Other legal requirements
- Ensure staff receive initial and ongoing training in the use of My Health Record
- Create and maintain My Health Record policies for the organisation
- Take reasonable steps to prevent misuse of/unauthorised access to Healthcare Identifiers with account management measures
- Do not discriminate against any individual because they do or do not have a My Health Record, or because of the access controls they have set in their My Health Record
- Take care to ensure information is accurate to the best of your knowledge before uploading to My Health Record
Acts, Rules and Regulations governing My Health Record
- My Health Records Rule 2016
- My Health Records Regulation 2012
- Healthcare Identifiers Act 2010
- Healthcare Identifiers Regulations 2010
- Privacy Act 1988 and Privacy Amendment (Enhancing Privacy Protection) Act 2012
State based legislation
Authority under the law to upload information is subject to two exceptions:
- where the healthcare recipient instructs the healthcare provider not to upload the information
- where the clinical document includes health information subject to certain confidentiality provisions in either the Public Health Acts of NSW, Queensland or the ACT, and the healthcare organisation is subject to the particular Public Health Act.
The My Health Records Act recognises that under some state and territory laws consent must be given expressly, or in a particular way, before information related to specific areas of health is disclosed.
The state and territory laws which have specific consent requirements regarding the disclosure of health information are listed in clause 3.1.1 of the My Health Records Regulation 2012. If a state or territory law is listed in this clause, then the consent requirements of those laws overrule the provisions of the My Health Records Act.
NSW
In NSW, the types of health information are ‘Category 5 medical conditions’, which are AIDS and HIV. These Public Health Act confidentiality provisions apply to a ‘medical practitioner’, and could be from either the public or private sector. As such, a healthcare provider in NSW cannot rely on the authority under the law model to upload information relating to AIDS or HIV, but must request additional consent of the healthcare recipient to upload such health information to My Health Record.
Queensland and ACT
In Queensland and the ACT, the types of health information is much broader, and includes notifiable conditions, contagious conditions, cancer notifications and National Cancer Screening Register information. However, these Public Health Act confidentiality provisions apply only to persons who collect the information as part of performing a function under the Act (eg those public sector individuals who maintain a notifiable conditions register).
