Privacy

    This statement applies to personal information collected by the System Operator of the personally controlled electronic health (eHealth) record system. In dealing with personal information, the System Operator abides by the Commonwealth Privacy Act 1988 and the Australian Privacy Principles (APP). This statement has been developed to meet the requirements for a privacy policy (APP 1) and a collection notice (APP 5).



    The Secretary of the Department of Health is the System Operator of the eHealth record system. The System Operator is considered an agency for the purposes of the Privacy Act 1988.

    The Department of Health has a separate privacy policy available on the Department of Health website. For privacy or other eHealth enquires you can contact the System Operator by calling 1800 723 471 or visiting your local Medicare Service Centre.

    What is covered by this Privacy Statement?

    This Privacy Statement explains:
    • the types of personal information (including health information) that are collected by the System Operator about individuals who choose to have an eHealth record;
    • if an individual has an Authorised Representative (a person who the System Operator recognises as being able to act on behalf of the individual), the types of personal information that are collected by the System Operator about the Authorised Representative;
    • if an individual has a Nominated Representative (a person who an individual nominates to access their eHealth record), the types of personal information that are collected by the System Operator about the Nominated Representative;
    • the source from which the System Operator will collect information, including information that is collected directly from individuals and information that is collected about the individuals from others;
    • why the System Operator collects information and what the information is used for in the eHealth record system;
    • how the System Operator stores the information;
    • the entities to which the System Operator will usually disclose information as part of the eHealth record system, and the purpose for such disclosure; and
    • how individuals can access their personal information held by the System Operator.

    Who is the eHealth System Operator and how can I contact it/them?

    The System Operator is the person with responsibility for operating the eHealth record system. This person is the Secretary of the Department of Health. Customer service officers from the Department of Human Services (DHS-Medicare) and officers from the Department of Health will undertake some of the eHealth record system's day-to-day tasks on behalf of the System Operator.

    You can contact the System Operator by calling 1800 723 471 or visiting your local Medicare Service Centre. For details of your nearest Medicare Service Centre, visit the Department of Human Services website.

    What information is collected by the System Operator directly from individuals?

    The kinds of information collected by the System Operator directly from individuals or from Authorised Representatives about individuals may include:
    • details that allow the System Operator to identify and contact the individual such as the individual's name, address, telephone contact numbers, gender, date of birth, and either Medicare card number, Department of Veterans’ Affairs (DVA) file number or Individual Healthcare Identifier (IHI);
    • certified copies of acceptable identity documentation submitted to verify the individual's identity in the registration process where an individual applies for registration in writing;
    • details about current medications, allergies and adverse reactions the individual has which the individual or his/her Authorised Representative(s) has decided to publish in the eHealth record (known as the Personal Health Summary);
    • details about an individual's health which are entered by an individual or his/her Authorised Representative(s) into a confidential health diary facility offered as part of the eHealth system (known as Personal Notes);
    • information entered by the individual about the person who holds the individual's Advance Care Directive;
    • information about the choices an individual has made about their access controls, including the names of Nominated Representatives who the individual will allow to access the eHealth record, and other access controls;
    • information about an individual's access to his/her eHealth record for inclusion in the Access History;
    • if an individual contacts the System Operator to ask a question or report an issue, relevant information to address that matter;
    • contact details provided by the individual where the individual elects to receive notifications regarding certain activities in the individual’s eHealth record;
    • information about the individual's relatives or other third parties where the individual or his/her Authorised Representative(s) has included that information in the eHealth record, including in a Personal Health Summary, emergency contact details, or the information about the person who holds the individual's Advance Care Directive; and
    • information about an adult's capacity, in the event that a person makes an application for registration for an eHealth record on behalf of that adult on the basis that the person is the adult's Authorised Representative.

    What information is collected about individuals by the System Operator from healthcare provider organisations?

    The System Operator may collect health information about registered individuals from healthcare provider organisations (organisations that provide healthcare such as hospitals, clinics and pharmacies) that are registered to participate in the eHealth record system. The information collected includes:
    • allergies and adverse reactions;
    • medicines;
    • medical history; 
    • immunisations;
    • conditions diagnosed;
    • information about treatments provided;
    • hospital discharge information;
    • referrals;
    • prescribing and dispensing information;
    • diagnostic imaging results;
    • pathology results; and
    • information provided by a specialist.
    Individuals can advise their healthcare providers not to upload particular documents to the eHealth record system. A healthcare provider organisation must comply with this request. If that information is uploaded to the eHealth record system, the organisation may be subject to penalties.

