Articles and Case Studies

My Health Record

02 Nov 2016

Karen Stephens 110x137

by Ms Karen Stephens

health record

Recent changes are forcing patients and doctors to pay more attention to My Health Records.

What is My Health Record?

My Health Record:

  • is a national digital health record system
  • was previously known as Personally Controlled Electronic Health Records (PCEHR) or eHealth records
  • is a summary of an individual’s key health information that can be shared securely online between the individual and their healthcare providers
  • does not replace a doctor’s own records.

The opt-out trial

Originally, My Health Record was an opt-in system and patients had to actively register. Now, an opt-out model has been trialled in Northern Queensland and the Nepean Blue Mountains area. People with a registered Medicare address in these areas had until 27 May 2016 to opt out of having a My Health Record automatically created for them. The opt-out rate was 1.9%, meaning that almost one million extra records have been added. This brings the total number of registrants to over 3.8 million at 30 June 2016.

Practice participation

For practices, participation in the My Health Record system requires a number of initial steps, and ongoing compliance with legislative requirements.1

Issues to be addressed include:

  • computer security
  • software functionality and secure messaging capability
  • data quality in the medical records2
  • training staff and appointing specific responsible staff3
  • written policies and procedures.

Training

  • Online training is available, including specific modules for general practice and specialist practice at the My Health Record website.4
  • Software training and downloadable guides are also available from the Australian Digital Health Agency (ADHA).5
  • Face-to-face training can be organised through local Primary Health Networks.

Incentive payments for general practices

General practices can claim an incentive payment for participating in My Health Record. There are a number of criteria they must comply with to receive the full benefit, including uploading a minimum number of Shared Health Summaries.6 The RACGP also has some useful resources.7

Medico-legal issues

Consent

  • When registering for My Health Record, patients are required to give a “standing consent” for the upload of documents. The patient must be adequately informed before giving consent. There is no requirement for a provider to obtain consent on each occasion prior to uploading clinical information, except that specific consent is required to upload sensitive information such as HIV status.
  • Written consent is recommended from the patient when they register at a practice – that they understand what will be in the record and who can access it. Verbal consent can be obtained prior to uploading any information to the record.
  • Patients can control which healthcare providers have access to their My Health Record and they can remove documents themselves. They cannot edit a document that a doctor has uploaded.
  • In an emergency, a provider can assert emergency access functionality which will override the existing access controls for a specified period.

Privacy

System security includes strong encryption, firewalls, secure login/authentication and audit logging (“bank-strength” security). Access to My Health Record is limited by law to specific situations, e.g. registered healthcare providers delivering health care. Practices must meet specific privacy and security requirements, including having a policy setting out access and security procedures. Worksheets and templates to help practices are available.8

The Office of the Australian Information Commissioner (OAIC) assessed seven GP practices in Victoria and NSW as being at medium to high risk of breaching privacy laws when using the My Health Record.9 Passwords were too weak or not changed often enough, a record of the master copy was kept at the clinic, and computers did not have self-locking screen savers turned on.

Legislation requires mandatory notification to the OAIC if a breach of privacy occurs, and the OAIC has a guide to mandatory notifications.10 There are significant sanctions for misuse of the information, but not where a mistake is made.





Useful websites

Helpline


Karen Stephens
Risk Adviser, MDA National


References

  1. Australian Digital Health Agency. My Health Record System Participation Obligations. Available at: digitalhealth.gov.au/using-the-my-health-record-system/maintaining-digital-health-in-your-practice/my-health-record-system-participation-obligations
  2. Australian Digital Health Agency. Data Quality Checklist. Available at: myhealthrecord.gov.au/sites/g/files/net4206/f/factsheet-data-quality-my-health-record-20170503.pdf
  3. Staff management activities under: Managing your organisation’s digital health information. Available at: digitalhealth.gov.au/using-the-my-health-record-system/maintaining-digital-health-in-your-practice/managing-your-organisation-s-digital-health-information
  4. Australian Digital Health Agency. Online Training. Available at: digitalhealth.gov.au/using-the-my-health-record-system/digital-health-training-resources/my-health-record-online-training
  5. Australian Digital Health Agency. Training Resources. Available at: digitalhealth.gov.au/using-the-my-health-record-system/digital-health-training-resources
  6. Australian Digital Health Agency. Practice Incentives Program eHealth Incentive. myhealthrecord.gov.au/internet/mhr/publishing.nsf/Content/news-003
  7. Royal Australian College of General Practitioners. Digital Health Incentive Resources. racgp.org.au/download/Documents/e-health/Digital%20health%20incentive/Digital-PIP-General-information.pdf
  8. Australian Digital Health Agency. Privacy and Security for Digital Health.
  9. Office of the Australian Information Commissioner. eHealth System: Access Security Controls of Seven Healthcare Provider Organisations 2015. Available at: oaic.gov.au/privacy-law/assessments/ehealth-system-access-security-controls-of-seven-healthcare-provider-organisations
  10. Office of the Australian Information Commissioner. Guide to Mandatory Data Breach Notification in the PCEHR System. Available at: oaic.gov.au/agencies-and-organisations/guides/guide-to-mandatory-dbn-in-pcehr-system
Medical Records and Reports, Anaesthesia, Dermatology, Emergency Medicine, General Practice, Intensive Care Medicine, Obstetrics and Gynaecology, Ophthalmology, Pathology, Practice Manager Or Owner, Psychiatry, Radiology, Sports Medicine, Surgery
 

Library

Doctors Let's Talk: Get Yourself A Fricking GP

Get yourself a fricking GP stat! is a conversation with Dr Lam, 2019 RACGP National General Practitioner of the Year, rural GP and GP Anesthetics trainee, that explores the importance of finding your own GP as a Junior Doctor.

Podcasts

25 Oct 2022

Systematic efforts to reduce harms due to prescribed opioids – webinar recording

Efforts are underway across the healthcare system to reduce harms caused by pharmaceutical opioids. This 43-min recording of a live webinar, delivered 11 March 2021, is an opportunity for prescribers to check, and potentially improve, their contribution to these endeavours. Hear from an expert panel about recent opioid reforms by the Therapeutic Goods Administration and changes to the Pharmaceutical Benefits Scheme. 

Diplomacy in a hierarchy: tips for approaching a difficult conversation

Have you found yourself wondering how to broach a tough topic of conversation? It can be challenging to effectively navigate a disagreement with a co-worker, especially if they're 'above' you; however, it's vital for positive team dynamics and safe patient care. In this recording of a live webinar you'll have the opportunity to learn from colleagues' experiences around difficult discussions and hear from a diverse panel moderated by Dr Kiely Kim (medico-legal adviser and general practitioner). Recorded live on 2 September 2020.