Annual reminder of healthcare provider obligations for My Health Record
The Australian Digital Health Agency offers advice for providers to ensure they are compliant with legislative and rule requirements.
The Australian Digital Health Agency is reminding healthcare provider organisations registered for the My Health Record system, to ensure they remain compliant with eligibility requirements and legislative obligations.
Annual My Health Record health check for registered healthcare provider organisations
Make sure your organisation is compliant with registered healthcare provider participation obligations
An annual check of your My Health Record registration details ensures your organisation receives relevant information and complies with relevant legislative obligations.
What details should be reviewed?
Your organisation’s My Health Record security and access (Rule 42) policy must be reviewed at least annually and when any material, new or changed risks are identified.
What ongoing obligations does my organisation have regarding security and access to the My Health Record system?
A healthcare provider organisation that is registered for the My Health Record system must establish and maintain a policy that addresses requirements outlined in Rule 42 of the My Health Records Rule 2016. This policy is required regardless of how often you access the My Health Record system, or how big your organisation is.
Note: under My Health Record legislation, if the My Health Record system operator (the Australian Digital Health Agency) requests a copy of an organisation’s security and access policy, the organisation must provide a copy of the policy within 7 days of the request.
What other checks should be conducted?
- My Health Record registration and contact details
- check that individuals who can access the My Health Record system on behalf of your organisation remain eligible to do so
- ensure all staff are appropriately trained to use the My Health Record system and conduct staff refresher training.
How do I update my registration and contact details?
You can update your registration and contact details through Health Professional Online Services (HPOS), which is accessed via your Provider Digital Access (PRODA) account. See Managing the responsible officer and organisation maintenance officers for your organisation (Services Australia) or call 1800 700 199.
Where can I find more information and support?
- More information about ongoing participant obligations can be found on the Australian Digital Health Agency website.
- A template and guidance for developing a My Health Record security and access policy can be accessed on the Office of the Australian Information Commissioner (OAIC) website.
- A number of resources, including an eLearning module on developing a My Health Record security and access policy for your organisation, can be accessed via the Australian Digital Health Agency Online Learning Portal (create a free account to access the training portal).
- Support is available through Australian Digital Health Agency run webinars on implementing and maintaining a My Health Record Security and Access policy.