Managing a patient’s eHealth record

Following are some frequently asked questions (FAQs) and answers to help individuals/patients and healthcare providers better understand Australia's eHealth record system and how having an eHealth record could benefit you over time.

Managing a patient’s eHealth record

    Which Healthcare Providers can upload a Shared Health Summary?

    A Shared Health Summary can be uploaded by someone who is a Nominated Healthcare Provider of the consumer.

    A Nominated Healthcare Provider is a healthcare provider who satisfies the following requirements:
    1. has an agreement with the consumer to be their nominated healthcare provider. The fact that a consumer is seeking healthcare from a healthcare provider can generally be taken as an agreement;
    2. has a healthcare identifier assigned to them; and
    3. is registered by a registration authority as one of the following
            1. a medical practitioner (see below); or
            2. a registered nurse (see below); or
            3. an Aboriginal health practitioner, a Torres Strait Islander health practitioner or an Aboriginal and Torres Strait Islander health practitioner.
    For the purposes of paragraph (c) (i) and (c) (ii), the eligible class of healthcare professionals listed are professions on the Australian Health Practitioner Regulation Agency (AHPRA) website.

    For the purposes of paragraph (c) (iii), the eligible class of healthcare professionals listed are those who have been awarded a Certificate IV in Aboriginal and/or Torres Strait Islander Primary Health Care (Practice).

    Will I have access to everything in a patient’s record?

    If a patient chooses to have an eHealth record, they consent to healthcare providers accessing and uploading clinical documents. A patient will be able to control what information is stored in the record and which Healthcare Provider Organisations can access that information (please refer to the Registering for an eHealth Record FAQs). This ability to set access control measures is a key privacy feature of the eHealth record system.
    If a patient has restricted your organisation’s access, or deleted a document from their eHealth record, the record will contain a message on the provider screen that states that it is not a complete record. The record will not indicate how a patient may have set their access controls, or if a document has been deleted by the patient.

    Only healthcare providers from authorised Australian organisations, with software that can communicate with the eHealth record system, will be able to upload clinical information to a patient’s eHealth record.

    Patients can read everything in full that is added to their eHealth record. You may choose to include additional information in your own local clinical information system that is not included in the eHealth record. In any event, patients have a right under the Privacy Act 1988 (Cth) to access the personal information that healthcare providers hold about them. For more information, please contact the Office of the Australian Information Commissioner at www.oaic.gov.au or 1300 363 992.

    What does this mean for my existing records?

    The eHealth record system does not replace existing clinical records. It is an additional tool that provides a summary of patient information entered by healthcare providers from different Healthcare Provider Organisations. It will enable a single view of a summary of a patient’s information from across the health system. It will only contain information that a patient has consented to have included in their eHealth record.

    If a healthcare provider sees a new patient with an eHealth record for a consultation, with the patient’s consent the healthcare provider can view their key medical information, which will save time questioning the patient or chasing missing information.

    Can I import data from the eHealth record system back into my own local clinical information system?

    A Healthcare Provider Organisation that is registered for the eHealth record system can access information from the national system via their local clinical information system.

    Contact your software vendor to find out if your organisation’s software is already compliant.

    Once the information is in the eHealth record system, how can I be sure that it is up to date?

    All clinical documents in the eHealth record system will be accompanied by document source information stating where, when and by whom the document was created. All clinical documents will also be digitally signed by the supplying Healthcare Provider Organisation to ensure they have not been modified since they were submitted. Based on the above information, a healthcare provider will then be able to make a professional judgement about the reliability of the information.

    It should also be noted that Healthcare Provider Organisations have an obligation to take reasonable steps so that any personal and health information uploaded to a patient's eHealth record is as accurate as possible and up-to-date at the time of uploading. 

    Is there a way to show who has looked at eHealth records?

    Yes. A person’s eHealth record has a view showing the activity history related to their record. This shows when information has been added or removed as well as the organisation that viewed the record and when. Healthcare providers will also be able to see an Access history of their own activity on the eHealth record system.

    What about in an emergency?

    Participating Healthcare Provider Organisations may access a patient’s eHealth record in an emergency, where patient consent is not possible. This is consistent with existing privacy laws.

    In life-threatening cases, where it is unreasonable or impractical to obtain a patient’s consent to access the eHealth record, healthcare providers may assert emergency access. This will override any access controls that have been set and provide your organisation with unrestricted access to a patient’s eHealth record for five days. Your use of the emergency access function will be logged in the Access history and may be notified to the patient if they requested notifications.

