individual’s life, health or safety and it is unreasonable or impracticable to obtain consent. Emergency access is recorded in the access history log of the patient’s MHR.

Resources

A fact sheet on emergency access has been produced by the Office of the Australian Information Commissioner (OAIC): Privacy fact sheet 23: Emergency access and your My Health Record.

A patient’s MHR includes a ‘medicines information view’ which is a collation of the patient’s medicines information. This is taken from prescription and dispense records and other PBS information as well as the most recent shared health summary and discharge summaries and the patient’s personal health summary.

There is no legislative obligation that requires a healthcare provider to view or access the My Health Record at any time. You should apply your clinical judgement to assess if and when you access your patient’s MHR.

The MHR is not a complete patient record and does not replace the need for the healthcare provider or healthcare organisation to create medical records and keep them up to date, and communicate with patients or other practitioners about clinically significant results that may be received between consultations.

The decision about when to view a patient’s MHR should be guided by your need for information to support clinical decision-making. When considering uploading information, you need to decide whether the information will support other healthcare providers or be of use to the patient.

The Australian Digital Health Agency suggests that you might find it useful for view or upload to a patient’s MHR in the following situations:

• • new or infrequently seen patients – to gain a quick understanding of health status and medicines; to upload an event summary if you are not the patient’s regular doctor or to view the medicines information view
• • all patients – to check for events such as hospitalisations; upload e-referrals and view specialist letters; upload prescriptions and view previous dispense records

You can view a My Health Record outside of a consultation for the purpose of providing healthcare to the patient – for example, viewing previous pathology reports or an event or hospital discharge summary. However you cannot bill Medicare for accessing a MHR outside of a consultation.

All access and use of the MHR system is tracked in an audit log.

Yes. Documents can be copied out of the MHR system and into your local medical records system. This should only be done if necessary for providing healthcare to patients and not for any other purpose.

You could be liable, but arguably this risk is no different to a situation where doctors load information into computer based records that are subsequently accessed by colleagues (in a hospital or large practice) or where referral letters may be sent to a number of different doctors that contain an error.

If you become aware that a SHS is incorrect in any way it should be corrected by uploading a new version.

The author of a clinical document can delete a clinical document from the MHR eg if it has been uploaded in error or contains a mistake (see further below).

Clinical documents cannot be edited once they have been uploaded. If you have uploaded a document in error or you have uploaded a document that contains a mistake, you can delete the original document and upload a replacement document. The process suggested by the Australian Digital Health Agency for doing this is:

• • delete the incorrect document immediately
• • upload a new, corrected version
• • record this in your own notes.

If you find an error made by someone else (a factual error rather than a genuine diagnosis that has been subsequently found to be incorrect), the process suggested by the Australian Digital Health Agency is:

• • contact the authoring healthcare provider to check the information and if needed have them amend or remove the information
• • inform the patient that you have identified an error
• • encourage the patient to check the details have been corrected with the author or follow up with the author yourself
• • notify the Agency via the MHR helpline on 1800 723 471
• • record the action in your own notes.

A patient can remove but not edit any document uploaded by a provider. When a patient attempts to remove a document, the patient will receive a system generated warning that this action may have an impact on their care. Healthcare providers will not be notified that a document has been removed or that access to a document has been restricted by a patient. However, if you are the author of a document that is removed, when you access the patient’s MHR, this will be indicated to you in the document list.

From the age of 14, a young person may choose to take over control of their MHR. When a young person turns 14 their parents will be automatically removed as their 'authorised representative'. From this age, the young person could give their parents access to their MHR as a ‘nominated representative’. Nominated representatives may have different types of access.

For more information on nominated representatives see below - What if a patient has capacity, but needs some help managing their health record?

Yes, an authorised representative can be responsible for managing a MHR for an adult who does not have the capacity to do so for themselves. Authorised representatives have full control of the patient’s MHR and can make decisions about how it is managed and how information in the MHR is accessed. The authorised representative must act in the patient’s best interests in managing the record.

Patients can have what is known as a nominated representative to help manage their MHR. This could be done for example by a young person who has taken control of their record but who wishes a parent or guardian to help manage their MHR, or by a person with fluctuating capacity, A patient may give their nominated representative one of three types of access: general access (to view documents unless restricted), restricted access (to view documents including restricted documents) or full access (to view document and make additions to the MHR).

There is no specific item number for using the MHR system. Doctors can bill Medicare according to the time taken for the consultation. This includes time taken for example to educate and register patients for a MHR, prepare shared health summaries and event summaries if these activities are undertaken as part of providing a clinical service and the patient is present at the time.

