ADHA admits My Health Record information may not be safe

Font Size:

Concerns about the safety of sensitive health data stored in the Government’s My Health Record initiative may be well founded.

“It’s impossible to make any online database entirely bullet proof,” admitted the head of the Australian Digital Health Agency (ADHA), Tim Kelsey, in a Q&A published on

The Australian Government’s My Health Record initiative has been under scrutiny for some time, with public fears about personal information being exposed or accessed by insurers, commercial organisations and third parties.

As of today and for the next three months, Australians can opt out of having an online summary of their health information shared by doctors and health professionals, otherwise a record will be automatically created.

While the project aims to give health professional access to important patient information, including test results, scans, treatments and prescriptions, concerns about the safety of our most personal data have not yet truly been addressed.

The good news for those on the paranoid side, you can opt out in one of three ways:

  • online: by visiting visit
  • phone: by calling 1800 723 471
  • on paper: by completing a form available in 2385 rural and remote Australia Post outlets, through 146 Aboriginal Community Controlled Health Organisations and in 136 prisons, then mailing to the return address.

Those who opt out can opt in at any time.

But even for those who opt in initially, there is still a way to control the information processed by doctors. In fact, doctors will upload health information unless you ask them not to.

You can control whether any medical documents, a summary of prescribed medications or referral letters are loaded onto the database. Doctors will upload information about prescribed medications, unless you request otherwise, so if you don’t want this included, make sure you speak with your doctor each time you visit.

However, ‘tailoring’ your medical records could come at the expense of your health, as the quality of the overall health summary could be skewed to leave out important information that may one day save your life. 

When you first access the system, you’ll be also asked to decide whether you want two years of Medicare Benefits Schedule, Pharmaceutical Benefits Scheme, Australian Immunisation Register, and Australian Organ Donor Register data added to the register.

But if your doctor accesses your record first, this information will automatically be uploaded, although you can delete or restrict access to those documents at a later date.

My Health Record information will be held for 30 years after you die, or 130 years after your birthdate.

While most Australians know having such a record could be good for their health, it’s the security of this information that concerns them most.

Mr Kelsey told the ABC: “Insurers shouldn’t be able to access your record – it’s reserved for people who work for a registered healthcare provider and who are authorised to provide you with care.”

However, the Department of Health says My Health information can be used for research and public health purposes, in either a de-identified form or in an identified form, if the use is expressly consented to by the consumer, and users can tick a box to opt out of secondary use.

Secondary users are supposed to be of public benefit and cannot be ‘solely’ commercial, but Australian and some overseas organisations, including pharmaceutical companies, will be able to apply for approved secondary purposes.

The ADHA is also discussing ‘re-platforming’ the system, which will require independent third parties to audit the system’s security and undertake penetration testing.

And any information may also be stored on your doctor’s local hard drive, which could also be susceptible to hacking.

According to Mr Kelsey, if you have privacy concerns, you can log onto My Health Record and restrict who sees it:

  • you can set a Record Access Code and give it only to healthcare professionals you want to access your record
  • if you want to restrict certain documents, you can set a Limited Document Access Code
  • these controls may be overridden in an emergency
  • if a document is removed from the My Health Record system, it’s beyond the reach of your access controls.

If anyone accesses your information without authorisation, civil and criminal penalties may apply.

You’ll also be able to check your access history to see who has been looking at your records, and you can set up an SMS alert any time someone accesses your record. To do this, call the ADHA on 1800 723 471.

The ADHA is also required by law to give access to your data to police and law enforcement agencies, if there is a reasonable belief that it’s necessary for preventing or investigating a crime or protecting public revenue.

You can opt out of My Health Record from 16 July to 15 October. After 15 October, there will be a one-month reconciliation period before new My Health Records are registered.

Are you worried about your health records being made public? Will you opt out?

Join YourLifeChoices today
and get this free eBook!

By joining YourLifeChoices you consent that you have read and agree to our Terms & Conditions and Privacy Policy


My Health Record explained: do you need one?

Should you get a My Health Record? Here's what you need to know.

Digital reforms aim to transform health system

Is this the solution to sharing of health history?

Medicare patient details are available to buy on the ‘darknet’

A popular site for illegal products offers Medicare details for $30.

Written by Leon Della Bosca

Leon Della Bosca is a voracious reader who loves words. You'll often find him spending time in galleries, writing, designing, painting, drawing, or photographing and documenting street art. He has a publishing and graphic design background and loves movies and music, but then, who doesn’t?



Total Comments: 34
  1. 0

    Read about that this morning. So where are the Privacy Laws which protect crooks when they hide? Surely companies which deal in our data have the same laws applying to them? Jail sentences needed as well as fines which will cripple the business which administers the website holding our records. The silence will be deafening……oh yes, the laws do not apply to business?????

    • 0

      Indeed – abuse of access to privileged information handed over in good faith must be punished by draconian fines and even imprisonment for serial offenders.

      It’s time business stopped behaving as if it is above the laws of the land, and time for government to stop turning a blind eye.

  2. 0

    Not concerned about the possibility that someone may hack them – anyone who so desperately needs to hack medical records would be an incredible time waster.

    My concern is where governments view OUR personal data collected without any right of refusal from us, as an ‘asset’ they can sell off or just hand around to their mates.

    I’ve said it before and I’ll say it again – possession of government data is a sacred duty and there are no outlets for using it as anything other than government data for the purposes for which it is collected.

    I had that argument with D^D years ago when personal data was leaked to interest groups who were stirring up trouble for Veterans – and still do – but there is a tsunami rising against them.

    • 0

      Oh – I’ve noticed that on some of the paperwork from my doctors, it is clearly stated that the information will not go on this record – it seems that some doctors take the view that unless actively asked to put it there, they will not.

