Legislation strengthening privacy protections in My Health Records Act 2012 has been passed today by The Australian Parliament.
The new legislation means that Australians can opt in or opt out of My Health Record whenever they choose to. Those who choose to opt out can have their record permanently deleted.
More than 6.3 million Australians already have a My Health Record and over 14,000 healthcare professional organisations are connected, including general practices, hospitals, pharmacies, diagnostic imaging and pathology practices.
My Health Record supports the health and care of Australians who choose to have one and records will be created for every Australian who hasn’t opted out by 31 January 2018, with the option to opt out available at any time.
The changes passed today will:
- Allow Australians to permanently delete their records and any backups, at any time.
- Explicitly prohibit access to My Health Records by insurers and employers.
- Provide greater privacy for teenagers 14 years and over.
- Strengthen existing protections for people at risk of family and domestic violence.
- Clarify that only the Agency, the Department of Health and the Chief Executive of Medicare (and no other government agency) can access the My Health Record system.
- Explicitly require law enforcement and other agencies to produce a court order to access information in My Health Records.
- Make clear that the system cannot be privatised or used for commercial purposes.
The changes are backed up by harsher penalties and fines for inappropriate or unauthorised use of My Health Records.
A statement by the Australian Digital Health Agency says it welcomes this decision by the Australian Parliament and thanked all those who have collaborated in successful development of these additional privacy protections and the broader initiative to provide a My Health Record to all Australians who choose to have one.
A summary of the changes is available at https://www.myhealthrecord.gov.au/news-and-media/my-health-record-stories/legislation-strengthens-privacy