    An individual who requests that certain documents not be uploaded should advise the healthcare provider on each occasion - for example, instructing the pharmacist each time a particular prescription is dispensed.

    In some cases the System Operator may collect information about the individual's relatives or other third parties where a healthcare provider has included that information in a clinical document uploaded to the eHealth record system. 

    What information is collected about individuals by the System Operator from DHS-Medicare in its role as a registered repository?

    An individual can decide to have the System Operator collect DHS-Medicare records from the DHS-Medicare registered repository for inclusion in his/her eHealth record, including:
    • details of all claims an individual or his/her doctor make for Medicare benefits in the future whenever the individual receives a healthcare service which is covered under the Medicare Benefits Schedule (MBS) (includes claims that are processed by the Department of Human Services (DHS) on behalf of DVA, in accordance with eligibility entitlements provided by DVA);
    • details of claims an individual or his/her doctor made for Medicare benefits in the past, if those records are available;
    • details of all claims made for pharmaceutical benefits in the future whenever the individual receives medication that is covered under the Pharmaceutical Benefits Scheme (PBS) (includes DVA claims under the Repatriation Pharmaceutical Benefits Scheme (RPBS) that are processed by DHS);
    • details of claims made under the PBS by the individual in the past, if those records are available;
    • organ and/or tissue donation decisions, which are sourced from the Australian Organ Donor Register (AODR); and
    • immunisations administered to the individual up until the age of 7 years, which are sourced from the Australian Childhood Immunisation Register (ACIR).
    If an individual (or their Authorised Representative(s)) consents to include DHS-Medicare records but later withdraws consent for transfer of information from DHS-Medicare to the System Operator, the Chief Executive Medicare will not notify the System Operator about any new records for that individual, and the System Operator will not be able to access any new records. However, MBS and PBS records transferred to the System Operator before the time the individual withdraws consent will remain visible on the individual's eHealth record and will remain accessible through the eHealth record system, unless the individual (or their Authorised Representative(s)) removes the MBS and PBS record from the eHealth record.

    Important: It is important for individuals to be aware that some health information that DHS-Medicare holds about the individual (for example, MBS data and PBS data) includes information about the types of healthcare services that the individual has received and the types of medications that they have been prescribed, and that these services and medications may indicate diagnosed conditions or illnesses.

    What information is collected about individuals by the System Operator from other repository operators?

    A repository operator holds records in storage for the eHealth record system, and then makes them available when they are requested through the eHealth record system. Repository operators must register to participate in the eHealth record system. As described above, DHS-Medicare will operate one of the repositories of information in the eHealth record system. 

    The System Operator will collect details of the documents held in registered repositories for individuals who are registered in the eHealth record system and display an index of the available information in the individual's eHealth record. If, for example, a healthcare provider wishes to access a document held in a registered repository for the purposes of providing healthcare to the individual, the System Operator will call for the document from the registered repository and make it available to the healthcare provider.

    Other private and public entities which hold healthcare information (for example, diagnostic imaging providers or public hospitals) may also apply to the System Operator to be repository operators in the eHealth record system.

    What other information is collected about individuals by the System Operator from DHS-Medicare?

    The System Operator collects demographic information (which may include the individual's name, address, age and gender) from DHS-Medicare and the Healthcare Identifiers Service during the registration process for the purposes of verifying the identity of individuals and their Authorised Representatives. Updates to individuals’ demographic and contact information will be collected over time, so that the System Operator's records remain current.

    Why does the System Operator collect information about individuals and what is the information used for?

    The System Operator collects information about individuals for a number of reasons, including to:
    • register individuals in the eHealth record system;
    • verify the identity of individuals in the registration process and when individuals access the eHealth record system after registration;
    • link the correct individual to the correct healthcare information stored by the System Operator and in registered repositories;
    • facilitate the retrieval of people’s healthcare information when required;
    • enable individuals to set access controls;
    • to notify an individual of certain activities on their eHealth record, if the individual has elected to receive notifications;
    • establish and maintain an audit service that records activity in the eHealth record system;
    • operate the National Repositories Service to store key records that form part of the eHealth record;
    • administer, maintain and monitor the eHealth record system including monitoring the security, integrity and efficiency of the system; and
    • otherwise perform its functions and responsibilities as authorised by law.