    Asserting emergency access is warranted where you believe that access to the information is necessary to lessen or prevent a serious threat to:
    • an individual’s life, health or safety and the patient’s consent cannot be obtained. This might occur for example, if the patient is unconscious; and/or
    • public health or public safety.

    Can a person enter their own health information into their eHealth record?

    Only participating healthcare providers can enter information in the clinical section of a patient’s eHealth record, ensuring it is clinically relevant and as accurate as possible.

    Patients will have their own section in the eHealth record, separate from the clinical section, where they will be able to enter personal information and keep notes for their own use.

    Patient-entered personal health summaries, including information on allergies and adverse reactions, are accessible to healthcare providers. However, personal health notes are intended for patients' private use and are not accessible by healthcare providers.

    In addition, the child development view in an eHealth record enables parents or the alternative Authorised Representatives of newborns and young children to enter information about their early health, growth and development. This information can be viewed through the Child development section in the eHealth record system.

    For healthcare providers participating in the eHealth record system, this provides access to additional information about a young patient that could potentially help inform the provision of healthcare.

    Healthcare providers can view the information entered by parents through the Child development function via the eHealth record system either via the Provider Portal or through eHealth record system compliant Clinical Information Software. When viewing the Child development information, it will be clear to the healthcare provider who was responsible for entering the information – the parent or the alternative Authorised Representative(s).

    As with the eHealth record system more broadly, the Child development function does not replace your existing clinical records and should not be regarded as a complete record. It is an additional tool that provides a summary of a child’s early growth observations, as entered by their parent(s) or the Authorised Representative(s).

    If a patient chooses to withhold information about psychiatric history, will the medications the patient may be taking be visible?

    People are able to choose what information is viewable through their own eHealth record. Just as they are able to limit access to their psychiatric information, they may also limit access to any related medications prescribed or dispensed.

    What should I do if I identify an error in a patient’s eHealth record?

    Only authorised healthcare providers can enter information in the clinical record, ensuring it is clinically relevant and accurate. However, if you or a patient find an error in a clinical document originating from another provider, you or the patient should notify the Healthcare Provider Organisation from which the document originated.

    If you become aware that information in a Shared Health Summary or other clinical document you have uploaded contains an error or is incorrect, you should upload a new, correct version of the Shared Health Summary. The historical version of the Shared Health Summary will still be available should it need to be viewed.

    A patient and/or the authoring healthcare provider can (with the patient’s permission) remove documents from the eHealth record, including the Shared Health Summary.

    If you identify an unexplained error in a clinical document that you have uploaded to a patient’s eHealth record, or have encountered a technical problem or service disruption while using the eHealth record system which may affect the care provided to your patient, you should call your software vendor to determine whether the error can be resolved locally. You should also call the eHealth helpline on 1800 723 471 and select option two (provider inquiries). When speaking to the operator, let them know that you have identified a clinical safety issue and provide the operator with a description of the problem so the issue can be registered with the System Operator, and resolved if it is a technical issue with the PCEHR.

    Can lists of medications in the eHealth record be altered?

    To maintain the integrity of the system, information uploaded to the eHealth record system, including medications, cannot be altered or edited (unless the patient has authored or uploaded the information). The system requires a new document to be uploaded by the authoring healthcare provider so, while the old version will still be visible, the uploaded document will take precedence. If a nominated provider wishes to change the medications listed in the Shared Health Summary, they will need to upload a new Shared Health Summary with the updated medication information.

    What is the National Prescription and Dispense Repository?

    The National Prescription and Dispense Repository in the eHealth record will make, over time, the prescribing and dispensing of medication a safer, more effective part of health care.

    The national Prescription and Dispense Repository provides for the creation of an online medication history (not retrospective) for patients with an eHealth record based on information collected at the point of prescription and the point of dispensing.

    The Prescription and Dispense View displays information entered by healthcare providers relating to the medications prescribed and dispensed to patients with an eHealth record.

    The Prescription and Dispense View displays the name and date a medication has been prescribed (both the brand and generic name), the strength or dose of the medication (e.g. 2mg, 20mg, etc), the direction for consumption (e.g. take one capsule daily) and the form of the medication prescribed (e.g. capsule, tablet, inhaler, etc). Similar information is also displayed as medications are dispensed.

    For healthcare providers participating in the eHealth record system, this gives a better view of the medications that have been prescribed and dispensed to a patient which, over time, will help support better clinical decisions.

    While the prescribe and dispense function is now available, benefits will only be realised over time as more people – individuals and Healthcare Provider organisations alike – register and participate in the eHealth record system. The Prescription and Dispense View should not be wholly relied upon to be complete record of prescribed and dispensed medicines for the purpose of medication adherence and reconciliation.

