Patients and My Health Record

To opt out or not to opt out: what role does a pharmacist have in helping patients make informed decisions about My Health Record?

The commencement of the national My Health Record opt-out period has spurred relentless media attention. While the My Health Record system offers many potential benefits to patient care such as reducing duplication of tests and medication errors, strong concerns around security and privacy have been raised.

As one of the most trusted health professionals in Australia, patients value our professional advice. Pharmacists are skilled in finding and evaluating quality information and presenting an unbiased summary to our patients to support their decision-making. But are we applying these skills when guiding patients’ decisions around having a My Health Record?

Having spoken to a number of pharmacists, a common concern appears to revolve around the potential for data breaches. That potential is real in any system. Recently, more than 1,000 paper-based medical records were found in an abandoned building. In the case of the My Health Record system, a centralised system could be more attractive to hackers, and decentralisation might be a safer alternative. Counter-intuitively, with decentralisation comes increased opportunities for data breaches given the need for each site to have adequate security measures.

With the My Health Record system, patient records are protected by firewalls, encryption, audit logs, legislation and multi-level policies. Organisations that sign up for the system have the obligation to review and revise the site’s security and privacy policies, thereby offering greater protection to patient data. In a decentralised system, such oversight would be near non-existent, and all organisations within the system would need to independently review their security policies and ensure all staff are aware of security requirements. Even then, the consistency maintained across organisations is not guaranteed.

Then there are the concerns around privacy. At the time the opt-out period for consumers was announced, the My Health Records Act permitted the Australian Digital Health Agency to legally disclose patient records to law enforcement without judicial oversight. Certainly, it is understandable to be concerned at this prospect.

Conversely, it would be interesting to capture the consistency of approaches individual health provider organisations take in the event of being approached by law enforcement to disclose patient information. While no data have been disclosed to law enforcement in the six years since the development of My Health Record, in light of concerns raised around the need for clarity in the act, recent announcements by Health Minister Greg Hunt to amend the act include the need for judicial oversight.

As humans, we are all entitled to our views. However, as pharmacists we cannot forget that we need to present a balance of information to our patients, so that they can make their own informed decisions. As aptly summarised in the PSA Code of Ethics, pharmacists should explain “the options available, including the risks and benefits, by providing information that is impartial, relevant, up-to-date … to help patients make informed decisions” and to “respect the dignity and autonomy of the patient”.

Further resources

PSA has created My Health Record guidelines for pharmacists, as well as learning modules and practice support tools.


Dr Kenneth Lee is a Senior Lecturer in Pharmacy Practice at the Faculty of Health and Medical Sciences at the University of Western Australia and a clinical reference lead and pharmacist digital health leader for the Australian Digital Health Agency.