NSW Health has published PD2019_054 “My Health Record Security and Access Policy”.
The Policy Directive outlines the obligations and responsibilities of all individuals and organisations who use the NSW Health HealtheNet Clinical Portal (HealtheNet) to access the national My Health Record system.
The national My Health Record system is designed to provide a secure online summary of an individual’s health information. The HealtheNet portal enables NSW Health to upload a copy of clinical information which sits within NSW Health ICT systems into the My Health Record system and facilitates NSW Health personnel access into the My Health Record system.
There are mechanisms in place to allow patients to control which information is uploaded and stored in the My Health Record system.
There are four mandatory requirements that all NSW Public Health Organisations must ensure:
Adherence to all policy and legislative requirements relating to information security, privacy, and access controls.
Access to the My Health Record System must only occur through the NSW Health HealtheNet Clinical Portal.
Maintain records of the individuals who have access to and/or received training to access the My Health Record system.
If a patient requests that the documents relating to the particular episode of care not be uploaded to the My Health Record, these documents must not be uploaded.
The PD applies to: Ministry of Health, Local Health Districts, Specialty Network Governed Statutory Health Corporations.
A copy of the PD can be found on the NSW Health website.