关于知识产权 知识产权培训 树立尊重知识产权的风尚 知识产权外联 部门知识产权 知识产权和热点议题 特定领域知识产权 专利和技术信息 商标信息 工业品外观设计信息 地理标志信息 植物品种信息(UPOV) 知识产权法律、条约和判决 知识产权资源 知识产权报告 专利保护 商标保护 工业品外观设计保护 地理标志保护 植物品种保护(UPOV) 知识产权争议解决 知识产权局业务解决方案 知识产权服务缴费 谈判与决策 发展合作 创新支持 公私伙伴关系 人工智能工具和服务 组织简介 与产权组织合作 问责制 专利 商标 工业品外观设计 地理标志 版权 商业秘密 WIPO学院 讲习班和研讨会 知识产权执法 WIPO ALERT 宣传 世界知识产权日 WIPO杂志 案例研究和成功故事 知识产权新闻 产权组织奖 企业 高校 土著人民 司法机构 遗传资源、传统知识和传统文化表现形式 经济学 金融 无形资产 性别平等 全球卫生 气候变化 竞争政策 可持续发展目标 前沿技术 移动应用 体育 旅游 PATENTSCOPE 专利分析 国际专利分类 ARDI - 研究促进创新 ASPI - 专业化专利信息 全球品牌数据库 马德里监视器 Article 6ter Express数据库 尼斯分类 维也纳分类 全球外观设计数据库 国际外观设计公报 Hague Express数据库 洛迦诺分类 Lisbon Express数据库 全球品牌数据库地理标志信息 PLUTO植物品种数据库 GENIE数据库 产权组织管理的条约 WIPO Lex - 知识产权法律、条约和判决 产权组织标准 知识产权统计 WIPO Pearl(术语) 产权组织出版物 国家知识产权概况 产权组织知识中心 产权组织技术趋势 全球创新指数 世界知识产权报告 PCT - 国际专利体系 ePCT 布达佩斯 - 国际微生物保藏体系 马德里 - 国际商标体系 eMadrid 第六条之三(徽章、旗帜、国徽) 海牙 - 国际外观设计体系 eHague 里斯本 - 国际地理标志体系 eLisbon UPOV PRISMA UPOV e-PVP Administration UPOV e-PVP DUS Exchange 调解 仲裁 专家裁决 域名争议 检索和审查集中式接入(CASE) 数字查询服务(DAS) WIPO Pay 产权组织往来账户 产权组织各大会 常设委员会 会议日历 WIPO Webcast 产权组织正式文件 发展议程 技术援助 知识产权培训机构 COVID-19支持 国家知识产权战略 政策和立法咨询 合作枢纽 技术与创新支持中心(TISC) 技术转移 发明人援助计划(IAP) WIPO GREEN 产权组织的PAT-INFORMED 无障碍图书联合会 产权组织服务创作者 WIPO Translate 语音转文字 分类助手 成员国 观察员 总干事 部门活动 驻外办事处 职位空缺 采购 成果和预算 财务报告 监督
Arabic English Spanish French Russian Chinese
法律 条约 判决 按管辖区浏览

Health Legislation Amendment (eHealth) Act 2015, 澳大利亚

返回
WIPO Lex中的最新版本
详情 详情 版本年份 2016 日期 生效: 2015年11月26日 议定: 2015年11月26日 文本类型 其他文本 主题 版权与相关权利(邻接权), 其他, 专利(发明), 商标 Schedule 1 of this Act provides for amendments to the Copyright Act 1968.

