Electronic health records: taking control of your e-health future

Electronic health records: taking control of your e-health future

HIV Australia | Vol. 10 No. 1 | June 2012

Michael Frommer investigates Australia’s imminent electronic health record system, discussing consumer controls for protecting health data.

From 1 July 2012, all Australians will be able to begin using their own Personally Controlled Electronic Health Record (PCEHR). Consumers will have a choice whether to opt-in to the system.

The scheme has been in development for some time and there are great expectations about its potential. In particular, a comprehensive e-health system promises great benefits for people living with HIV, given that people living with HIV have complex health needs and are frequent users of the health system. However, some questions are yet to be addressed and concerns remain – including around the readiness of consumers, health providers and the system itself, to meet expectations.

The Australian Federation of AIDS Organisations (AFAO) has been heavily engaged with the e-health consultation processes with the aim of ensuring the needs of people living with HIV are met. This article discusses what we currently know about how e-health records will operate – including features that will give users greater control over their personal information – and what questions remain unanswered.

PCEHR: the basics

The PCEHR is designed to give individuals an electronically accessible medical history that both they and their approved health providers can access throughout Australia. The PCEHR will complement practitioners’ existing medical records with additional information1, while also according the consumer precise controls over what their PCEHR contains and who has access to the information.

The PCEHR interface will allow healthcare providers, as authorised by the consumer, to see an overview of allergies/adverse reactions, medicines, pathology tests, medical history, immunisations, directives, recent health care events and pathology and radiology reports.

Pathology and radiology information and results will not be available with the initial rollout. According to the PCEHR design document – The Concept of Operations: Relating to the introduction of a Personally Controlled Electronic Health Record System (‘the Concept of Operations’) – the aim is to have these available from large private sector laboratories by 30 June 2013 and other providers by 30 June 2014.2

According to the National E-health Transition Authority (NEHTA), the PCEHR:3

  • will bring together key health information from a number of different systems, and present it in a single view
  • will allow information to be accessed by the individual and their authorised health care providers. Over time the individual will be able to contribute to their own information and add to the recorded information stored in their individual record
  • will not hold all the information held in the individual’s health care professional’s records but will complement those records by highlighting key information, and
  • in the future, as it becomes more widely available, the scheme will allow individuals to access their own health information from anywhere in Australia.

Consumer controlled levels of access

At the core of the PCEHR system is a user controlled ‘access list’ which controls which organisations are permitted to access an individual’s records. The PCEHR offers consumers the choice of two levels of control over the access list – basic and advanced access controls.4

For people living with HIV – who may wish to maintain confidentiality and privacy around their HIV status – it is vital that they understand these options in order to feel confident about exercising control over their personal information.

Consumers will be able to administer these access settings at any time via an online portal, which will be accessible at the newly launched www.ehealth.gov.au. This will enable people to confidentially vary settings to levels they feel are appropriate at any time.

Consumers will also be able to ring a call centre to manage access list settings, as well as:5

  • make general inquiries about the PCEHR System and the registration process
  • resolve issues around using the PCEHR System
  • resolve complaints, and
  • provide feedback around the PCEHR System.

The online portal also contains a public learning centre which was, at the time of publication, undergoing maintenance.

Community organisations should check here for any useful resources and tools that may help our communities. Over time, individual consumers will also be able to contribute to the information stored in the PCEHR themselves.6

Basic access

Under ‘basic access’, any healthcare organisation involved in the care of the individual is automatically added to the access list of the PCEHR, unless the individual requests otherwise.7

However, control over which documents are stored on the record remains with the individual; where they express a preference not to upload a particular document, the healthcare provider should not do so.8

Advanced access

Additional access control settings can also be administered by the individual which provide greater control over who has access to information stored in their PCEHR. These settings include the ability to:9

  • Set up a Provider Access Consent Code (PACC). The PACC is effectively a PIN number which the individual is able to give out to healthcare providers at their discretion. If the individual chooses to set up a PACC, then organisations will not be able to add themselves to the access listunless they have the PACC.
  • Restrict organisations from being on the access list, and
  • Prevent a PCEHR from being found. Individuals will be able to determine if they want their PCEHR to be ‘findable’ or not. If the individual chooses for their PCEHR to be ‘not findable’, upon arrival at a healthcare organisation not currently on the access list, any search for their PCEHR will return ‘not found’.

