Australian National Audit Office Report on the Implementation of the My Health Record system

16 December 2019

The ANAO undertook an investigation to determine the effectiveness of the implementation of the My Health Record system under the opt-out model, considering whether the risks of the system are being appropriately assessed, managed and monitored and consider the arrangements that are in place to monitor and evaluate it. The main findings were that:

  • Implementation of My Health Record has been largely effective.
  • Implementation, planning and execution of My Health Record was appropriate and was supported by appropriate governance arrangements.
  • Communication activities were appropriate to inform healthcare recipients and providers about the system.
  • My Health Record is an example of a program with many shared risks, not only between different Commonwealth agencies, but between different governments, the healthcare sector, clinical software vendors and the community at large. Good risk management is not just about managing risks for Commonwealth agencies – but also include the groups of people to whom they are delivering services.
  • The Australian Digital Health Agency has robust controls in place to manage cyber security risks to the core infrastructure of the My Health Record system, however needs to work closer with healthcare providers and software providers to ensure cybersecurity risks are appropriately managed at every stage of the healthcare system.

Click here to read the media release.