可用资料

主要文本 相关文本
主要文本 主要文本 英语 Health Legislation Amendment (eHealth) Act 2015        
 
下载PDF open_in_new
 Health Legislation Amendment (eHealth) Act 2015

Note: An electronic version of this Act is available in ComLaw (http://www.comlaw.gov.au/)

Health Legislation Amendment (eHealth)

An Act to amend the law in relation to healthcare

identifiers, electronic health records and other

information relating to health, and for related

Authorised Version C2015A00157

Act 2015

No. 157, 2015

purposes

Authorised Version C2015A00157

Authorised Version C2015A00157

Contents 1 Short title ...........................................................................................1

2 Commencement.................................................................................2

3 Schedules...........................................................................................2

Schedule 1—Healthcare identifiers and health records 3

Part 1—Amendments 3

Copyright Act 1968 3

Healthcare Identifiers Act 2010 5

Personally Controlled Electronic Health Records Act 2012 48

Privacy Act 1988 92

Part 2—Rule-making powers, application and transitional

provisions 95

Schedule 2—Renaming PCEHR as My Health Record 102

Healthcare Identifiers Act 2010 102

Health Insurance Act 1973 103

National Health Act 1953 103

Personally Controlled Electronic Health Records Act 2012 104

Schedule 3—Renaming consumers as healthcare recipients 113

Health Insurance Act 1973 113

National Health Act 1953 113

Personally Controlled Electronic Health Records Act 2012 113

Schedule 4—Further consequential amendments 121

Part 1—Amendments relating to the Legislation Act 2003 121

Personally Controlled Electronic Health Records Act 2012 121

Part 2—Amendments relating to delegations 122

Health Insurance Act 1973 122

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 i

Authorised Version C2015A00157

Authorised Version C2015A00157

Health Legislation Amendment (eHealth)

Act 2015

No. 157, 2015

An Act to amend the law in relation to healthcare

identifiers, electronic health records and other

information relating to health, and for related

purposes

[Assented to 26 November 2015]

The Parliament of Australia enacts:

1 Short title

This Act may be cited as the Health Legislation Amendment

(eHealth) Act 2015.

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 1

Authorised Version C2015A00157

2 Commencement

(1) Each provision of this Act specified in column 1 of the table

commences, or is taken to have commenced, in accordance with

column 2 of the table. Any other statement in column 2 has effect

according to its terms.

Commencement information

Column 1 Column 2 Column 3

Provisions Commencement Date/Details

1. Sections 1 to 3 The day this Act receives the Royal Assent. 26 November

and anything in 2015

this Act not

elsewhere covered

by this table

2. Schedules 1, 2 The day after this Act receives the Royal 27 November

and 3 Assent. 2015

3. Schedule 4, The later of: 5 March 2016

item 1 (a) immediately after the commencement of

the provisions covered by table item 2;

and

(paragraph (b)

applies)

(b) the commencement of Schedule 1 to the

Acts and Instruments (Framework

Reform) Act 2015.

4. Schedule 4, Immediately after the commencement of the 27 November

items 2 and 3 provisions covered by table item 2. 2015

Note: This table relates only to the provisions of this Act as originally

enacted. It will not be amended to deal with any later amendments of

this Act.

(2) Any information in column 3 of the table is not part of this Act.

Information may be inserted in this column, or information in it

may be edited, in any published version of this Act.

3 Schedules

Legislation that is specified in a Schedule to this Act is amended or

repealed as set out in the applicable items in the Schedule

concerned, and any other item in a Schedule to this Act has effect

according to its terms.

Health Legislation Amendment (eHealth) Act 2015 No. 157, 20152

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

Schedule 1—Healthcare identifiers and health records

Part 1—Amendments

Copyright Act 1968

1 After section 44BA

Insert:

44BB Copyright subsisting in works shared for healthcare or related

purposes

(1) The copyright in a work is not infringed by an act comprised in the

copyright in the work if:

(a) the act is done, or authorised to be done:

(i) for a purpose for which the collection, use or disclosure

of health information is required or authorised under the

My Health Records Act 2012; or

(ii) in circumstances in which a permitted general situation

exists under item 1 of the table in subsection 16A(1) of

the Privacy Act 1988 (serious threat to life, health or

safety), or would exist if the act were done, or

authorised to be done, by an entity that is an APP entity

for the purposes of that Act; or

(iii) in circumstances in which a permitted health situation

exists under section 16B of the Privacy Act 1988, or

would exist if the act were done, or authorised to be

done, by an entity that is an organisation for the

purposes of that Act; or

(iv) for any other purpose relating to healthcare, or the

communication or management of health information,

prescribed by the regulations; and

(b) either:

(i) the work is substantially comprised of health

information; or

(ii) the work allows for the storage, retrieval or use of

health information and it is reasonably necessary to do

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 3

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

the act, or authorise it to be done, in circumstances that

would otherwise infringe copyright in the work.

