Skip to main content
Skip to secondary navigation
Australian Government - Office of the Australian Information Commissioner - Home

My Health Records

The My Health Record system is the Australian government’s digital health record system. It contains My Health Records which are online summaries of an individual’s health information, such as medicines they are taking, any allergies they may have and treatments they have received. It was previously known as a Personally Controlled Electronic Health Record (PCEHR) or eHealth record.

A My Health Record allows an individual’s doctors, hospitals and other healthcare providers (such as physiotherapists) to view the individual’s health information, in accordance with their access controls. Individuals are also able to access their record online.

Although the My Health Record system has previously been a self-register model, it is set to become opt-out by the end of 2018. This means every Australian who does not already have a record will automatically be registered to have a My Health Record, unless they choose not to have one. There will be opportunities for individuals to opt-out mid 2018 if they do not want to have a My Health Record.

For further information about the My Health Record and what to do if you don’t want a record created, contact the Australia Digital Health Agency.

The My Health Records Act 2012 (My Health Records Act), My Health Records Rule 2016 and My Health Records Regulation 2012 create the legislative framework for the Australian Government’s My Health Record system.

The My Health Records Act limits when and how health information included in a My Health Record can be collected, used and disclosed. Unauthorised collection, use or disclosure of My Health Record information is both a breach of the My Health Records Act and an interference with privacy.

View our video presentation:

Privacy and the My Health Record system

Video download and transcript

The OAIC’s role in the My Health Record system

The Office of the Australian Information Commissioner (OAIC) regulates the handling of personal information under the My Health Record system by individuals, Australian Government agencies, private sector organisations and some state and territory agencies (in particular circumstances).

The OAIC’s role includes investigating complaints about the mishandling of health information in an individual’s My Health Record. The OAIC can also conduct ‘Commissioner initiated investigations’.

The functions and enforcement powers available to the OAIC under the My Health Records Act and Privacy Act 1988 include:

  • investigating and conciliating complaints
  • accepting enforceable undertakings
  • making determinations
  • seeking an injunction to prohibit or require particular conduct
  • seeking a civil penalty from the Courts
  • accepting mandatory data breach notifications from the System Operator, health care provider organisations, repository operators and portal operators


If an individual thinks that information in their My Health Record has been mishandled, they should first complain to the healthcare provider or other entity that they think is at fault. If they are not satisfied with the response, an individual can complain to the System Operator (via the Medicare Call Centre: 1800 723 471), the OAIC or the state and territory regulator (if the healthcare provider is a state or territory entity).

To complain to the OAIC about the handling of a My Health Record, go to the Individuals section of this website.

Where can you get more information?

For more information about healthcare providers’ responsibilities under the My Health Record system, and the OAIC’s role as the independent regulator of the privacy aspects of the system please see our business resources:

The OAIC has also developed the following video presentations to assist healthcare providers to understand their obligations in relation to the My Health Record system.

Handling sensitive information in the My Health Record system

Your legislative requirements under the My Health Records Act 2012 when handling patients' sensitive information and how you can apply privacy best practice.

Video download and transcript

Data breach requirements in the My Health Record system

My Health Record mandatory data breach requirements and how to respond.

Video download and transcript


Information for consumers

The OAIC has developed tips to protect your My Health Record and fact sheets for individuals about the My Health Record system.

OAIC Guidelines

Healthcare Identifiers

More information about Healthcare Identifiers can be found on the Healthcare Identifiers page of this site.

Department of Health

Enquiries: 1800 723 471