1300 764 482

Understanding Your Privacy Rights as a Patient

AUTHOR: SyberScribe, November 21st, 2019

Most of us prefer that information relating to our health and healthcare remains private and within our control. Confidentiality and privacy laws are incredibly important to all of us, as they enable us to feel secure in the knowledge that our private information remains that way.

Although the terms of the laws and legislation surrounding medical records are relatively clear, there are a few areas where some differences are present. Most importantly, the rights relating to our medical records are in some ways restricted, and those restrictions may be surprising to you.

Health record – what is it?

In order to understand the legislation surrounding health records, it’s important to understand exactly what a health record is. In general terms, a health record is the physical or digital record detailing all information relating to our health. Some organisations and governing bodies don’t clearly define what a health record is, but theHealth Records Act 2001 (VIC) contains useful information that describes and defines it. In the Act, it states that a health record can contain:

  • A person’s genetic information, or information that could enable professionals to predict a person’s genes.
  • Medical or personal contents collected when a person donated bodily fluids, blood, or organs.
  • Personal details collected when a health service was provided (eg your name, contact details).
  • Information about consultations and health services.
  • Information about diagnostics and treatments.
  • Information detailing a person’s needs or requests for future healthcare.
  • Information about a person’s disabilities.
  • Physical and mental health information.

Unfortunately, the descriptions of what can be contained in a medical record are vague, meaning some ‘surprising’ pieces of information are also usually stored in a record.

My Health Record

Aside from the health records kept by your doctor in their medical practice, My Health Record is a new digital medical record that doctors can use to store patient information. It’s an online summary of your health information, such as imaging scans, medical conditions, medications, test results, and anything else uploaded by your doctor, which they can share with other healthcare providers. The aim is to improve the quality of care, eg reduce unnecessary or duplicate tests, provide a full medication history to help avoid medication errors, and aid doctors working in emergency situations.

A My Health Record is automatically created for every Australian unless they opted out before 31 January 2019.

Privacy, security and access controls

The Australian Digital Health Agency (ADHA) is responsible for the security of the My Health Record system. They have people, processes, and technology controls to protect health records from a cyberattack. Plus, the system has bank strength security, ensuring that information is stored and accessed by only trusted, connected health systems.

If you have a My Health Record, you’re essentially providing standing consent for all healthcare providers involved in your care to view and upload clinical information to your record. However, it’s important that your consent is obtained when uploading a new Shared Health Summary and to advise you when other information is uploaded to your record. On the other hand, the police, Centrelink, Australian Taxation Office (ATO), insurers, and employers can’t access your record without your consent or an order from a judicial officer.

Considering that your information is online and could potentially be shared with irrelevant people, it’s understandable if you still have privacy and cybersecurity concerns. If so, you can ask for specific documents to not be added to your record or to be removed once they’re up. You can also restrict access to your record by setting special codes and set up alerts to tell you when your record is accessed. However, in an emergency, a provider can use the emergency access function to override the existing access controls for up to five days.

Data in the My Health Record system may also be used for research purposes with information de-identified beforehand, but you can request for your health information to not be used for research purposes. You can even create a My Health Record under a pseudonym if you’re eligible, but your name will be required to adequately handle any questions, requests, or complaints you may have.

Moreover, you can still opt-out at any time, and if you do, you can exclude your current children under 18 from My Health Record and are given the choice with newborn children. Keep in mind that even if you cancel your record, any practitioner who’s downloaded and stored your record can still view and share that version of it after cancellation without notifying you. But they’re still subject to Australian privacy laws and access is audited by the ADHA.

Confidentiality and privacy

Essentially, privacy is a legal matter and confidentiality is a matter of morals and ethics. So, whilst your privacy is protected by laws like the Privacy Act (1988), your confidentiality isn’t protected under such legislation.


Within the medical field, something called the Hippocratic Oath exists. This is something that medical students take on as a ‘promise’ that they will not share information about a patient or a patient’s medical records to anyone. In some instances, this is taken to mean anyone outside the medical field. Confidentiality agreements exist so that patients can share private information with a healthcare provider without worrying that the information will be shared with anyone else. The reason agreements like this exist is so that patients feel like they can share all vital information related to their health.

There are, however, some exceptions to confidentiality agreements that have been created to protect certain individuals, and in some cases, the wider community. The Code of Ethics states that if the information shared by a patient puts that person or another person in serious risk, then it’s legally required that the information be shared. If it’s deemed that social interests are more important than the patient’s confidentiality, then the information must be shared.


Privacy is a legal matter and has more related legislation and guidelines than confidentiality. Information about a person’s healthcare is incredibly personal, which is why it’s considered incredibly important within privacy legislation and is surrounded by many different by-laws. In general, you have the right to know who can see your health information, as well as who can change it and copy it. Speak to your doctor or ask to see a copy of their privacy policy.


Essentially, we don’t have direct ownership of our own medical records, but laws dictate that we generally have a right to access it under certain circumstances. For example, you’re able to correct the information kept in your medical records if it’s proven to be wrong, outdated, unnecessary, or misleading. In some rare situations, access will be denied if another law requires your information to be kept private (eg if the information relates to legal proceedings) or there’s a serious risk that giving you access to the information could harm someone.

Protecting your health information

Some medical practices hire transcriptionists to transcribe medical records. If you want to ensure that your health information is kept secure, ask your doctor which transcription service provider they work with. Medical transcription services like SyberScribe are required to observe privacy laws and confidentiality obligations. We keep the health information we transcribe strictly confidential and take measures to protect the sensitive data that we deal with on a daily basis.

Quality and security are our key concerns at SyberScribe, so feel free to contact us to find out more about our secure transcription services.