The Australian Parliament has passed a second round of protections to strengthen privacy for My Health Record

On Monday the Australian Digital Health Agency announced that the Federal Parliament had passed further amendments to the My Health Records Act 2012 ‘without debate or division’, as part of the My Health Records Amendment (Strengthening Privacy) Bill 2018.

These amendments were announced by Health Minister Greg Hunt early this month. The changes will:

  • Allow Australians to permanently delete their records, and any backups, at any time. A My Health Record that was cancelled in the past (and archived) will also be permanently deleted.
  • Explicitly prohibit access to My Health Records by insurers and employers. Under these measures, insurers and employers are prohibited from accessing any information within your My Health Record or asking you to disclose your information.
  • Provide greater privacy for teenagers 14 years and over. Under these measures, once a teenager turns 14, parents will automatically be removed as authorised representatives.
  • Strengthen existing protections for people at risk of family and domestic violence. Under the changes, the Agency will no longer be obliged to notify people of certain decisions if doing so would put another person at risk. Additionally parents subject to a court order, where they do not have unsupervised access to their child, or who pose a risk to the life, health and safety of the child or another person will no longer be eligible to be an Authorised Representative. 
  • Increase penalties for misuse of information. Civil fines will increase to a maximum of $315,000, with criminal penalties including up to 5 years’ jail time.
  • Clarify that only the Agency, the Department of Health and the Chief Executive of Medicare (and no other government agency) can access the My Health Record system.
  • Explicitly require law enforcement and other agencies to produce a court order to access information in My Health Records.
  • Make clear that the system cannot be privatised or used for commercial purposes.

The Australian Digital Health Agency welcomed the decision by the Australian Parliament.

Records will be created for every Australian who wants one after 31 January 2019, which is the new opt-out date after the Senate voted to extend the period a few weeks ago.

“The opt-out period will be extended until January 31, 2019, however, it’s important to note that people can opt-out at any time,” said Minister Hunt.