My Health Record (MHR) is the online summary of a person’s health information that can be accessed anywhere, anytime by them and their healthcare providers. The scheme has been operating for the past six years on an opt-in basis; that is, people only had a record if they signed up for one. However, starting this year, the scheme created default accounts for every Australian unless they opted-out.

MHR has obvious potential to improve healthcare outcomes, including more informed and holistic healthcare decisions, fewer adverse events and improved health outcomes. But the scheme has implications for allied health professionals and it is important to know some of the potential benefits, limitations and risks of MHR.

You can access a patient’s MHR

When an account is created, the default access setting is open, which means a health professional can access their patient’s record, provided it is for the purpose of providing healthcare to that patient. You do not need to ask for consent before accessing or uploading information to your patient’s record, although we consider that it would be good practice to advise them that you are doing so.

The record can be a useful document archive that can be shared between health professionals to improve communication and health outcomes. For example, you would be able to access a patient’s most recent health information such as a discharge summary or imaging to inform your treatment planning. You can also upload information about your treatment and recommendations that will be accessible by other treating clinicians.

MHR is not a comprehensive record of a patient’s medical history

Firstly, the MHR scheme uploads documents as they are created and does not contain documents from before a person’s MHR account was created. Secondly, there is likely to be a transition period as the medical profession adjusts to the new system and practitioners begin consistently uploading information as part of their day-to-day practice.

Finally, patients can change the default settings and restrict who accesses their information and what appears. For example, a patient can:

• request that their doctors include or not include certain documents in their MHR


• remove documents already uploaded to a record


• hide documents in a record so they are not visible to treating doctors


• specify whether information from Medicare, Department of Veterans’ Affairs or the Pharmaceutical Benefits Scheme will appear


• set a record access code to restrict access and give permission to access records, or provide a limited document access code to restrict access to certain documents


• set up an email or SMS alert for when someone accesses the record for the first time.

Notably, privacy restrictions and access codes can be overridden if access is required for an emergency or if there is a serious threat to public health or safety. However, healthcare providers won’t be able to see documents that a patient has removed, or personal notes that have been entered.

Remember that the record may not be reliable

You will need to keep in mind that a patient may have amended the record or changed their settings when you are reviewing and relying on a MHR and treat the information with a level of clinical suspicion.

You have obligations in relation to privacy and confidentiality of health data

You and your organisation also have a number of obligations as participating users of the MHR system. In particular, you have privacy and security obligations and must only use MHR data for prescribed proper purposes. The main causes of health data breaches in Australia are human error breaches. In most cases this involves sending emails to the wrong recipient.

The My Health Records Act 2012 contains penalties for privacy and security breaches, notification obligations for privacy breaches, and penalties for failing to notify. There are also penalties for improper use of a person’s MHR health information.

Ultimately, although the MHR scheme has obvious potential to improve healthcare outcomes, it will take time for health professionals to become familiar with the system and for its benefits to be fully realised, all while smoothing out both foreseen and potentially unforeseen hiccups along the way.

Click here for information about your obligations.

Dimitra Dubrow is a principal lawyer and head of Maurice Blackburn’s national medical negligence department. Amy Johnstone is an associate in Maurice Blackburn’s medical negligence department in Melbourne.