Similarly, if the organisation is marked as ‘revoked’ on the access list then it will not be able to find the individual’s PCEHR. By default, a PCEHR will be findable, unless the individual changes this setting; however, a PCEHR can still be found with emergency access if the individual has selected this option.10

  • Manage document level access.

If an individual enables PACC pin access on their record they will also be able to control which organisations can access individual documents stored on their record. They will also be able to describe what level of access each organisation on their access list is granted to each document – either ‘general access’ or ‘limited access’.11

‘General access’ means that the clinical document will be accessible by any healthcare organisation who has been granted PACC access. ‘Limited access’ means the clinical document is only available to a more limited group of healthcare organisations. The clinical document is still accessible to the healthcare organisation that supplied it. ‘Limited access’ can also be overridden by a healthcare provider in an emergency situation.12

Once a document has been marked ‘limited access’, by default it will not be viewable by any healthcare providers. In order to allow a particular, trusted healthcare provider to view it, an individual must create another pin, called the PACCX. This can be provided at the consumer’s discretion.13

Effective removal of clinical documents

The PCEHR System will support a process called ‘effective removal’, in the event that a clinical document has been loaded into a PCEHR which should not be there. This includes events such as:14

  • Identification error: the healthcare organisation has inadvertently misidentified the individual in the clinical document.
  • Clinical information error: the healthcare organisation has supplied incorrect information and the clinical document needs to be removed.
  • Individual-initiated removal: the individual did not wish the clinical document to be included in their PCEHR.

Documents can be ‘effectively removed’ either though the call centre or the online consumer portal. According to the Concept of Operations, if the individual requests a clinical document be ‘effectively removed’ from their PCEHR, they will be required to indicate that they understand the implications of its removal (namely that the clinical document will no longer be accessible via their PCEHR and this may mean the individual may not receive the benefits of having this information available via their PCEHR in future episodes of care).15

Issues for consideration

Criminal implications

It is important to note that although documents that have been ‘effectively removed’ are locked – preventing further access by an individual or their healthcare providers (including using emergency access)16 – this does not appear to prevent access by people at the back-end.

According to the Concept of Operations ‘an effectively removed document remains accessible to the PCEHR System Operator … only be accessed for legal reasons.’ This leaves open the door for authorities to access ‘effectively removed’ documents in the event that individuals are subject or party to legal proceedings, such as criminal investigations of alleged exposure or transmission of HIV.17

Clause 70 of the PCEHR Bill 2011 stipulates that the System Operator may disclose health information to law enforcement agencies for prescribed purposes set out in sub-clause 70(1); these include the ‘prevention, detection, investigation, prosecution or punishment of criminal offence or breaches of certain other laws’.18

AFAO believes that this discretion is too broad and that this may result in law enforcement authorities ‘fishing’ for evidence possibly contained in a person’s PCEHR.

The investigation relating to potential criminal prosecutions of people with HIV in relation to the sexual transmission of or exposure to HIV is a case in point. Providing access to health/medical information for the purpose of prosecuting criminal matters or resolving civil legal disputes should be subject to court-ordered subpoena rather than the System Operator’s discretion, and should relate to particular information rather than to general information contained in a person’s PCEHR.

Furthermore, as the Concept of Operations states, effectively removed clinical documents will be able to be accessed for legal reasons. HIV sector organisations are thus left in a quandary as to how to guide our constituents.

Specifically, are we able to confidently advise people that by exercising the ‘effective removal’ mechanism, any record thus removed containing information regarding HIV status, sexual history or injecting drug-use, is safe from being accessed by authorities?

If so, how do we communicate this? If the answer is ‘no’ – or the more, likely ‘currently unknown’ – should our advice err on the side of caution to not upload any such information in the first place, as there is a chance that authorities may be able to search PCEHRs?

Consumer rights and remedies

It is essential that consumers are able to control and monitor their record, and where appropriate, can pursue a remedy.

