There are three types of safeguards to protect the security and privacy of My Health Record data - practice safeguards, system safeguards, and regulatory safeguards.
Practice safeguards:
- implementing policies and procedures which govern the use of My Health Record at the individual general practice level
- providing education for all practice staff involved in the use of My Health Record (initial and ongoing training)
- promoting a culture of security among practice staff (for example, a culture of keeping devices and passwords secure and ensuring that screens are turned away from view or located in areas under appropriate surveillance)
- taking reasonable steps to prevent misuse of/unauthorised access to Healthcare Identifiers with account management measures
- taking care to ensure information is accurate to the best of your knowledge before uploading to My Health Record
- having personal medical indemnity coverage.
System safeguards:
- design principles which restrict access to authorised healthcare providers operating within a registered healthcare organisation
- data storage being in Australia, on government servers
- security vigilance with encryption and digital authentication, access monitoring and penetration testing.
Regulatory safeguards:
- various Acts, Regulations and Rules protecting My Health Record data and ensuring it is used safely
- oversight by government agencies and departments such as the Office of the Australian Information Commissioner (OAIC).