Protecting your health information

Health professionals will collect a lot of information about you, your health and the treatment you receive. When you are receiving health care, you have a right to privacy and confidentiality. This means, in general, that health professionals can’t collect your health information or disclose it to others without your consent.

It’s important to note that your rights may vary depending on which state or territory you live in. For specific information, contact the Office of the Australian Information Commissioner, talk to your treatment team, or seek independent legal advice.

Medical records

When you receive health care, the person treating you creates notes. This is called a medical record. A medical record could be handwritten or electronic and it may include:

• personal details (e.g. your name, race, genetic information)
• information or opinions about your health or illness
• scans, tests and the interpretation of results
• recommendations about treatments and medicines
• correspondence to health professionals
• photographs, audio files or video footage.

Every treatment centre you attend will keep a medical record about you, and they will add to that record each time you visit or have tests. A medical record contains personal information, so it’s important that you know who can see it, change it and copy it. If you are concerned about the security of your health information, talk to your health provider or ask to see a copy of their privacy policy.

My Health Record

The Australian Government’s My Health Record is an online summary of your health information (e.g. imaging scans, test results, a list of medicines, your medical conditions and treatments). It allows you and your health care providers to view summaries of your health information at a glance. Insurers and employers are not able to access My Health Record.

Unless you opted out before 31 January 2019, a My Health Record will automatically be created for you. You have the right to permanently delete your My Health Record at any time. For more information about managing your record, including your privacy and security, visit myhealthrecord.gov.au.

Who owns my medical records?

The treatment centre or health professional who creates a medical record owns and maintains the record. However, Australian law considers ownership and access as separate – so although you don’t own the medical record, you generally have a right to gain access to it.

Medical records must be stored and disposed of securely to prevent unauthorised access. Different states and territories may have different requirements about how long doctors and treatment centres must keep your records after your last consultation.

Who can access my medical records?

Medical records are private and confidential. Health professionals directly involved in your care can view your personal and medical information, but only if it’s necessary for their work.

Australian privacy standards establish a general rule that health care providers must give you access to the personal information they hold about you when you request it. This includes your medical records. In some limited situations, the organisation has a legal right to refuse you access.

Giving people access to their medical records:

• allows them to better understand their condition and treatment
• can help ensure the information is accurate
• may make people feel more confident about the health care system.

If you would like to see your medical records, ask your health care provider (e.g. GP, specialist, hospital or treatment centre) for access. You may have to put the request in writing and provide proof of identity, such as a driver’s licence or birth certificate.

There is no set time limit for a health care provider to meet a request for medical records. However, the Office of the Australian Information Commissioner recommends that a request should be processed within 30 days.

The health care provider may charge a reasonable fee to copy your record based on the size of the record (public hospitals usually charge around $30 for a short document), or to recover other costs involved in providing access, but there shouldn’t be a fee to request access.

You can also ask for a copy of your medical record to be sent to another health care provider, for example, if you want to change doctors or treatment centres.

You can authorise someone else to see your medical records, such as a relative, interpreter or another health professional. If you make a complaint about your health care, your records may be provided to the health ombudsman or complaints commission in your state or territory.

Why might access be denied?

In some rare situations, you won’t be allowed to have a copy of your medical records, such as where another law requires your information to be kept private (e.g. if the information relates to legal proceedings); or there’s a serious risk that giving you access to the information could harm someone. If your health care provider refuses to let you see your medical record, they must let you know the reasons.

How can I change my medical records?

If you think your medical records are inaccurate, out-of-date, incomplete, irrelevant or misleading, you can ask for changes. You may be asked to make this request in writing.

If a treatment centre refuses to change your medical record because they think it is correct as it is or that your suggested changes are not appropriate, it must provide a written explanation for the decision. You can also ask them to include a short statement with your record, which explains that you think the information is incorrect.

If you disagree with the treatment centre’s decision, you can make a complaint by visiting the Office of the Australian Information Commissioner or by calling 1300 363 992 or to the health ombudsman or complaints commission in your state or territory.