My Health Record FAQ

This FAQ explains how patients can manage their My Health Record (MHR) information and what happens when providers access that information in Zedmed.

Key considerations

Staff members authorised by a healthcare organisation can access and view a patient’s clinical record for the purpose of providing healthcare.
When a patient is opened in Clinical Records, MHR is accessed by the Zedmed application, even if you have not started an encounter.
Patients who have enabled MHR notifications (in the MyGov portal), will receive an email or SMS if a healthcare organisation accesses their MHR for the first time or have not accessed their MHR for 3 years.

When is MHR created for a child and how is access managed?

All children have a MHR created when they are listed on the parent's Medicare card and the parent has not opted out on their behalf. The parent/guardian manages the child's MHR and healthcare organisations' access until the child turns 14. When a minor turns 14, MHR automatically ends the parents/guardians access, and only healthcare providers can see it. The minor can see their MHR once they are able to create a MyGov account. A minor can make a parent and authorised representative to allow continued access to MHR after they turn 14, but this arrangement will end when they turn 18.

How can patients review who accessed their MHR?

Patients can log into their MHR and see when information was viewed or updated in the past 12 months, including the time and date of access and the healthcare organisation.

If patients are concerned about the activity, they can call the Digital Health Agency to investigate. Learn more

What notifications can patients set up in MHR?

Patients can set up SMS or email notifications in their MHR, and be notified when someone accesses their record or when some types of changes are made. Learn more

If notifications are enabled, a patient will receive an alert when:

A healthcare provider organisation accesses their record for the first time.
A record is accessed by a healthcare provider in a medical emergency.
A new Shared Health Summary is added.
An Advance Care document is added, updated, removed or reinstated.
A patient's nominated representative accesses their record.
There is a change to immunisation information in their record.
A new myGov account has been linked to their record.

What activities in Zedmed can result in MHR being accessed?

When a patient's Clinical Details are opened, and that patient has not opted out of MHR in Zedmed, MHR will be accessed. An encounter does not need to start and it does not matter if the Clinical Details are opened from Office or Clinical.

Examples of actions that result in a patient's MHR being accessed:

From Clinical Records, when a doctor opens a patient from the Open Patient menu.
From the Appointment Book when a user (with access*) right-clicks the patient and selects Clinical Details.
From a Patient Record in Office when a user (with access*) selects Clinical Information from the top menu.
When a patient who wants to opt-out, has their Clinical Record opened for the first time (Opt-out is in the record).
When a user opens a patient record to use Quick documents to send a letter for a doctor or specialist.

* 'With access' can include users with the 'Doctor', 'Nurse', and 'Administrator(clinical)' roles in Zedmed Security.

How can patients restrict access to MHR?

Patients have a Provider Access list in MHR that allows them to give some providers access and block others. A key function of the Provider Access list is the creation of access codes. Patients can restrict access to their MHR information using Record Access Codes (RAC), and they can also restrict access to specific documents using Limited Document Access Codes (LDAC). If a provider does not access a patient's MHR for three years, the access provided by these codes will expire.

Record Access Code (RAC)

A RAC code is given by the patient to specific healthcare providers so they can access the patient's MHR information. The code only needs to be entered once and should be destroyed after use. If a healthcare provider organisation has previously accessed the patient's MHR, they will not need the access code. This means the RAC allows patients to control access for new healthcare provider organizations. Learn more

If a RAC is required, Zedmed will display an orange MHR icon with a padlock above Summary Views. The icon will be green if there is no RAC.

Limited document Access Codes (LDAC)

An LDAC code is given by the patient to a specific healthcare provider organisation so they can access a document the patient has set to Restricted Access. Healthcare providers who accessed the record before the code was set will continue to have access. Healthcare Providers the patient has given Restricted Access in the Access by Healthcare Provider section of their record will be able to see any restricted documents without an LDAC. Learn more

Some types of documents cannot have Restricted Access, including:

Shared health summaries.
Personal health summaries.
Advanced care plans and custodian details.

Hide or delete information

Patients can hide (or unhide) and delete information in their MHR. Zedmed can not display information that has been hidden by the patient and information that a practitioner has uploaded will no longer be available if the patient deletes it. Event Summaries and Shared Health Summaries will still be available in Zedmed as they are saved locally. Learn more.

What happens if a patient cancels their MHR?

All information contained in that record will be permanently deleted and cannot be recovered. Event Summaries and Shared Health Summaries uploaded by Zedmed will still be available in Zedmed as they are saved locally. Learn more

How can provider organisations manage their access to MHR?

If a patient (with notifications enabled) has not attended a practice for 3 years or forgot they had registered at a practice, they may be concerned if they receive a notification that their MHR was accessed unexpectedly.

Zedmed does not record which provider opened the Clinical Record that triggered the notification, but the patient will be notified what the healthcare provider organisation was, so the patient may call the practice.

Suggestions:

Take care when using the Find function to locate a patient and confirm it's the correct patient.
If a patient record is opened by mistake, record the incident so it can be explained to the patient if they call.
Review your security roles so only authorised staff members can access a patient’s clinical record.
Ensure all staff understand how My Health Record works and read this guide.
Ensure all providers are familiar with the Zedmed My Health Record guide.

We recommend providers review the Digital Health Agency, My Health Record and Zedmed My Health Record resources.

How does emergency access to a patient's MHR work?

There are certain situations, defined in Section 64 of the My Health Records Act, where it may be permissible for treating healthcare providers to access information in a patient's record without entering an access code using a function known as Emergency Access. It is important to understand when this function can lawfully be used. To learn more, see Digitalhealth.gov.au > privacy and access. Learn more

Emergency access gives access to information and documents that have been restricted. If the patient has notifications enabled, they will be notified of the use of the emergency access function.

Important: In Zedmed, if you try to open a record with an access code, the My Health Record Access Type dialog will prompt you to make a selection. In an emergency situation, you can select Emergency Access in accordance with the legislation. This will allow the treating healthcare provider to access information in a patient's record without entering an access code.