Medico Legal Risks & My Health Record

By the end of 2018 every Australian will have a My Health Record unless they choose to opt out. The three-month opt out period will commence on 16 July 2018 and end on 15 October 2018. It will still be possible to opt out after this period although a My Health Record will have been created.

There are medicolegal risks that arise if you are a registered Healthcare Provider for the My Health Record but they are no more or less significant than the medicolegal risks relating to the management of hard copy medical records. Hard copy medical records must be comprehensive, reflect that appropriate consent has been obtained and must be accurate. A patient has a right to access their hard copy medical records and a health practice should have appropriate privacy and security policies. It is no different with the My Health Record.

From a risk management it is important to understand that the differences are:

  • Comprehensive: The My Health Record is only a summary of a patient’s medical information. It is not a complete medical record. A health practitioner must continue to maintain complete medical records for a patient and use the My Health Record as an extra source of information not the only source of information;
  • Consent: There is no need to obtain consent to upload documents to the My Health Record every time a patient is seen or every time a health practitioner wishes to upload a document (apart from Advance Care planning information). An individual provides standing consent upon registration. However, an individual can withdraw consent for a particular record to be uploaded. It is also good practice to keep a patient informed if documents are to be uploaded;
  • Content: Any document that is uploaded must be accurate, up-to-date, not misleading and not defamatory. Any record that is accessed must be considered carefully as to whether it is accurate, up-to-date and fit for purpose;
  • Consumer based: The My Health Record is for the consumer. The patient decides what can be seen and what can be blocked in their own My Health Record. The patient has full access and can decide who else can access their My Health Record; and
  • Computer & IT systems: There are privacy and security obligations on a registered Healthcare Provider including a requirement to have a security and access policy. There is also a requirement to maintain interoperability with the My Health Record system. For many practitioners this will be the biggest change.

This article was written by Karen Keogh, Partner.

Important Disclaimer: The material contained in this publication is of a general nature only and is based on the law as of the date of publication. It is not, nor is intended to be legal advice. If you wish to take any action based on the content of this publication we recommend that you seek professional advice.