Yes - if you are going to participate in the MHR system you need to provide your details and identifier (HPI-I) to the practice. Healthcare organisations are required to keep an updated list of healthcare providers authorised to use the MHR system for each practice. Further, a requirement for the eHealth practice incentive payment (ePIP) is that organisations store individual healthcare identifiers for doctors in a compliant clinical software system. You only need one HPI-I that can be used at any location where you work. For information on how to find your HPI-I, see the MHR website.

According to the Australian Digital Health Agency, the MHR system has bank strength security features. It uses a layered security model with multiple security controls in place to protect the information.

Arrangements in place to protect the information are:

• • Only authorised users can access the system – secure login/authentication mechanisms
• • Firewalls
• • Strong data encryption
• • Software to detect and prevent fraudulent activities and monitor for unauthorised and inappropriate access
• • Digital signatures for clinical documents
• • Transaction logging and audit trails.

Medical professionals must be authorised by their organisation to access the MHR and must use the NASH (National Authentication Service for Health) to access and share information securely. NASH uses secure encryption technology to validate the origin of information and protect its confidentiality and integrity.

Medical practices and doctors are authorised to use, collect and disclose health information in a MHR for the purpose of providing healthcare to a patient, and in accordance with any access controls that may have been imposed by the patient.

It is an offence under the MHR legislation to collect, use or disclose information from a MHR if it is not for an “authorised” purpose (provision of healthcare) and the person involved knows or is reckless to the fact that the information is being accessed or used for an unauthorised purpose.

For any unauthorised access of the system (ss59 and 60) there is a potential civil penalty of up to $21,600 for individuals and $108,000 for bodies corporate. There is also a criminal penalty of up to two years imprisonment and/or $21,600 for individuals and $108,000 for bodies corporate.

Where there has been “unauthorised collection, use or disclosure” or compromised security there is an obligation on the practice (not the practitioner) to notify:

• • the Australian Digital Health Agency and
• • the Office of the Australian Information Commissioner (OAIC) and, where required
• • affected health care recipients.

There is a potential civil penalty for failing to provide the necessary notification. We therefore suggest contacting Avant for advice if you identify a data breach.

For failing to notify an actual or potential data breach in which a person was directly involved (section 75), there is a potential civil penalty of up to $18,000 for individuals and $90,000 for bodies corporate.

A breach of the MHR Act is taken to be a breach of privacy, and all breaches are investigated by the OAIC in a manner similar to breaches of the Privacy Act.

The OAIC publishes breaches of the MHR system in its annual report; there were two breaches in 2013/14 and seven in 2014/15, and six in 2016/17. The 2016/17 breaches involved unauthorised access of a healthcare recipient’s MHR by a third party.

The OAIC has made it clear that it will take an educative approach to privacy compliance. In taking action about a privacy breach, the OAIC will consider factors such as the number of persons affected, the seriousness of the incident and whether the conduct was deliberate or reckless. The OAIC has stated that it is unlikely to seek a civil penalty for minor or inadvertent contraventions, where the person responsible for the contravention has co-operated with the investigation and has taken steps to avoid future contraventions.

The MHR itself does not form part of a doctor’s record for a patient, for the purposes of a subpoena or otherwise. A doctor does not have possession and control of the MHR for a patient and therefore does not need to include it in answer to a subpoena. However if a doctor downloads documents from the MHR (eg a discharge summary or test results) into their own record for the patient, those documents will be part of the doctor’s record for the patient and will need to be produced in answer to a subpoena.

There is authority under the My Health Records Act for a court or tribunal, or for a coroner, to direct or order the Australian Digital Health Agency to disclose a patient’s My Health Record information in certain circumstances.

Documents held by the Australian Digital Health Agency will be retained for a period of 30 years after a patient’s death or, if the date of death is unknown, for a period of 130 years after the date of their birth (although the Health Minister has indicated that that this may be change).

During this time the patient’s MHR will not be able to be accessed by Healthcare Providers or Representatives etc. However, a patient’s MHR may still be accessed by or through the Australian Digital Health Agency in certain circumstances where the legislation allows including for the purpose of maintenance, audit and for other purposes required or by law.

No. When it was originally set up (as the Personally Controlled Electronic Health Record) it was an opt-in system for patients. It has now changed to an opt-out system and any patient who does not wish to have a MHR will need to opt-out.

The system remains “opt in” for healthcare providers and practices.

A medical practice registers to participate in the MHR system, not individual doctors. There is no legal requirement for doctors to be involved in the MHR and it is up to each practitioner to decide whether they wish to use the MHR for any of their patients.

The practice will need to register itself and obtain a healthcare provider organisation identifier (HPI-O) from the Health Identifiers Service.

Individual healthcare providers in the practice will also need their healthcare provider identifier (HPI-I). Staff who are registered with AHPRA are automatically assigned a HPI-I. Healthcare providers who are not registered with AHPRA must apply for a HPI-I.

