← Government App
D

My Health Record

Serious concerns
Australian Digital Health Agency · 🇦🇺 Australia
PolicyApp PermissionsNetwork TrafficFirmwareRegulatory
Technical details
App: My Health Record
Manufacturer: Australian Digital Health Agency

⚠️ The bottom line

The government created a health record for every Australian who didn't say no within 90 days. When people learned police could access their records without a warrant, 2.5 million opted out — the largest privacy protest in Australian history. "You're in control" meant "you had three months to notice.". The government had to amend the law to stop police reading your health records without a warrant — but they left a loophole wide enough to drive through. "Serious threat to life" is vaguely defined and police can still invoke it. Your mental health diagnoses, STI tests, and prescription history are one "serious threat" determination away from a detective's desk.

Legal jurisdiction
🇦🇺 Australia (headquarters)
Assistance and Access Act read more →
Govt can force companies to build backdoors in encryption — and gag them from telling you
Metadata Retention read more →
ISPs and telcos must store 2 years of your connection data for law enforcement
Spying
2/4 MODERATE
Is someone spying on me?
Data Sharing
2/4 MODERATE
Who gets my data?
Security
2/4 MODERATE
Is it actually secure?
Honesty
2/4 MODERATE
Can I trust what they say?
ACCEPTABLE Moderate concerns. Standard privacy hygiene applies.
4Contradictions
1Critical
3High
0Medium
4Sources
Findings by concern
Spying 2/4 MODERATE 1 finding
⚡ highprivacy policy vs regulatory
The government had to amend the law to stop police reading your health records without a warrant — but they left a loophole wide enough to drive through. "Serious threat to life" is vaguely defined and police can still invoke it. Your mental health diagnoses, STI tests, and prescription history are one "serious threat" determination away from a detective's desk.

What they claim: My Health Record legislation includes safeguards to prevent unauthorised access to health records

What we found: The original My Health Record Act allowed law enforcement to access records without a warrant or patient consent. After public outcry, the government amended the act — but exemptions remained for "serious threats to life or health" which police and courts can invoke. Employers cannot directly access records, but insurers and government agencies can request data through approved channels.

Data Sharing 2/4 MODERATE 1 finding
⚠️ criticalmarketing vs regulatory
The government created a health record for every Australian who didn't say no within 90 days. When people learned police could access their records without a warrant, 2.5 million opted out — the largest privacy protest in Australian history. "You're in control" meant "you had three months to notice."

What they claim: My Health Record promoted as giving Australians control over their health information

What we found: In 2018, the government switched My Health Record from opt-in to opt-out, automatically creating records for all Australians who did not actively refuse within a three-month window. 2.5 million Australians opted out — the largest privacy opt-out in Australian history — after media coverage revealed police could access records without a warrant.

Security 2/4 MODERATE 1 finding
⚡ highmarketing vs third party research
42 data breaches in three years. Healthcare workers caught snooping through patient records they had no clinical reason to view. Some breaches only discovered months later because the access logging couldn't detect inappropriate access in real time. Your most sensitive health information, protected by an alarm system that only rings after the burglar has left.

What they claim: My Health Record claims world-class security for sensitive health data

What we found: Between 2019 and 2022, 42 data breaches were reported involving My Health Record, including unauthorised access by healthcare workers viewing patient records without clinical justification. The OAIC found that the system's access logging was insufficient to detect inappropriate access in real time, with some breaches only discovered months after they occurred.

Honesty 2/4 MODERATE 1 finding
⚡ highmarketing vs regulatory
$2 billion spent. The biggest contract — $746 million to Accenture — awarded with limited competition. And 70% of GPs say the system is clinically useless. Doctors call the records "incomplete, unreliable, and a liability risk." Two billion dollars for a system the people who are supposed to use it say doesn't work.

What they claim: My Health Record positioned as an efficient digital health infrastructure investment

What we found: My Health Record has cost over $2 billion since inception. The largest contract — $746 million to Accenture — was criticised by the ANAO for limited competitive tendering. A 2019 AMA survey found 70% of GPs said the system was not clinically useful, with doctors describing records as "incomplete, unreliable, and a liability risk."

Sources