    What are the main consequences for individuals if they do not consent to the System Operator collecting some of their information?

    Registering for an eHealth record is voluntary. Applications to register for an eHealth record request your personal information. If you do not provide this information an eHealth record cannot be created for you. Part of the information requested from you is consent for healthcare provider organisations to upload your health information to your eHealth record. Without this consent you cannot be registered.

    You do not need an eHealth record to get medical treatment or claim government benefits such as Medicare.

    What information is disclosed by the System Operator, who is the information disclosed to and why?

    The System Operator will disclose information about individuals to:
    • the individual or the individual's Authorised Representative(s);
    • the individual's Nominated Representative(s) in accordance with the individual's access controls;
    • registered Healthcare Provider Organisations involved in the individual's healthcare in accordance with the individual's access controls or in cases of medical emergency;
    • DHS and DVA, in order to verify the accuracy of information individuals have supplied with their registration application including information necessary to verify the individual's identity and the individual's consent to include DHS-Medicare information in the eHealth record;
    • registered Contracted Service Providers (private sector firms contracted by Healthcare Provider Organisations to assist them with computer and IT-related services) if the Healthcare Provider Organisation is authorised by the individual to access information in the individual's eHealth record and the Healthcare Provider Organisation has authorised the Contracted Service Provide to connect to the eHealth record system on its behalf;
    • a registered portal operator if an individual's Authorised Representative, individual's Nominated Representative or healthcare provider accesses the eHealth record through a registered portal;
    • registered repository operators for the purpose of storing, indexing and calling for records about individuals which form part of the eHealth record; and
    • a Healthcare Provider Organisation, Contracted Service Provider, portal operator or repository operator if the System Operator needs to do so in order to investigate or resolve a technical, security or privacy matter that has arisen in the eHealth record system.
    If a Healthcare Provider Organisation and its local clinical information systems are compatible with the eHealth record system, the local clinical information system will automatically check for and notify the healthcare provider whether an eHealth record exists. An individual can prevent clinical information systems from automatically checking and displaying whether the individual has an eHealth record by turning off this function in their access controls. Turning off this function does not prevent healthcare providers from searching for the individual’s eHealth record in the eHealth record system.

    There are limited other circumstances in which an individual's information may be collected, used and disclosed under the Personally Controlled Electronic Health Records Act 2012 or as authorised by or under law. These circumstances include the provision of indemnity cover for healthcare providers, disclosure to courts and tribunals, for the purposes of coroner's investigations, and for law enforcement purposes.

    The System Operator uses private sector firms to assist it in delivering the eHealth record system. Those firms will collect, use and disclose, and in some cases store, individual information as part of this work. These firms are bound by strict obligations to treat individuals’ information with the same level of respect, privacy and security that they are entitled to from the System Operator.

    If an individual or Authorised Representative contacts the System Operator to ask a question or report an issue, the System Operator may need to disclose personal information about the individual and/or the Authorised Representative to the Australian Information Commissioner or equivalent body in a state or territory or to a Healthcare Provider Organisation to which the question or issue relates.

    The System Operator will not disclose to individuals' healthcare providers details about an individual's health which are entered by an individual or his/her Authorised Representative(s) into a confidential health diary facility offered as part of the eHealth system (known as Personal Health Notes).

    What information is used or disclosed by the Chief Executive Medicare to assist in the eHealth record system?

    The Chief Executive Medicare is involved in the eHealth record system as the Healthcare Identifiers Service Operator under the Healthcare Identifiers Act 2010, the holder of Medicare, PBS, ACIR and AODR records and as a repository operator.

    In its roles as the Healthcare Identifiers Service Operator and the holder of Medicare, PBS, ACIR and AODR records, the Chief Executive Medicare may disclose information to the System Operator about individuals' to assist the System Operator to make decisions about registering individuals and determining whether certain persons are authorised to act on behalf of individuals (as Authorised Representatives). For example, when an individual applies for an eHealth record online, over the phone or in person, consent will be sought for the Chief Executive Medicare or other authorised employees of the Department of Human Services to use Medicare and PBS records to ask the individual or his/her Authorised Representative a series of questions to verify the individual's and the prospective Authorised Representative's identity.

    If the person asserts that they are the Authorised Representative for the individual because he/she is the individual's parent, the Chief Executive Medicare or other authorised employees of the Department of Human Services will seek consent to check the Medicare records to see whether that person is on the same Medicare card grouping as the individual. Medicare groupings can be used as evidence of a person being an Authorised Representative of a child.

