Any healthcare organisation, whether a large, multi-clinic medical practice or a solo private provider, must have a My Health Record security and access policy in place if registered to participate in the My Health Record system.
Maintaining and promoting this policy is an important way of ensuring the system is used safely and responsibly by staff.
There are several useful resources to assist you with developing or maintaining your policy and meeting the ongoing participation obligations.
A key requirement of any healthcare organisation’s policy is to ensure that users of My Health Record receive training before being authorised to access the system.
The training should include:
- how to use the system accurately and responsibly
- legal obligations of the healthcare provider organisation and people who access the system on behalf of the organisation
- the consequences of breaching those obligations
Users need to understand when they can view or upload information to My Health Record as well as the appropriate and lawful use of the emergency access function.
The Australian Digital Health Agency has provided the following resources to support you in meeting your participation obligations:
Recommended My Health Record Training
My Health Record – information for healthcare providers
Free eLearning module (security and access policy)
Security and access policy guidance template developed by the Office of the Australian Information Commissioner