blog 200630 mhr

Anyone who receives Medicare in Australia or has an individual healthcare identifier (IHI) has a My Health Record (MHR) account. This was set up by the Australian Digital Health Agency (ADHA), unless they opted out before the end of January 2019 or have cancelled their record. Your personal medical information can now be shared between you and your healthcare providers like doctors, specialists and hospital staff.

The My Health Record (MHR) account is an online database of summary information owned by the federal government that is uploaded by you or your GP, your specialists, pharmacists, participating pathology labs or diagnostic imaging providers, or someone authorised to represent you. It can include details of your health conditions and treatments, immunisation history, prescriptions and medicines you take, hospital discharge information, Medicare and Pharmaceutical Benefits Scheme (PBS) claims history, your allergies, emergency contact details, test or scan results and your organ donation status. This information can be accessed by your healthcare providers like doctors, specialists and hospital staff.  This system is in addition to your GP’s medical record system and  doesn’t replace any of your existing health records.

Benefits for a MHR

The MHR offers many benefits for people living with HIV. For example, all your health information is in one place. If you change doctors, all of your test results and medical information are easily accessible to your new doctor without the hassles of transferring your file to a new practice. If you’re in an accident or you can’t speak, your healthcare providers can use it to coordinate your care, and act quickly and confidently with access to all your medical history. You can also organise medication and prescription repeats online and have them sent to your local pharmacist without extra costly appointments for a simple refill. As people living with HIV, these are definite advantages.

Having said that, there remain considerations for some people living with HIV. Many people living with HIV and other people who are affected by HIV, such as sex workers, people who inject drugs (PWID), Aboriginal and Torres Strait Islanders, immigrants and refugees, and anyone receiving welfare payments, already encounter significant stigma and discrimination. Any database holding your personal information is a risk to your privacy even if the data is de-identified (the removal or change of information that could be used to identify an individual).

In December 2017, academics from the University of Melbourne showed how easy it was to take de-identified data and re-identify individuals through a process of relinking publicly known details. In this case the re-identified records included “potentially exposing if someone is on HIV medication, has terminated a pregnancy, or is seeing a psychologist.”

We’ve already seen health data being shared for purposes other than primary healthcare around the world. In 2018, the UK National AIDS Trust, along with the Parliament’s Health and Social Care Committee, called on NHS Digital (the equivalent of the ADHA) to stop sharing immigrants’ personal health information with the Immigration Department. Data sharing for immigration purposes scares people away from healthcare. These negative outcomes erode our trust in the health system and makes remaining engaged in health and Ending HIV a more difficult task.

Controversy, Criticism and Changes

Setting up the system was controversial. Concerns about the system saw the opt-out deadline changed three times, multiple website crashes, and jammed phone lines. Regular news reports of Australian and global breaches of health data, highlighted concerns remained around misuse, security, access, privacy and system design. The government responded to the concerns and submissions of people living with HIV with constructive changes to the legislation through the My Health Records Amendment (Strengthening Privacy) Bill 2018.

Strengthening Privacy Bill amendments prevent police and government agencies from accessing MHR data without a warrant or specific court order. Likewise, insurance companies and employers are not permitted to access MHR information, unless you specifically request it is released to them. MHR data cannot be used for commercial interests unless it can be demonstrated it is likely to be ‘in the public interest’ consistent with ‘research and public health purposes’. This Bill increased the penalties for the misuse of MHR data up to five years’ jail, instead of two, and the maximum fine has more than doubled to $315,000. The big change as a result of this Bill means you will be able to permanently cancel your MHR, resulting in the record being completely deleted from the system.

One of the original criticisms of the MHR was ambiguity around the ‘secondary use’ of your health data. ‘Primary use’ is when information is used for the purpose it was collected for, such as uploading x-ray reports, discharge summaries and health information to take care of your health. ‘Secondary use’ of MHR data is when information is used for a purpose other than that for which it was originally collected. Examples include passing information to researchers involved in clinical trials.