    Will information in eHealth records be taken,held or processed outside Australia?

    A registered repository operator, a registered portal operator or a registered Contracted Service Provider that holds or has access to eHealth records must not hold or take the records outside Australia or process or handle the information relating to the records outside Australia. 

    The System Operator is only authorised to hold, take, process or handle records outside Australia for the purposes of the operation or administration of the eHealth record system and only where the records do not contain any personal or identifying information of participants in the eHealth record system.

    You, any of your representatives, and any authorised healthcare providers can access your eHealth record from overseas via the Internet.

    How does the System Operator store eHealth records?

    An eHealth record is not a single record stored in a single repository. An eHealth record is made up of a collection of health documents stored in a network of connected registered repositories.

    The System Operator itself stores information including:
    • personal information about individuals who have registered for an eHealth record;
    • an index of available records for each individual stored in registered repositories which can be accessed via an individual's eHealth record;
    • the individual's Shared Health Summary and other key clinical documents and information uploaded by an individual in the Personal Health Summary and Personal Health Notes in the National Repositories Service (a repository operated by the System Operator); and
    • DHS-Medicare records in accordance with the individual's consent for upload of this information.
    Information in the National Repositories Service will be retained until at least 30 years after the date of an individual's death or, if the System Operator does not know this date, 130 years after the information was uploaded.

    How will eHealth records be kept safe and secure?

    The protection and security of individual’s personal information is something the System Operator takes seriously. The System Operator is committed to keeping secure the personal information that is provided to the eHealth record system. The System Operator will take reasonable precautions to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure.

    The System Operator has a range of practices and policies in place to provide a robust security environment. The ongoing adequacy of these measures will be regularly reviewed by the System Operator.

    The security measures of the eHealth record system include, but are not limited to:
    • a multi-layered ICT system of firewalls, gateways and portals to ensure only authorised users can access the eHealth record system;
    • personal information transmitted or stored by or on behalf of the System Operator will be encrypted to government standards published in the Australian Government Information Security Manual;
    • developing education and awareness programs to highlight the need for individuals to protect themselves against security threats and other hoaxes or scamming activities;
    • not registering an individual if the System Operator is satisfied the individual may compromise the security or integrity of the eHealth record system, having regard to the matters prescribed by the PCEHR Rules;
    • monitoring of access to eHealth records in order to detect suspicious or inappropriate behaviour;
    • maintaining an Access History of access to eHealth records which individuals can access;
    • requiring the System Operator, registered repository operators and registered portal operators to report a data breach to the Australian Information Commissioner (and/or in some cases, the System Operator who in turn must report the breach to the Australian Information Commissioner), as soon as practicable after becoming aware of the breach, event or circumstances;
    • requiring the System Operator, registered repository operators and registered portal operators to contain the data breach as soon as practicable after becoming aware of the breach, event or circumstances;
    • requiring the System Operator to notify all affected individuals (or the general public if a significant number of individuals are affected) if a data breach occurs;
    • rigorous security testing, to be conducted both prior to and after commencement of the eHealth record system;
    • imposing requirements for participants to comply with specific business rules and other relevant legislation which support security in the eHealth record system;
    • educating employees of DHS and other delegates of the System Operator as to their obligations when handling personal information; and
    • requiring employees of DHS and other delegates of the System Operator to individually authenticate themselves when accessing the eHealth record system.
    In addition to the security controls set out above, the System Operator will comply with the Security and Access Framework for the eHealth record system. Compliance with the Security and Access Framework increases confidence that confidentiality, integrity and availability of information within an eHealth record system are not compromised. The Security and Access Framework was developed with regard to the Australian Government's Protective Security Policy Framework, the National Identity Security Strategy developed by the Commonwealth Attorney-General and the National E-Authentication Framework.

    The System Operator has established a framework where individuals, Authorised Representatives, Nominated Representatives and registered Healthcare Provider Organisations are appropriately identified and authenticated each time they wish to access the individual eHealth records that they are entitled to access.

    Healthcare providers in registered Healthcare Provider Organisations will also need to be appropriately identified and authenticated each time they wish to access an eHealth record.

    Individuals are encouraged to take appropriate and adequate precautions to ensure that whatever is accessed from an eHealth record is free of viruses or other contamination that may interfere with or damage an individual's eHealth record. Individuals should keep their login and password for the eHealth record system secret and secure. For more information on how to take steps to protect the security of an eHealth record online see the eHealth website.

