Security and privacy
Last revised: 18 Apr 2023
Organisations providing general practice services (general practices) that participate in the My Health Record must meet legal, technical, organisational security and privacy requirements. This is to protect patient information, maintain system integrity, and comply with regulatory obligations.
GPs using My Health Record also have legal and professional obligations.
Did you know you can now log your CPD with a click of a button?
Updated legislation The My Health Records Rule 2016 has been replaced by the My Health Records Rules 2026, effective 1 April 2026.
A six-month transition period applies to existing participants (registered before 1 April 2026), with full compliance required by 1 October 2026. During this time, general practices may continue to apply the 2016 Rule.
New participants (registered on or after 1 April 2026) must comply with the 2026 Rules.
Requirements for a Security and Access Policy, formerly Rule 42 in the 2016 Rule, have been updated and renumbered in the 2026 Rules to Rule 43.
Advertising