Under the My Health Records Act 2012, healthcare provider organisations are authorised to collect, use and disclose health information in a healthcare recipient’s My Health Record for the purpose of providing healthcare to the recipient, subject to any access controls set by the recipient.
When can I view and upload information to a patient’s My Health Record?
- As a healthcare provider, you can access an individual’s My Health Record for the purpose of providing healthcare to that person
- The healthcare provider does not need to obtain consent from the patient on each occasion prior to viewing or uploading information
- The patient does not need to review clinical information prior to the upload
- The patient does not need to be present when the healthcare provider is accessing the record
- If a patient explicitly asks you not to upload particular information to My Health Record, you must comply with that directive
- It is prudent to discuss the information you are planning to upload with your patient if that information is of a sensitive nature
- You must act in accordance with state and territory laws pertaining to consent and the disclosure of sensitive information (e.g. with regard to the publication of HIV results)
- Seek medical defence organisation (MDO) advice if you are unclear on the legislation governing consent/disclosure of sensitive medical information in your state or territory