Protecting consumers and vulnerable groups


Vulnerable population groups often access the healthcare system through the ED.

Three simple strategies to avoid misuse:

1. Think Privacy

Protect the privacy of patients and their sensitive information held in My Health Record.

2. Think Security

Don’t provide unauthorised access to a patient’s record or share passwords and login details. This means not sharing login details or passwords for systems (e.g. hospital eMRs) that may be used to access the My Health Record.

3. Think Quality

Remember, your discharge documentation is likely to be uploaded to the patient’s My Health Record, meaning there is a much greater audience than a standard GP discharge letter provided to your patient.

Consumers' Rights

Consumers have a right to control and display what information they want you to see in their My Health Record. A consumer can:

  • Choose to cancel their My Health Record altogether by deleting it permanently.
  • Apply record access controls to their entire My Health Record, or hide individual documents, requiring a document code for access.
  • See who has accessed their My Health Record through an audit log, auto-notification email or SMS.
  • Request that a particular document not be uploaded to My Health Record, by withdrawing their consent to upload.
  • Allow and restrict record access to a specific healthcare provider or healthcare organisation.

Protecting Vulnerable Groups

Clinicians can support and protect the privacy of vulnerable patients by undertaking simple steps: 

Be Mindful

Be mindful that the information contained within a patient’s My Health Record may be accessed by a broader group of healthcare providers. Reminding a patient that the information from a hospital visit will be uploaded can prompt them to remove or restrict access to a report or document (if they happen to be concerned about sensitive information being uploaded to their record eg. sexual health or mental health history).

Be Aware

Be aware that adolescents gain control of My Health Record from their parent/s or guardian at age 14. Conversations about My Health Record content can be held with 14-17 year-olds independent of their parent/s or guardian.


Discuss with your patient whether they are happy to share hidden information with you, as it may impact your clinical decision making. For example, some patients with a mental health history may prefer to restrict access to documents from clinicians by applying a Limited Document Access Code (LDAC).


Inform patients with sensitive past medical history that when accessing their record for the first time, they can opt-out of MBS and PBS data being populated into their My Health Record.


There are significant penalties for misuse of My Health Record. It is important to understand which aspects of this legislation might affect you when interacting with the system. Several key pieces of legislation govern the use of My Health Record by clinicians: