*Disclaimer: This article was published in 2019 and reflects the information available at that time.
At the end of the My Health Record (MHR) opt-out period the Government ranks the participation rate as 90.1%.
Healthcare providers are under no obligation to use the MHR system, but it is important that registered healthcare providers know and understand the circumstances in which the Record can be accessed before using the system.
Currently, patients provide “standing consent” when they register for a MHR, which enables healthcare providers directly involved in a patient’s care to upload clinical information to their record. Generally, there is no requirement for a healthcare provider to obtain the patient’s consent prior to viewing, or uploading clinical information to the MHR system. It is good practice to advise patients when information is being uploaded to their Record.
A patient’s Record can be accessed outside of a consultation, if access is for the purpose of providing healthcare to the patient.
Access should be limited to sections of the MHR that are relevant to the care of the patient. It would be uncommon for a pharmacist to access certain sections of the Record. Any access outside of those areas of the Record typically used by pharmacists should be justified. Reasons for access could be further documented, e.g. on the patient’s dispensing history or in the notes of the accredited pharmacist.
There is accountability through individual and organisational identifiers. If a pharmacist nominates as a Healthcare Provider Identifier-Organisation (HPI-O), then they will be considered responsible for the actions of the individual pharmacists in that pharmacy.
Any pharmacist nominated as a HPI-O needs to be mindful that this approval will remain in place unless the system operator is informed e.g. in times of absence or following departure from the particular pharmacy.
Only registered healthcare providers who are involved in a patient’s care, and who are registered with the MHR System Operator (the Australian Digital Health Agency), are permitted by law to access My Health Records.
Password control has the potential to be an area of misjudgement for pharmacists. There have been questions posed regarding assistants accessing a patient’s MHR as part of the broader dispensing and supply process. The legislation is clear about who has the right to access the Record. That is the healthcare provider who is directly involved in a patient’s care. Once a password is provided to a third party you have no control over how it may be used. PDL strongly urges pharmacists to maintain control of their password and to consider regular revision of the password.
Irrespective of whether your pharmacy is choosing to upload data to MHR, all PBS data will load automatically onto the patient’s MHR within approximately 4 weeks.
Pharmacists need to be mindful that there is greater visibility of your dispensing records to both patients and prescribers. Therefore appropriate and accurate records are vital.
Intern pharmacists can have their own HPI-I and therefore any access they undertake will be identified as that of the intern. As there is no recorded linking to the supervising pharmacist, other means will be required to identify who is overseeing the intern, when they access the Record.
If a pharmacy becomes aware of a dispensing error made by another pharmacy, it would be most appropriate for the pharmacy responsible for the error to correct the data on their dispense record. The doctor should be informed, and consideration given to requesting an event summary being uploaded by the prescriber, if there is an adverse outcome for the patient.
Patient Privacy
There is transparency built into the system so that the patient can see if their record has been accessed. A patient can set an access code which can be provided to a pharmacist to access the record. Email or SMS notifications can be incorporated in a MHR to inform an individual of access to their Record at particular times. Controls can be engaged by a patient to limit access to specific documents.
A patient can direct a healthcare provider not to upload information at any time. The practitioner must comply with this request.
The Australian Digital Health Authority has the ability to audit and track all actions on a MHR via the System Operator. Some of these may not be apparent to the client or the pharmacy but all actions are date and time-stamped.
Viewing the records of a person who is not a patient at the time of the access is a breach. This includes accessing the record of a relative, unless you are an authorised representative of that individual.
Emergency Access function
In an emergency, a patient’s privacy settings can be bypassed or overridden by the ‘Emergency Access’ function. The Emergency Access function can only be used in certain circumstances and it is important that healthcare providers understand when this function can be lawfully used.
The Emergency Access function may be used by participants only where:
- The healthcare provider reasonably believes that there is a serious threat to the patient’s life, health or safety and their consent cannot be obtained (for example, if the patient is unconscious);
OR - There are reasonable grounds to believe that access to the patient’s MHR is necessary to lessen or prevent a serious threat to public health or safety (for example, to identify the source of a serious infection and prevent it from spreading).
The Emergency Access function must not be used other than as outlined in Section 64 of the My Health Records Act 2012 (Cth). It also cannot be used merely because the patient has forgotten their access code (unless there is a serious threat to the patient’s life, health or safety).
Use of the emergency access mechanism is closely monitored and any access via this mechanism will trigger a notification to the Australian Digital Health Agency. The healthcare provider will receive a request for information and is required to inform the Agency of the circumstances requiring the use of the Emergency Access function.
DO NOT attempt to use the emergency access mechanism on your own profile as this is a breach.
Pharmacists have sought help from PDL after being contacted by the Agency and asked to explain why the Emergency Access function was used, even though they’d accessed their own Record.
MHR provides pharmacists with an opportunity to be better informed regarding a patient’s health status. It is another decision-making tool that is available to health care providers including pharmacists and should be used as such, when considered appropriate.
For further information, see:
The My Health Record Online Training portal, run by the Australian Digital Health Agency;
Online eLearning modules;
A series of webinars have also been produced to assist healthcare providers with their training needs;
Most dispense software vendors have documents available that support use of MHR in their system.
Information about using Emergency Access.
Contact the My Health Record Help Line: 1800 723 471.
For immediate advice and incident support, call PDL on 1300 854 838 to speak with one of our Professional Officers. We are here to support our pharmacist members 24/7, Australia-wide.