    • 0

      Doctors have been fighting this for the last couple of years on the grounds that the system cannot guarantee the confidentiality and privacy of the patient’s details. The system was opt in when first mooted but so few doctors actually ‘opted in’ that the Government made it opt out as it is now.

      It is now up to the individual to be aware enough to act. I have and the process is easy enough just need a medicare card and say a driver’s licence.

      My concerns are around who else has access. Already there have been applications for access from a range of people/organisations even including insurance companies. I have no faith that my data will be secure.

  3. 0

    Jeez – surely the free competition market will ensure a fair price and that self-regulation will work a charm…

    (word for today – reguilation – doing the same dirty deed over and over under cover of regulation)

    • 0

      Come in spinners….. and after all the government should have no constraints on what it puts forward as policy or in terms of anything, and is not beholden to the peasants who are vassals of the state except at the voting booth…… government must be allowed to govern, right and be given a total mandate to do as it chooses …… and all those commos out there need to be gathered up and sent to the gulags…..

    • 0

      Yes but we may need to take court action to get our share of the loot. Civic action to ensure they pay us for our info coming up.

  4. 0

    Plus the fact that so often Drs prescribe medications that you are no longer on but NEVE seems to take it OFF the records so if you were to go in the hospital then this Medication may be given to you with devastating effects and you may not be in a fit state to tell them.

    • 0

      You are quite right Plan B

      If you are not in a fit state to advise people of your current medication it definitely could have devastating effects.

      Further more, somebody elses medications could accidentally be placed on your list.

    • 0

      Ooooh, best to tell your doctor not to keep any records of anything he prescribes, or what illnesses you have had in the past. I mean, why do you think his records are accurate or not subject to hacking?

      I vote for survival and don’t mind that the hospital I get taken to in an unconscious state can see that I was vaccinated for small pox in 1953 and had my appendix removed in 1973. I certainly want them to know what medications I’m currently on.

      I’m going with Plan A.

  5. 0

    I see this proposal of little benefit to my wife and myself so we intend to opt out, I am in my mid 70s so what is the point of only loading up the last two years of Medicare and PBS, what about the 70+ years that went before, there were a few significant medical episodes for us both during that time frame. I can understand that young people could find it beneficial, and it could be a good way to curb drug addict ‘doctor shopping’, but the integrity of the digital data is of concern.

  6. 0

    I don’t think the government is going to be worried about the pensioner + age group as they know that many will see this for what it is. What they are after is the long term product which includes those under thirty who have become so ue to uing electronic platforms that they don’t even think about the bigger implications of privacy and security that are bound up in this action.

  7. 0

    The ghastly computer and web security status quo:
    1. There are no 100% secure computers in this world at a hardware level.
    2. There is no 100% secure Operating System [OS] software anywhere in this whole world
    So there are no 100% secure Computer systems, period!
    No thanks go to Intel, Microsoft, Apple, Cisco and the NSA and all the intelligence & security apparatus in every country including OZ for weakening our computers and servers and thus breaking our security down even further in the guise of protecting us! Hah!
    My contacts in the SAS have confirmed the above.

  8. 0

    This is all far too complex. It is up to the agency – My Health Records – to ensure the safety of our information. If my data gets into the wrong hands I know who I will be blaming, and hopefully suing

  9. 0

    What could possibly go wrong ??!! It’s ironic that the Govt. is trying to quietly rush through this monstrous data collection system when the news is almost daily telling us of breaches in security resulting in data on-selling, sharing, hacking etc using information initially given by people in good faith. Remember all the who ha over the Australia Card ? People screamed from the rooftops about the threat to the privacy of the individual that might have represented – this health record data collection is like the Australia Card proposal on steroids and it’s being introduced by stealth. It is absolutely certain that some information is going to get into the wrong hands. Why do they need to collect every bit of health data on an individual? I’d be quite happy for my current GP to put a summary of my health history and a list of present medications into a central data base accessible only to other medical people but not into some Stasi like data bank overseen by Peter Dutton. I’m opting out.

    • 0

      It is odd. The wouldn’t build a decent internet grid for Australia but want to build these huge data systems.
      It has to be either for surveillance al la Dutton or because someone is getting paid a huge wad of tax dollars.

      Maybe this makes sense when you see a different doctor every time due to the way the system works

    • 0

      Quietly rushing through? I opted in 6 years ago.

  10. 0

    I have not been to a doctor for over 5 years, so wondering if I even have a health record. Sounds like another big brother thing to me, the more they know about us helps them to control us.

Load More Comments



continue reading


What is deep sleep and how can you get more of it?

You may have heard that adults need between seven and nine hours of sleep each night. But the quality of...

Technology News

Why you may have to buy a new device whether you want to or not

Michael Cowling, CQUniversity Australia We've probably all been there. We buy some new smart gadget and when we plug it...


Poll reveals support for vaccinations and compulsory masks

Fewer Australians say they would take a coronavirus vaccination now than at the outset of the pandemic, but a big...


How to avoid being tracked online

The internet is most likely monitoring every move you make through your computer or device and, unless you know the...


Aussies want Morrison to refute health misinformation

Australians are fed up with the growing spread of misinformation related to the COVID-19 pandemic and want Prime Minister Scott...


The diet that can put type 2 diabetes into remission

Consuming fewer carbohydrates can potentially put type 2 diabetes into remission. An international study involving Australia's CSIRO found that strict...


CHOICE tips to take charge of 2021

Have you made a resolution to be better with money this year? After 2020, many of us could probably do...


The rules and the telltale signs that you're too old to drive

Approaching the subject of giving up driving due to age can be difficult for all involved. While driving offers independence,...