(2) In this section:

healthcare has the same meaning as in the My Health Records Act

2012.

health information has the same meaning as in the My Health

Records Act 2012.

2 After section 104B

Insert:

104C Copyright subsisting in sound recordings and cinematograph

films shared for healthcare or related purposes

(1) The copyright in a cinematograph film or a sound recording is not

infringed by an act comprised in the copyright in the film or

recording if:

(a) the act is done, or authorised to be done:

(i) for a purpose for which the collection, use or disclosure

of health information is required or authorised under the

My Health Records Act 2012; or

(ii) in circumstances in which a permitted general situation

exists under item 1 of the table in subsection 16A(1) of

the Privacy Act 1988 (serious threat to life, health or

safety), or would exist if the entity doing the thing were

an APP entity for the purposes of that Act; or

(iii) in circumstances in which a permitted health situation

exists under section 16B of the Privacy Act 1988, or

would exist if the entity doing the thing were an

organisation for the purposes of that Act; or

(iv) for any other purpose relating to healthcare, or the

communication or management of health information,

prescribed by the regulations; and

(b) either:

(i) the film or recording is substantially comprised of

health information; or

(ii) the film or recording allows for the storage, retrieval or

use of health information and it is reasonably necessary

Health Legislation Amendment (eHealth) Act 2015 No. 157, 20154

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

to do the act, or authorise it to be done, in circumstances

that would otherwise infringe copyright in the work.

(2) In this section:

healthcare has the same meaning as in the My Health Records Act

2012.

health information has the same meaning as in the My Health

Records Act 2012.

Healthcare Identifiers Act 2010

3 After section 3

Insert:

3A Simplified outline of this Act

Under this Act, healthcare identifiers are assigned to healthcare

recipients, individual healthcare providers and healthcare provider

organisations.

There are strict rules on:

(a) the verification of a person’s identity before a healthcare

identifier is assigned; and

(b) the purposes for which a healthcare identifier can be

collected, used and disclosed; and

(c) the purposes for which the identifying information of a

healthcare recipient, a healthcare provider or a

healthcare provider organisation can be collected, used

and disclosed.

This Act facilitates the use of the healthcare identifier for the

purposes of communicating and managing health information

about a healthcare recipient (including through the My Health

Record system).

This Act also facilitates:

(a) the creation of a Healthcare Provider Directory, to allow

healthcare providers to check the professional and

business details of healthcare providers; and

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 5

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

(b) the use of authenticated electronic communications by

healthcare providers.

4 Section 5

Insert:

Australian law has the same meaning as in the Privacy Act 1988.

5 Section 5

Insert:

authorised representative of a healthcare recipient has the same

meaning as in the My Health Records Act 2012.

6 Section 5

Insert:

civil penalty provision has the same meaning as in the Regulatory

Powers Act.

7 Section 5

Insert:

court/tribunal order has the same meaning as in the Privacy Act

1988.

8 Section 5 (definition of data source)

Repeal the definition.

9 Section 5 (definitions of Human Services Department and Human Services Minister)

Repeal the definitions.

10 Section 5

Insert:

linked: an individual healthcare provider is linked to a healthcare

provider organisation if:

(a) the individual healthcare provider is an employee of the

healthcare provider organisation; or

Health Legislation Amendment (eHealth) Act 2015 No. 157, 20156

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

(b) the healthcare provider organisation provides support

services or facilities to the individual healthcare provider, to

facilitate the provision of healthcare by the individual

healthcare provider.

