Australia My Health Records Act 2012
The My Health Records Act 2012 establishes the legal framework for Australia's national digital health record system (My Health Record). Managed by the Australian Digital Health Agency, it enables individuals and healthcare providers to access a summary of health information online. The system operates on an opt-out basis (since 2018). The Act establishes strict access controls, penalties for misuse, and governance by the System Operator.
Get the official standard — this page is an AI-assisted companion tool, not a replacement for the authoritative text.
Visit legislation.gov.auFramework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (5)
Breach and Enforcement
Mandatory data breach notification, offences, civil penalties and enforcement (Parts 5-6).
| Code | Title |
|---|---|
| MYHR-ENF-1 | Mandatory data breach notification |
| MYHR-ENF-2 | Civil penalty compliance |
| MYHR-ENF-3 | Criminal offences and sanctions |
| MYHR-ENF-4 | Enforceable undertakings and injunctions |
Collection, Use and Disclosure
Authorised and prohibited collection, use and disclosure of health information (Part 4).
| Code | Title |
|---|---|
| MYHR-CUD-1 | Authorised collection, use and disclosure only |
| MYHR-CUD-2 | Prohibition on unauthorised collection, use and disclosure |
| MYHR-CUD-3 | Use limited to My Health Record purposes |
| MYHR-CUD-4 | Records not held or taken outside Australia |
| MYHR-CUD-5 | Interaction with the Privacy Act 1988 |
Governance
System Operator and Data Governance Board oversight (Parts 2 and 7).
| Code | Title |
|---|---|
| MYHR-GOV-1 | System Operator functions and oversight |
| MYHR-GOV-2 | Data Governance Board |
Registration and Participation
Registration of participants and healthcare recipients and conditions of participation (Part 3).
| Code | Title |
|---|---|
| MYHR-REG-1 | Registration as a participant |
| MYHR-REG-2 | Healthcare recipient registration and identity verification |
| MYHR-REG-3 | Conditions of registration and participation |
| MYHR-REG-4 | Contracted service provider oversight |
Security and Access
Security and access obligations of registered participants (Act + My Health Records Rule).
| Code | Title |
|---|---|
| MYHR-SEC-1 | Written security and access policy |
| MYHR-SEC-2 | Access controls and user account management |
| MYHR-SEC-3 | Audit logging and access monitoring |
| MYHR-SEC-4 | Training of authorised employees |
| MYHR-SEC-5 | Security risk assessment |
| MYHR-SEC-6 | Emergency access controls |
| MYHR-SEC-7 | Consumer access controls and consent |
Your Compliance Coverage
If you comply with Australia My Health Records Act 2012, you already cover:
Maps to 7 other frameworks
Frequently Asked Questions
What is Australia My Health Records Act 2012?
Australia My Health Records Act 2012 is a compliance framework from Australia with 5 domains and 22 controls. The My Health Records Act 2012 establishes the legal framework for Australia's national digital health record system (My Health Record). Managed by the Australian Digital Health Agency, it enables individuals and healthcare providers to access a summary of health information online. The system operates on an opt-out basis (since 2018). The Act establishes strict access controls, penalties for misuse, and governance by the System Operator. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does Australia My Health Records Act 2012 have?
Australia My Health Records Act 2012 has 22 controls organised across 5 domains. The largest domains are Security and Access (7 controls), Collection, Use and Disclosure (5 controls), Breach and Enforcement (4 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does Australia My Health Records Act 2012 map to?
Australia My Health Records Act 2012 maps to 7 other compliance frameworks. The top mapping partners are Australian Privacy Principles (APPs) (36% coverage), HIPAA Security Rule (27% coverage), NIST SP 800-66 Rev 2 (23% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with Australia My Health Records Act 2012 compliance?
Start your Australia My Health Records Act 2012 compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Australia My Health Records Act 2012 requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 22 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.
Get Started Free →Free forever — no credit card required