My Health Record legislation and governance
Information about the My Health Records Act and more.
Legislation
The My Health Record system operates under the My Health Records Act 2012.
The Act establishes:
- the role and functions of the System Operator,
- a registration framework for individuals, and entities such as healthcare provider organisations, to participate in the My Health Record system,
- a privacy framework (aligned with the Privacy Act 1988) specifying which entities can collect, use and disclose certain information in the system (such as health information contained in a healthcare recipient’s My Health Record), and the penalties that can be imposed on improper collection, use and disclosure of this information.
The Commonwealth Minister for Health can make My Health Records Rules under section 109 of the My Health Records Act, about matters required or permitted by that Act to be dealt with by My Health Records Rules, as set out in the My Health Records Act.
The Rules currently in force are:
- My Health Records Rule 2016 - this specifies requirements for registered entities in the system,
- My Health Records (Assisted Registration) Rule 2015 - this specifies requirements for registered healthcare providers that assist individuals to register (through ‘assisted registration’),
- My Health Records (National Application) Rules 2017 - which provides for the national implementation of the My Health Record system opt-out model under Schedule 1 of the My Health Records Act.
A foundation of the My Health Record system is the Healthcare Identifiers Service, which is established under the Healthcare Identifiers Act 2010. More information about the legislation supporting the Healthcare Identifiers Services is available.
Other legislation supporting the My Health Record system is:
- My Health Records Regulation 2012 - this specifies additional information as identifying information and privacy laws that continue to apply to the disclosure of sensitive information,
- Healthcare Identifiers Regulations 2020 - these provide additional detail and requirements regarding the operation of the Healthcare Identifiers Service,
- My Health Records (Information Commissioner Enforcement Powers) Guidelines 2016 - these set out the Information Commissioner’s general approach to exercising its enforcement and investigative powers under the My Health Record system.
System Operator
The Australian Digital Health Agency was established in 2016 under the Public Governance, Performance and Accountability (Establishing the Australian Digital Health Agency) Rule 2016.
Section 14 of the My Health Records Act provides that the System Operator is the Secretary of the Department of Health or a body established by a Commonwealth law that is prescribed under the regulations.
Prior to 1 July 2016, the System Operator was the Secretary of the Department of Health. On 1 July 2016 the Australian Digital Health Agency became the System Operator. Regulation 2.1.1 of the My Health Records Regulation 2012, prescribes the Australian Digital Health Agency to be the System Operator.