    Can individuals access personal information held by the System Operator?

    Yes. Individuals can access their personal information held by the System Operator by logging into their eHealth record online or contacting the System Operator.

    If an individual requires assistance in accessing this information or would like further information, they can contact the System Operator by calling 1800 723 471 or visiting their local Medicare Service Centre. For details of the nearest Medicare Service Centre, see the Department of Human Services website.

    Will individuals be able to see who else has accessed their eHealth record?

    Yes. Individuals can access the Access History for their eHealth record online or by contacting the System Operator. The Access History will include details including whether a healthcare provider, Nominated Representative, Authorised Representative or the individual accessed the eHealth record and when they accessed it.

    If individuals require assistance in accessing this information or would like further information, they can contact the System Operator by calling 1800 723 471 or visiting their local Medicare office. For details of the nearest Medicare office, see the Department of Human Services website.

    How can individuals request correction or updating of information in their Health record?

    If individuals believe that their eHealth record (or if they are an Authorised Representative, the individual's eHealth record that they are authorised to access) contains incorrect healthcare information, they should request the relevant healthcare provider to correct it.

    If a healthcare provider refuses to correct the information, an individual (or Authorised Representative) may complain to the Office of the Australian Information Commissioner.

    The System Operator also has powers to request a Healthcare Provider Organisation to correct personal information contained in an eHealth record and to load the corrected record to the eHealth record system. 

    Individuals can obtain further information on how to correct or update personal information by contacting the System Operator by calling 1800 723 471 or visiting their local Department of Human Services service centre offering Medicare Service Centre. For details of the nearest Medicare Service Centre, see the Department of Human Services website.

    Can individuals restrict access to their eHealth record or documents contained in their eHealth record?

    The eHealth record system allows individuals to limit access by Healthcare Provider Organisations to their whole eHealth record, limit access to documents within the eHealth record (except for the Shared Health Summary, Personal Health Summary or Advance Care Directive information) or remove documents from their eHealth record.

    Healthcare Provider Organisations cannot access the Personal Health Notes in an eHealth record.

    For more information on how to manage access controls, individuals should access the 'Help' section of their eHealth record or see the eHealth website.

    Individuals should be aware that in emergencies, where it is unreasonable or impractical to obtain their consent, information in their eHealth record (except for removed documents) may be made available to healthcare providers and that access controls may be overridden on a temporary basis, for the purpose of delivering healthcare.

    If an individual nominates another person to have access to the individual's eHealth record (known as a Nominated Representative), what information will that Nominated Representative be able to access?

    Individuals can choose to allow certain persons to access their eHealth record (known as Nominated Representatives) in order to access the individual's eHealth record. Nominated Representatives are able to access information in the individual's eHealth record subject to an individual's access settings. For more information on how to appoint a Nominated Representative, individuals should access the 'Help' section of their eHealth record or see the eHealth website.

    I have been asked to assist another person with their eHealth record. What information will be collected about me if I agree to be a Nominated Representative? 

    If an individual appoints you as a Nominated Representative they can choose whether to give you read-only access or full access. In either case you will need to create or use an existing MyGov account in order to access the individual's eHealth record. If the individual appoints you as a read-only Nominated Representative, they are required to assign you a preferred name to identify you when you access their eHealth record. While this name could be any word (for example, "mum"), it is possible that an individual will use your real name or include other personal information about you in the name field.

    If the individual appoints you as a Full Access Nominated Representative, the System Operator collects demographic information (which may include your name, address, age and gender) from DHS-Medicare and the Healthcare Identifiers Service for the purposes of verifying your identity. Updates to your demographic and contact information will be collected over time so that the System Operator's records remain current.

    The kinds of information collected by the System Operator directly from Full Access Nominated Representatives may include details that allow the System Operator to identify and contact the Full Access Nominated Representative such as name, address, telephone contact numbers, gender, date of birth, and either Medicare card number, DVA file number or IHI.

    I am a parent, guardian or other type of Authorised Representative for an individual. What information will be collected about me for the purposes of the individual's eHealth record?

