Protecting your health information

Medical records

When you receive health care, the person treating you creates notes. This is called a medical record. It can be handwritten or electronic and may include:

• personal details (e.g. your name, medical history, genetic information)
• information or opinions about your health or illness
• scans, tests and the interpretation of results
• recommendations about treatments and medicines
• correspondence to other health professionals
• photographs, audio files or video footage.

Every health service you attend will keep a medical record about you, and they will add to that record each time you visit or have tests. If you have any concerns about the security of your health information, talk to your health service or ask to see a copy of their privacy policy.

Who owns my medical records?

The health service or health professional who creates a medical record owns and maintains the record. However, Australian law considers ownership and access as separate – so although you don’t own the medical record, you generally have a right to gain access to it.

Medical records must be stored and disposed of securely to prevent unauthorised access. Different states and territories may have different  requirements about how long doctors and treatment centres must keep your records after your last consultation.

Who can access my medical records?

Medical records are private and confidential. Health professionals directly involved in your care can view your personal and medical information, but only if it’s necessary for their work.

Australian privacy standards establish a general rule that health care providers must give you access to the personal information they hold about you when you request it. This includes your medical records. In some limited situations, the organisation has a legal right to refuse you access.

Giving people access to their medical records:

• allows them to better understand their condition and treatment
• can help ensure the information is accurate
• may make people feel more confident about the health care system.

If you would like to see your medical records, ask your health care provider (e.g. GP, specialist, hospital or treatment centre) for access. You may have to put the request in writing and provide proof of identity, such as a driver’s licence or birth certificate.

There is no set time limit for a health care provider to meet a request for medical records. However, the Office of the Australian Information  Commissioner recommends that requests be processed within 30 days.

The health care provider may charge a reasonable fee to copy your record based on the size of the record (public hospitals usually charge around $30 for a short document), or to recover other costs involved in providing access, but there shouldn’t be a fee to request access.

You can also ask for a copy of your medical record to be sent to another health care provider, for example, if you want to change doctors or treatment centres.

If you make a complaint about your health care, your records may be provided to the health ombudsman or complaints commission in your state or territory. Your medical records may also be accessed by others if you make a claim for insurance benefits.

You can authorise someone else to see your medical records — such as a relative or guardian, interpreter or another health professional — by filling in and signing the required form.

Why might access be denied?

In some rare situations, you won’t be allowed to have a copy of your medical records, such as where another law requires your information to be kept private (e.g. if the information relates to legal proceedings), or if there’s a serious risk that giving you access to the information could harm someone.

If your health care provider refuses to let you see your medical record, they must let you know the reasons.

How can I change my medical records?

If you think your medical records are inaccurate, out-of-date, incomplete, irrelevant or misleading, you can request changes. You may be asked to  make this request in writing.

If a health service refuses to change your medical record because they think it is correct as it is or that your suggested changes are not appropriate, it must provide a written explanation for the decision. You can also ask them to include a short statement with your record, which explains that you think the information is incorrect.

If you disagree with the health service’s decision, you can make a complaint to the Office of the Australian Information Commissioner or to the health ombudsman or complaints commission in your state or territory.

My Health Record

The Australian Government’s My Health Record is an online summary of your health information (e.g. imaging scans, test results, prescribed  medicines, your medical conditions and treatments). It allows you and your health care providers to view summaries of your health information at a glance. Insurers and employers are not able to access My Health Record. Unless you opted out of this service before 31 January 2019, a My Health Record is automatically created for you. You have the right to permanently delete your My Health Record at any time. For more information about managing your record, including your privacy and security, visit My Health Record.