If you have a MHR today, your consent for secondary use is still implied. If you only want your health data to be used for the purpose of direct clinical care, you need to click the ‘withdraw participation’ option on your MHR to stop your data going to any third party.

Record Confidentiality

The digital health record system has been designed with security settings in place. It can only be seen by you, your healthcare providers and any people you choose to share it with. While documents in your MHR are set to ‘general access’ for healthcare providers by default, you can change your access control settings at any time. You can see details of who has accessed your My Health Record at any time, and restrict access over what your treating doctors and specialists can see within your record, by setting a record access code or limited document access code.

Positive Life believes the ownership and confidentiality of your personal electronic health data must remain under your full control as a person living with HIV. Confidentiality impacts all of us living with HIV differently. We need to be fully aware of the details covering our confidentiality such as who has access to our private health data, when they can access it, what the potential implications are and what it might be used for. In the case of an emergency, for example, any advanced security controls previously set by you can be overridden for five days. This might seem reasonable enough to the average person.

While the MHR system may provide some security measures, it is not a private database. Any information remains the property of (and available to) authorities for your lifetime or “130 years after the document was uploaded”, even if you cancel your MHR account.

If you choose to have a MHR

Confidentiality and disclosure impact all of us who live with HIV differently. Many of us who are living with HIV have had chaotic times in our lives. When you’re honest with your doctor in the confidential appointment setting to get the physical or mental healthcare you need (eg., for drug use), MHR can potentially place you in the criminal justice system, even if your doctor had no intention of reporting you.

Each of us needs to make an informed decision about MHR. If you choose to have a MHR, know who can view your MHR, and where and why they might access it. Make sure you understand the privacy controls on your record and how they work so you can switch off access to certain information or restrict access to some parts of your MHR. Decide what level of risk you’re comfortable with, and the value of your personal health information, and proceed on that basis.

Positive Life still takes the position that people living with HIV from vulnerable populations, such as sex workers, PWID, people who live with a criminal record or involved with the criminal justice system, people who are non-monogamous, polyamorous or single, and anyone who receives a STI diagnosis and treatment every 6-12 months could be better off to cancel or delete their MHR. The onus is on us individually to set the level of access we’re comfortable with across our record and understand the potential implications of the level of access we choose. Each of us will need to weigh up the benefits of having a MHR compared to the risks of having our health data online.

If you need further information or support about MHR and what this means for you please contact Positive Life on (02) 8357 8386, 1800 245 677 (freecall) or email


  1. ce4d0f2b0a4501a77f9eaab2d11c8ce5?s=54&d=mm&r=g
    Dr Bernard Robertson-Dunn 17 May 2018 at 4:04 am

    Re: “This My Health Record account centralises all your health information”

    This is incorrect. My Health Record is a government owned database of summary information that you or your GP uploads.. This system is in addition to your GP’s medical record system. It may also include discharge summaries, event summaries uploaded by your dentist or pharmacist, none of whom need your consent to upload your health data. In fact the whole My Health Record opt-out initiative is being done without any requirement to gain your consent.

    FYI, the access controls only apply to health professionals, they do not apply to the government itself. There are a number of circumstances detailed in legislation that permit the System Operator (the government) to give data to courts, law enforcement agencies and government agencies in “the protection of public revenue”. This will be done without your consent or even knowledge.

    The safest thing to do is opt-out.

    • f6448fd77b535bd0869a5980ddf41517?s=54&d=mm&r=g
      Positive Life NSW 25 July 2022 at 3:16 pm

      Thanks Bernard. We’ve updated this post.

  2. 837b2202497cde5ca7bcc00d0ed9f8c6?s=54&d=mm&r=g
    Robert Blee 17 July 2018 at 9:29 am

    30+ years in IT. I am an individual and not a statistic. I don’t want anyone to interperate my connected personal information. All databases have to reveal your information to someone. A connected database identifies me as an individual. So my security as an individual would never be comprimised if I have no data to expose to “someone”.

Comments are closed.

Aboriginal and Torres Strait Islander Support
housing support for people living with HIV
Ageing Support
Treatments and Managing your HIV