    In order for the System Operator to determine whether a person is able to act on behalf of an individual as their Authorised Representative, the System Operator collects:
    • details that allow the System Operator to identify and contact the Authorised Representative such as the person's name, address, telephone contact numbers, gender, date of birth, and either Medicare card number, DVA file number or the person's IHI;
    • certified copies of acceptable identity documentation submitted to verify the identity of an Authorised Representative if that person applies to register an individual in writing;
    • documentation to verify that the person is the Authorised Representative of the individual, such as a power of attorney, court order, or a statutory declaration about the person's relationship with the individual; and
    • information from the documentation establishing the Authorised Representative's authority, including type of authority (from a pre-defined list), issuing authority, start date of authority, end date of authority (if specified) and review date of authority (if specified).
    The System Operator may also collect information from DHS-Medicare to assist the System Operator to make decisions about registering individuals and determining whether certain persons are authorised to act on behalf of individuals (Authorised Representatives). For example, when an Authorised Representative applies for an eHealth record for an individual online, over the phone or in person, consent will be sought for the Chief Executive Medicare or other authorised employees of the Department of Human Services to use Medicare and PBS records to ask the Authorised Representative a series of questions to verify the individual's and the Authorised Representative's identity. 

    In some cases personal information may be collected from Authorised Representatives by the System Operator if the Authorised Representative contacts the System Operator to ask a question or report an issue.

    Can healthcare providers access eHealth records in an emergency?

    If a healthcare provider reasonably believes that access to health information in an individual's eHealth record is necessary to lessen or prevent a serious threat to an individual's life, health or safety (and the individual’s consent cannot be obtained), or to prevent a serious threat to public health or public safety, the healthcare provider can access the individual's eHealth record for a limited period of time. 

    In emergencies, healthcare providers may override the access controls set by an individual and access all information in the individual's eHealth record to deliver emergency health care. After a period of five days from the time the emergency was asserted and access to the eHealth record was obtained, the emergency access will cease. Use of the emergency access function by a healthcare provider will be logged in the individual’s Access History and the individual will be notified if they requested to receive this type of notification.

    Will eHealth records be used for research or other public health purposes?

    The System Operator is authorised to prepare and provide de-identified data (i.e. data that has had information that would reasonably identify the individual removed) for research and other public health purposes. A framework will be developed to ensure that appropriate protections are put in place around the preparation and disclosure of de-identified data.

    What can I do if I think someone has breached my privacy?

    If you think someone has mishandled your eHealth record you should first complain to the entity (for example, healthcare provider) you think is at fault.

    If you are not satisfied with the response you can complain to the System Operator by calling 1800 723 471 or visiting your local Medicare Services Centre. For details of your nearest Service Centre, visit the Department of Human Services website. You may also complain to the Office of the Australian Information Commissioner or to the state or territory regulator.

    Following the receipt of your complaint, the System Operator may refer your complaint to the Office of the Australian Information Commissioner or a privacy regulator in a state or territory.

    As the privacy regulator of eHealth record system, the Information Commissioner can undertake investigations, effect conciliations, accept enforceable undertakings, or seek injunctions or civil penalties.

    What are the penalties for collecting, using or disclosing information in an eHealth record when it is not authorised?

    It is an offence under the Personally Controlled Electronic Health Records Act 2012 for a person to collect health information from an individual's eHealth record, or use or disclose that information, if the collection, use or disclosure is not authorised by the legislation and the person knows that the collection is not authorised or is reckless as to whether the collection is authorised or not. 

    The penalty under the legislation for unauthorised collection, use and disclosure is currently up to $13,600 for an individual or up to $68,000 for a body corporate.

    What happens if there is a data breach involving my eHealth record? Will I be notified by the System Operator?

    The System Operator is required to notify the Australian Information Commissioner as soon as practicable after becoming aware of a data breach relating to the eHealth record system, if the System Operator is directly involved or may be involved in the breach. The System Operator is also required to notify all affected individuals of a data breach involving the System Operator, a registered repository operator or a registered portal operator.

    The Personally Controlled Electronic Health Records Act 2012 compels registered repository operators, registered portal operators and the System Operator to report data breaches. Depending on the circumstances, operators may have to report a data breach to the System Operator, the Information Commissioner or both. If a registered repository operator or registered portal operator fails to notify the relevant body of a data breach, they may be subject to a civil penalty.

    What happens to an eHealth record if an individual's registration is cancelled?

    When an individual's registration in the eHealth record system is cancelled, their eHealth record is deactivated by the System Operator.

