Many safeguards are in place to protect the information held in the My Health Record system, such as strong encryption, firewalls, secure login processes and audit logging.

There are people, processes, technologies and legislation keeping the information held in My Health Record safe.

People

The My Health Record system is monitored by the Cyber Security Centre within the Australian Digital Health Agency. All personnel involved with the administration of the system undergo security checks.

Process

A range of security processes limit access to the My Health Record system. External software goes through a conformance process before it is allowed to connect to the system. This includes healthcare provider software and mobile applications.

Technology

We use a range of technology to protect the sensitive personal and health information held in the My Health Record system, including:

firewalls to block unauthorised access

audit logs to track access to records

initial and regular anti-virus scanning of documents uploaded to records, and

system monitoring to detect suspicious activity.

Legislation

The privacy of information in the My Health Record system is protected by legislation which includes:

Significant penalties apply for deliberate misuse of this information.

Find out more about My Health Record governance and legislation.