In some circumstances it might be clearly apparent that sensitive information has been inappropriately disclosed. For example, if in the course of treating their patient a health worker was to remark, ‘I’m sorry to hear that you have HIV, how did it happen?’ However, in other scenarios an instance of unauthorised disclosure might be less clear.

Hypothetical case study

Angelique, an HIV-positive African woman, chooses to have HIV-related discussions only with her s100 subscriber, discussing all other health matters with the family GP. During a consultation with her GP about her children’s health, she notices subtle but perceptible changes in the GP’s behaviour and attitude. Here, the ability to view the audit trail of a record may help Angelique identify if the family GP did inappropriately access her PCEHR.

The Audit Trail – a crucial protection

AFAO advocates both for the provision of a thorough audit trail recording access to PCEHR, and crucially, the right for consumers to access this record. It is pleasing to see that the legislation provides robust provisions guaranteeing access to the audit trail.

The ability to see an audit trail of who has accessed and handled their PCEHR should provide individuals with greater confidence in the system.

In a situation where someone is concerned that they may be receiving inferior and/or discriminatory health care, such as in the scenario faced by Angelique, they will be able to check if the healthcare provider has indeed become privy to personal information that they shouldn’t have. If this has occurred, they could choose to raise the matter with the provider informally, or pursue a formal complaint.


The Information Commissioner will be able to receive complaints in relation to any act or practice the breaches the PCEHR Bill.17 The Bill will treat any contravention as interference with continued from previous page privacy under the Privacy Act. This is a positive development, as the Privacy Act 198819 has general limitations, which would otherwise stymy its capacity in some circumstances to investigate, such as restrictions on its jurisdiction over records held by state/territory bodies.

Where something doesn’t necessarily breach the PCEHR legislation it may still be possible for a complaint to be made to the relevant professional body. If someone is disclosing sensitive information in a casual conversation, based on what they saw sitting on computer monitor, this may be subject to professional disciplinary proceedings.

Other issues

Other issues requiring further attention include:

  • Lack of e-health conformant infrastructure in hospitals, and for allied health professionals
  • Some resistance from healthcare providers in engaging in the system. For example, the Australian Medical Association (AMA) has expressed concerns about using the record where it may not be comprehensive. The AMA guide to the PCEHR20 has advised GPs to reconsider engaging with the e-health record if their patients have restricted availability to some documents.
  • Paucity of practical consumer information, beyond the very general. Detailing real-life use of the PCEHR will be essential to establishing trust of consumers generally – particularly those with stigmatising conditions such as HIV.


The PCEHR is almost upon us, and there is much to welcome, including the fact that consumers will eventually be able to gain access to a range of their health information. However, expectations for the July rollout should be modest. Initially, only some types of information will be available, while at the same time only certain healthcare providers will be willing and able to participate in the system.

Most significantly, the HIV sector must be able to confidently advise our members/constituents of the system’s pros and cons, including the risk that information collected may be able to be accessed contrary to an individual’s will, for legal/investigative purposes.


1What is a PCEHR?. National E-Health Transition Authority. Retrieved from: www.nehta.gov.au

2 Department of Health and Ageing, Concept of Operations: Relating to the introduction of a Personally Controlled Electronic Health Record System, Canberra, September 2011, 55. Retrieved from: www.yourhealth.gov.au

3 What is a PCEHR?, op. cit.

4 Department of Health and Ageing, op. cit.

5 ibid.

6 National E-Health Transition Authority website, op. cit.

7 Department of Health and Ageing, op. cit.

8 ibid.

9 ibid.

10 ibid.

11 ibid.


13 ibid.

14 ibid.


16 ibid.

17 ibid.

18Personally Controlled Electronic Health Records Bill 2011, Explanatory Memorandum, 54. Retrieved from: http://parlinfo.aph.gov.au

19 Privacy Act 1988. Retrieved from: www.austlii.edu.au

20 Australian Medical Association (2012, April 12). Draft AMA Guide to Using the PCEHR, point 6.1.7, 18. Retrieved from: http://ama.com.au/draft-ama-guide-using-pcehr

Michael Frommer is Policy Analyst at AFAO.