The practice has to maintain records linking user accounts to individual staff.

The practice also needs to decide whether to access MHR using conformant software or via the provider portal (which is read-only). The Australian Digital Health Agency has a list of software products using digital health (the register of conformity).

The practice must tell the Australian Digital Health Agency within 14 days if the organisation has ceased to be eligible to be registered (for example, the organisation has cancelled its HPI-O).

General practices participating in the eHealth practice incentive payment (ePIP) are required to establish and put into writing a Secure Message Delivery policy and a Clinical Coding and Terminology policy. Further details are available on the My Health Record website.

To be eligible for the practice incentives program ehealth incentive (ePIP) practices must:

1. Integrate healthcare identified into electronic practice records
2. Having standards-compliant secure messaging capability
3. Work towards recording the majority of diagnoses for active patients electronically
4. Ensure the majority of their prescriptions are sent electronically to a Prescription Exchange Service
5. Use the My health records system

Each practice needs to upload a shared health summary for a minimum of 0.5% of their standardised whole patient equivalent (SWPE) or the default SWPE, whichever is greater, each quarter. This will vary depending on the number of patients in each practice, but is estimated to be about five summaries per full-time equivalent GP per quarter, based on an estimated 1,000 SWPE per full-time equivalent GP.

More information on the ePIP is available on the My Health Record website or from the Department of Human Services.

Practices will need to work with the doctors in the practice to upload the requisite number of shared health summaries. Practices that do not upload the required number of shared health summaries will be required to repay their ePIP payment to the Federal government. For more information about the ePIP compliance program see https://www.myhealthrecord.gov.au/for-healthcare-professionals/epip-compliance-letters

Practices are also likely to encourage doctors to participate in the system in order to qualify for the quarterly payment and to encourage their patients to register to use the MHR system.

No. An organisation must not discriminate against an individual because they do not have a MHR or because of their My Health Record's access control settings.

A practice is responsible for the security of patient health information that it holds. It is not responsible for the security of the MHR system, as this is the responsibility of the Australian Digital Health Agency (the system operator).

Once you upload the information to the MHR, the responsibility for the privacy and security of that information passes to the Australian Digital Health Agency.

You do need to ensure the security of your systems to reduce the risk of unauthorised access to the MHR system via your system.

Some tips to help protect the health information held at your practice:

• Use strong passphrases
• Each person has their own unique password or passphrase
• Passwords/passphrases are not shared or written down
• Computers are always locked when you step away from the desk
• Two-factor authentication is used where possible.
• Update operating systems and applications regularly
• Install anti-virus software
• Only use secure wifi
• Implement application whitelisting
• Restrict administrator access
• Be aware of the latest security scams
• Be alert for suspicious emails and websites
• Promote a ‘think before you click’ culture
• Regularly backup your data and store backups separately from your network

For more information see the Australian Digital Health Agency’s Information Security Guide for Small Businesses

Your practice should have in place account management practices that support the practice’s security policies, such as restricting use, uniquely identifying users and employing secure access mechanisms such as passwords and passphrases.

Practices are expected to provide training for staff on using the MHR. There are clinical software simulators where you can practise viewing, creating and uploading clinical information.

Practices must develop, maintain, enforce and communicate to staff written policies relevant to the My Health Record system to ensure that interaction with the My Health Record system is secure, responsible and accountable.

You must provide a copy of your policy to the Australian Digital Health Agency (the system operator) on request.

The MHR Rules require practices to have a MHR security and access policy that is reviewed annually (rule 42). The policy should cover aspects such as:

• Policy communication and training
• Access rights
• Password maintenance.

The Australian Digital Health Agency has a security practices and policy checklist that you can use as a guide.

The organisation must tell the Australian Digital Health as soon as practicable after becoming aware of a potential or actual data breach, that is:

• There has been an unauthorised collection, use or disclosure of health information included in an individual's My Health Record; or
• An event has, or may have, occurred that compromises, or may compromise, the security or integrity of the My Health Record system.

The practice must also give the Australian Digital Health necessary assistance in relation to any inquiry, audit, review, assessment, investigation or complaint regarding the My Health Record system.

Practices must take reasonable steps to ensure that their staff exercise due care and skill so that any record uploaded to the My Health Record system is at the time it is uploaded, accurate, up-to-date, not misleading and not defamatory.

The practice must also:

• Ensure that only documents that have been prepared by a currently registered healthcare provider (ie whose registration is not conditional, suspended, cancelled or lapsed) are uploaded to the MHR.
• Ensure that clinical documents are not uploaded to the My Health Record system where an individual has withdrawn consent to the uploading of that clinical document.
• Tell the System Operator, within two business days of becoming aware, of a non-clinical My Health Record system-related error in a record.