Other legal requirements

View Transcript

  • Ensure staff receive initial and ongoing training in the use of My Health Record 
  • Create and maintain My Health Record policies for the organisation 
  • Take reasonable steps to prevent misuse of/unauthorised access to Healthcare Identifiers with account management measures 
  • Do not discriminate against any individual because they do or do not have a My Health Record, or because of the access controls they have set in their My Health Record 
  • Take care to ensure information is accurate to the best of your knowledge before uploading to My Health Record 

Acts, Rules and Regulations governing My Health Record 

State based legislation 

Authority under the law to upload information is subject to two exceptions: 

  1. where the healthcare recipient instructs the healthcare provider not to upload the information 
  2. where the clinical document includes health information subject to certain confidentiality provisions in either the Public Health Acts of NSW, Queensland or the ACT, and the healthcare organisation is subject to the particular Public Health Act. 

 The My Health Records Act recognises that under some state and territory laws consent must be given expressly, or in a particular way, before information related to specific areas of health is disclosed. 

The state and territory laws which have specific consent requirements regarding the disclosure of health information are listed in clause 3.1.1 of the My Health Records Regulation 2012. If a state or territory law is listed in this clause, then the consent requirements of those laws overrule the provisions of the My Health Records Act. 


In NSW, the types of health information are ‘Category 5 medical conditions’, which are AIDS and HIV. These Public Health Act confidentiality provisions apply to a ‘medical practitioner’, and could be from either the public or private sector. As such, a healthcare provider in NSW cannot rely on the authority under the law model to upload information relating to AIDS or HIV, but must request additional consent of the healthcare recipient to upload such health information to My Health Record.  

Queensland and ACT 

In Queensland and the ACT, the types of health information is much broader, and includes notifiable conditions, contagious conditions, cancer notifications and National Cancer Screening Register information. However, these Public Health Act confidentiality provisions apply only to persons who collect the information as part of performing a function under the Act (eg those public sector individuals who maintain a notifiable conditions register).  

View Transcript 

Relevant RACGP resources 

Other Toolkits

The Royal Australian College of General Practitioners acknowledges Aboriginal and Torres Strait Islander peoples as the Traditional Custodians of the land and sea in which we live and work, we recognise their continuing connection to land, sea and culture and pay our respects to Elders past, present and future.