Under the My Health Records Act 2012, healthcare provider organisations are authorised to:
- Upload information to the My Health Record system, and
- View information in the system.
Authority to upload information to a My Health Record
Subject to the situations described below, there is no requirement for a healthcare provider to obtain consent on each occasion prior to uploading clinical information. There is also no requirement for a healthcare consumer to review clinical information prior to it being uploaded.
It may be considered good clinical practice to advise a patient that you will be uploading information to their My Health Record, particularly if this information might be considered sensitive. This approach is recommended by the Australian Medical Association in its guide to using the My Health Record system (section 4.5).
Situations where documents should not be uploaded
If a consumer specifically asks a healthcare provider organisation not to upload particular documents or information to their My Health Record, the healthcare provider organisation must comply with the person’s request.
The My Health Records Act recognises that under some state and territory laws consent must be given expressly, or in a particular way, before information related to specific areas of health is disclosed.
Viewing a My Health Record
Any person who is authorised by a healthcare organisation can access and view an individual’s My Health Record for the purpose of providing healthcare services. In addition to clinicians, a healthcare organisation may authorise other staff to access the My Health Record system as part of their role in healthcare delivery.
Healthcare provider organisations can access and view information in a My Health Record during a consultation. They can also access the record without the individual being present, provided that access is for the purpose of providing healthcare to the individual. For example, a specialist may choose to review clinical documents in an individual’s My Health Record prior to a consultation.
Consent and ePrescriptions
If a healthcare consumer requests that specific prescription information is not uploaded to their My Health Record, the dispensing system defaults to apply the same consent decision to the corresponding dispense record. This prevents the prescription or dispense record from being uploaded to the My Health Record system, where a consumer has requested not to send their prescription record to the My Health Record system. However, these defaults can be overruled by the individual and dispensing healthcare provider at the point of care.
Consent and Secure Message Delivery
Just as a provider is not required to seek consent to send clinical information via existing point-to-point channels, such as fax, a healthcare provider does not need patient consent to send clinical information using Secure Message Delivery.
This information has been sourced here on 21 May 2019.
You can find more resources available here.
If you would like My Health Record support, please contact NCPHN’s Digital Health Team on (02) 6618 5400