My Health Records
My Health Records (MHR) is Australia's national digital health record system — governed by the My Health Records Act 2012, with strict data access, audit, and breach notification requirements for any system that integrates with it.
My Health Records (MHR) is the Australian Government's national digital health record system, operated by the Australian Digital Health Agency (ADHA). The My Health Records Act 2012 governs who can access MHR data, under what circumstances, and with what obligations. Healthcare providers, software vendors building clinical systems, and third parties accessing MHR data must register with ADHA and comply with system operator obligations — including data access controls, audit logging, breach notification, and security requirements.
For software vendors building systems that integrate with MHR, the compliance obligations are significant. The ADHA's conformance requirements specify technical standards for connecting to the MHR infrastructure, including HL7 FHIR implementation guides, authentication using National Authentication Service for Health (NASH) certificates, and specific logging requirements that capture every access to MHR data. Systems that fail conformance assessment cannot proceed to go-live, regardless of their other merits.
MHR breach notification requirements are distinct from the Privacy Act's Notifiable Data Breaches scheme. Under the MHR Act, system operators must notify ADHA of data breaches involving MHR data — with specific notification timelines and content requirements. The penalties for unauthorized access to MHR data are substantial: criminal penalties of up to two years imprisonment for individuals and significant financial penalties for organizations. These consequences make MHR compliance a first-class engineering obligation, not a documentation exercise.
We architect My Health Records integration compliance into Australian healthcare systems from the first API design decision — implementing NASH certificate authentication, building FHIR-compliant data exchange, designing audit logging that meets ADHA conformance requirements, and implementing breach detection and notification workflows that satisfy the MHR Act's specific obligations. Our teams have navigated ADHA conformance assessment and design for first-submission pass rates.
Compliance-Native Architecture Guide
Design principles and a structured checklist for building software that is compliant by default — not compliant by retrofit. Covers data architecture, access controls, audit trails, and vendor due diligence.