    Who can be a Nominated Healthcare Provider?

    The Nominated Healthcare Provider is the author of a Shared Health Summary. The healthcare provider authoring a Shared Health Summary is likely to be involved in ongoing care for the patient, or may be responsible for coordinating care across multiple healthcare providers.

    An individual can only have one nominated provider at one time. If a patient wishes to appoint a new Nominated Healthcare Provider, they can ask another participating healthcare provider to author and upload their Shared Health Summary for them.

    When they register, the patient provides a standing consent for their health information to be uploaded to the PCEHR. Provided that the patient has agreed for the healthcare provider to create their Shared Health Summary, further consent is not essential, as the patient has provided standing consent for their health information to be uploaded to the PCEHR System. It is good practice to discuss the proposed contents of the Shared Health Summary with the patient before uploading it.

    A patient is not required to have a Nominated Healthcare Provider. However, if a patient has never had a Nominated Healthcare Provider, the patient’s PCEHR will not contain a Shared Health Summary.

    Will the eHealth record system be available on smart devices (e.g. iPad, tablet, smart phone)?

    People will be able to view their own eHealth record on a device of their choosing. However, only the Child development function has a specific application for mobile devices such as iPads, tablets and smartphones. No mobile application has been developed to allow individuals to access and view their eHealth record as a whole.

    How will consent be managed with children?

    Except in special circumstances, parents or an alternative Authorised Representative (such as a legal guardian) will have control of their children's eHealth records from 0 to 14 years, including decisions as to which Healthcare Provider Organisations have access to the child’s record and which clinical documents they can see.

    After a child turns 14, they will be able to choose whether to manage their own eHealth record. This includes which Healthcare Provider Organisations have access to their record, which clinical documents they can see and which representatives are authorised to access to their record.

    If a child chooses not to take control of their eHealth record between 14 and 17, their Authorised Representative (which may or may not be a parent) can continue to manage their record until they turn 18. Once an individual turns 18, Authorised Representative(s) will automatically lose access to that eHealth record. Authorised Representative(s) for people under 18 years old will be notified when the individual has taken control of their eHealth record. If an individual still wants their parent(s) or guardian(s) to view information in their eHealth record after they turn 18, they will need to take control of their record and set them up as Nominated Representatives.

    In line with Department of Human Services’ policy regarding the Medicare Benefits Schedule (MBS), parents will not be able to view the MBS details of children aged over 14.

    What clinical safeguards are being developed as part of the eHealth record system?

    The eHealth record system is expected to improve access to clinical information and enhance patients’ health outcomes over time. As such, the eHealth record system has been designed with active contribution from healthcare providers from across the health sector, key professional bodies and other quality and safety experts.

    Recent enhancements to the system have, for example, improved the ability of healthcare providers and patients to search for and view prescription and dispensing information stored in a patient’s eHealth record, including ‘from date’ and ‘end date’ filtering in the Medicare Overview.

    Existing clinical standards apply to the use of information sourced from the eHealth record system. Healthcare providers can access further information about the safe use of eHealth records, including how eHealth considerations can be integrated into existing standards and clinical governance frameworks across the health sector, on the eHealth website (www.ehealth.gov.au).

    How can I be sure that health information will be secure?

    eHealth record data is stored in a secure data centre in Australia, in line with the Australian Government Protective Security Policy Framework.

    The eHealth record system implements high grade security protocols to detect and mitigate against external threats. The system is tested frequently to ensure these mechanisms are in place and robust.

    Healthcare providers and organisations already have a duty to keep their patients’ health information confidential and secure and that requirement will continue for the eHealth record system.

    In addition to the limits on who can access or update an eHealth record, the eHealth record system is protected by legislation.

    Security is a key design element of the system, which adheres to Australian Government security frameworks. Design features include audit trails, technology and data management controls, as well as appropriate security measures to minimise the likelihood of unauthorised access to information in a patient’s record. It is important to follow the guidance available from the RACGP or your medico-legal organisation on information security.

    The Australian Government strongly encourages businesses and organisations to take steps to ensure they are operating safely or providing services securely online. The Australian Government’s website Stay Smart Online (www.staysmartonline.gov.au) offers a lot of useful advice and tips for small and medium businesses about IT security.

    How has the insurance industry been involved in the development of the eHealth record system?

    Key members of the indemnity insurance industry have been involved in consultations for the development of the eHealth record system.

    These critical stakeholders have attended face-to-face consultations, made submissions in response to the consultation processes run by the Department of Health and have commented on specific sections of the legislation affecting them and their members. Their views have been sought and considered in relation to system design, legislation and change and adoption activities.

    Page last updated 21 November, 2013