Privacy and security FAQs
Following are some frequently asked questions (FAQs) and answers to help consumers and healthcare professionals better understand Australia's new eHealth record system and how having an eHealth record could benefit you over time.
The attached PDF documents contain detailed FAQs - both general in nature, and specific to the needs of particular demographic and professional groups.
Privacy and security FAQs
Who can see the information on my eHealth record?If you feel it is necessary, you can choose or limit which healthcare organisations can see and add to the information on your eHealth record. However it is important that healthcare professionals treating you have access to the vital information that they need to offer you care.
How will my personal information be kept private?Your eHealth record is protected by existing and new legislation. Your records will also be protected by audit trails, technology and data management controls, as well as security measures to protect against unauthorised access to your information.
What happens if someone accesses my record without my permission?Legislation, including the Personally Controlled Electronic Health Records Act 2012 and the Privacy Act 1988, contains penalties for unauthorised access to your information. If you believe someone has accessed your record without your permission, call the helpline on 1800 723 471.
How can I view my eHealth record?You will have a user ID and password so you can view your record online whenever you want to. If you do not have online access, you can also use the telephone helpline 1800 723 471, and the operators can tell you what clinical documents are included within your eHealth record, although they will not be able to see the specific information within each clinical document.
How do I get a login and password?You will be able to set up a user ID and password during your application to register for an eHealth record.
Who has access to my login details?No one else has your login details. You should keep them secret so that no one else can access your information.
Will I be able to see who has accessed or updated my eHealth record?Yes. You can see an activity history of your eHealth record, which will show you when information has been added or removed. It will also tell you which healthcare organisations have accessed or updated your information and when. If you think someone has inappropriately accessed your record you can call the helpline on 1800 723 471.
Who has access to my eHealth record?Only you and the healthcare organisations providing your care can access and add to your record. You can also share your health information with family members, carers, or other trusted people if you wish.
If you choose to have an eHealth record, you can control what information is stored in the record and which healthcare organisations can access that information. This ability to set access control measures has been a key privacy feature of the eHealth record system.
However, only healthcare professionals involved in your care, authorised by participating Australian organisations, will be able to upload clinical information to your eHealth record.
Will my eHealth record be as safe as my current medical records?Yes.
Where is the data on the eHealth record system kept?Your health information is drawn from both public and private repositories, such as existing hospital data repositories, which are registered to participate in the eHealth record system. The Personally Controlled Electronic Health Record Act 2012 requires that all registered repository operators must be located within Australia and must not take or process records outside Australia.
Is information ever temporarily collected that will not be added to a consumer’s eHealth record?There may be times where information relating to a prescription medication(s) that a consumer does not want to be included in their eHealth record is collected temporarily in the eHealth record system for the purpose of screening for the information that is to be included.
This only relates to instances where a healthcare provider generates a prescription for multiple medicines to be dispensed together. It is possible in such an instance that a consumer may wish for information relating to only some of the medications prescribed to be uploaded to their eHealth record, while information relating to other medications on the same script is to be excluded.
In such a circumstance, because all the medications are on the same prescription and sent through electronically together, a data processing device called an adaptor may collect some consumer health information not destined for the eHealth record system, in order to extract the information that is to be uploaded.
Any non-eHealth record information collected in this way is kept secure and destroyed as soon as practicable.