My Health Record Update

15 Oct 2020

Reminder of Healthcare provider obligations under the My Health Records Act 2012 and the Privacy Act 1988 

All healthcare providers who connect to the My Health Record systems must comply with certain security and patient privacy obligations. Please see a summary of these obligations provided by the Office of the Australian Privacy Commissioner.   

Why is the reminder being distributed now? 

In late 2019 the Australian National Audit Office (ANAO) reviewed the implementation of the My Health Record system under opt out arrangements. Access to the final ANAO report is here 

The ANAO concluded there are robust systems in place to monitor and act on cyber security risk to the My Health Record core infrastructure. But the monitoring by ADHA of healthcare provider organisation’s compliance with My Health Record security and patient privacy obligations in the legislation, needs to be more proactive. 

Where can you get more information and assistance?  

AMA members can email the Australian Digital Health Agency at if they would like assistance in meeting their obligations and implementing security and access controls. 

Other useful links to advice templates, and training include: