All healthcare providers in Australia have professional and legal obligations to protect their patients' sensitive health information. Practice owners and managers need to understand their obligations under the Privacy Act 1988 and should be striving to embed good privacy in their practice. In addition, healthcare organisations are required, by legislation, to have a written My Health Record security and access policy to register, and remain registered, with My Health Record regardless of the organisation’s size or how often they access the My Health Record system. At a minimum, an organisation’s My Health Record security and access policy must address the following:
Having a My Health Record security and access policy helps to ensure that the information held within My Health Record is used appropriately, kept secure and protected.
Listen to the Australian Digital Health Agency’s new podcast to learn more about the key components of a My Health Record security and access policy.
Many resources are available to support practices in creating their My Health Record security and access policy.
Policy guidance and a downloadable policy template that can be customised to suit your healthcare organisation is available from the Office of the Australian Information Commissioner website.
A policy checklist is available from the Australian Digital Health Agency’s website.
Additional policy guidance for sole traders is available from the Australian Digital Health Agency’s webpage on security and access policy guidance for sole traders.
To learn more about developing and maintaining a My Health Record security and access policy for your organisation, access the Australian Digital Health Agency’s free eLearning module. The OAIC also have a general ‘Guide to health privacy’.