    Upon an eHealth record being deactivated:
    • all documents in the eHealth record will be kept in the eHealth record system;
    • the eHealth record will not be able to be accessed in an emergency situation;
    • an individual will only be able to access their eHealth record by making a request to the System Operator;
    • healthcare providers will only be able to access the individual’s eHealth record where authorised by law;
    • healthcare providers will not be able to upload records to the eHealth record; and
    • the eHealth record may still be accessed by the System Operator for the purposes of maintenance, audit and other purposes authorised by law.
    The key records that form part of a deactivated eHealth record, including any Shared Health Summary, will be stored in the National Repositories Service for a period of at least 30 years after the individual’s death, or if the date of death is unknown, for a period of at least 130 years after the record was uploaded. All other records in an eHealth record that are held by registered repository operators will be subject to state or territory retention requirements which may be up to 15 years.

    Please note that a Healthcare Provider Organisation that authored a clinical document which was uploaded to an individual’s eHealth record will have a copy of this clinical document saved in their clinical information system regardless of whether the individual’s eHealth record has been cancelled.

    Please note that health information uploaded to an individual's eHealth record will still be accessible to healthcare providers and other organisations after cancellation where registered repository operators continue to provide healthcare providers (and other registered organisations used by healthcare providers) with access to health information which was previously downloaded by them from a person’s eHealth record with that person’s consent.

    If an application is made to reapply for registration, the reactivated eHealth record may include information (including health information) which was included in the eHealth record immediately prior to it being deactivated.
    Please note that if an eHealth record has been cancelled due to the death of an individual, it is not able to be reactivated.

    Application of state and territory privacy laws

    Where a healthcare provider downloads health information from an individual's eHealth record into the Healthcare Provider Organisation’s clinical information system, the local state or territory privacy law will apply to that downloaded information.

    What is recorded about use of this website?

    When visiting this site, a record of your visit is logged. This information is recorded for statistical purposes only and is used to help improve this website. The following information is supplied by your browser (for example, Internet Explorer):
    • the user's server address;
    • the user's operating system (for example, Windows, MAC);
    • the user's top level domain name (for example, .com, .gov, .au, .uk);
    • the date and time of the visit to the site;
    • the pages accessed and the documents downloaded;
    • the previous site visited; and
    • the type of browser used.
    This information is used for statistical purposes only. No attempt will be made to identify users or their browsing activities except in the unlikely event of an investigation, where a law enforcement agency (or other government agency) exercises a legal authority to inspect Internet Service Provider (ISP) logs (for example, by warrant, subpoena or notice to produce).

    Does this website use cookies?

    Yes. A cookie is a small piece of data sent from a website and stored in a user’s browser while the user is browsing the website. This website uses cookies to help us improve the website, not to track your movements through the Internet or to record private information about you.

    Two cookie types may be used by this website – those which exist only for the duration of a single web browser session and are lost when you end the Internet session or shut down your computer (referred to as session cookies), and those which exist for a period of time beyond the end of your web browser session before they expire (persistent cookies).

    What information is collected if I access an eHealth record online?

    We use a range of tools provided by third parties to collect or view website traffic information. We also use cookies and session tools to improve your experience when accessing our website. The information collected by these tools may include the IP address of the device you are using to access the website, the part of the website that IP address has come from and the pages accessed on our website. We use the information to maintain and improve our website and to enhance your experience when using it.

    What happens if I provide my email address?

    If you provide your email email address as part of your use of the eHealth website:
    • we will record your email address;
    • we will only use your email address for the purpose for which you provided it (as noted on the eHealth website);
    • it will not be added to a mailing list, unless provided by you specifically for that purpose;
    • we will not use your email address for any other purpose unless we ask your permission first;
    • we will not disclose your email address without your consent; and
    • you agree that your first name and the content of your post/comments/suggestions and/or any information you provide may be used on this website or for other health communication (for example, reports, brochures, presentations, videos).

    Is this website secure?

    The eHealth website does not provide facilities for the secure transmission of information across the Internet. Users should be aware that there are inherent risks in transmitting information across the Internet.

    When you log in to your eHealth record you are redirected to a secure site. The information you provide in logging in to your record and in your record is protected.

    This site contains links to other sites. We are not responsible for the content or the privacy practices of other web sites and we encourage you to examine each website's privacy policy.

    How can I provide feedback?

    If you wish to provide feedback on any aspect of the eHealth record system, including this Privacy Statement, the practices of this site or using the Consumer and Healthcare Provider portals, please contact us via the Feedback on the PCEHR webpage.

    Page last updated 01 December, 2014