11 Section 5 (definitions of Medicare Benefits Program and medicare program)

Repeal the definitions.

12 Section 5 (definition of Ministerial Council)

Repeal the definition, substitute:

Ministerial Council means the council (however described)

established by the Council of Australian Governments that has

responsibility for health matters.

13 Section 5

Insert:

My Health Records Act means the My Health Records Act 2012.

14 Section 5

Insert:

network of healthcare provider organisations has the meaning

given by subsection 9A(4).

15 Section 5 (definition of network organisation)

Repeal the definition, substitute:

network organisation within a network has the meaning given by

subsection 9A(6).

16 Section 5

Insert:

nominated representative of a healthcare recipient has the same

meaning as in the My Health Records Act 2012.

17 Section 5 (definition of organisation maintenance officer)

Repeal the definition, substitute:

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 7

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

organisation maintenance officer for a healthcare provider

organisation has the meaning given by subsection 9A(8).

18 Section 5

Insert:

personal information has the same meaning as in the Privacy Act

1988.

19 Section 5 (definition of Pharmaceutical Benefits Program)

Repeal the definition.

20 Section 5 (definition of professional and business details)

Repeal the definition.

21 Section 5 (definition of public body)

Repeal the definition.

22 Section 5

Insert:

Regulatory Powers Act means the Regulatory Powers (Standard

Provisions) Act 2014.

23 Section 5 (definition of responsible officer)

Repeal the definition, substitute:

responsible officer for a healthcare provider organisation has the

meaning given by subsection 9A(7).

24 Section 5 (definition of seed organisation)

Repeal the definition, substitute:

seed organisation for a network has the meaning given by

subsection 9A(5).

25 Section 5 (definition of service operator)

Repeal the definition, substitute:

service operator has the meaning given by section 6.

Health Legislation Amendment (eHealth) Act 2015 No. 157, 20158

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

26 After section 5

Insert:

6 Identity of service operator

The service operator is:

(a) the Chief Executive Medicare; or

(b) if a body established by a law of the Commonwealth is

prescribed by the regulations to be the service operator—that

body.

Note: Section 33 provides that the Minister must consult with the Ministerial

Council before making regulations.

27 After paragraphs 7(1)(b) and (2)(b)

Insert:

(ba) the email address, telephone number and fax number of the

healthcare provider;

28 At the end of subsection 7(3)

Add:

; (i) other information that is prescribed by the regulations for the

purpose of this paragraph.

29 Before section 9

Insert:

9AA Simplified outline of this Part

Healthcare identifiers are assigned to healthcare recipients,

individual healthcare providers and healthcare provider

organisations.

The service operator assigns healthcare identifiers to healthcare

recipients. A national registration authority will usually assign a

healthcare identifier to an individual healthcare provider, although

there are a number of cases in which a healthcare provider is not

registered by such an authority. In those cases, the healthcare

identifier is assigned by the service operator. The service operator

assigns a healthcare identifier to a healthcare provider organisation.

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 9

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

For a healthcare provider organisation to be assigned a healthcare

identifier, the organisation must have at least one employee who is

an individual healthcare provider providing healthcare as part of

his or her duties, a responsible officer and an organisation

maintenance officer. The responsible officer may also be the

organisation maintenance officer. If the organisation is part of, or

subordinate to, another healthcare provider organisation, it need

not have its own responsible officer.

A sole practitioner may be registered as a healthcare provider

organisation.

If the service operator refuses to assign a healthcare identifier, a

person whose interests are affected by the decision may ask the

service operator to reconsider the decision. A person may apply to

the Administrative Appeals Tribunal for review of the service

operator’s reconsidered decision.

The service operator must keep a record of the healthcare

identifiers assigned, and other information relating to the

healthcare identifiers including details of requests to the service

operator to disclose a healthcare identifier.

30 Subsection 9(6)

After “healthcare identifier”, insert “of a healthcare recipient or of an

individual healthcare provider”.

31 Section 9A

Repeal the section, substitute:

9A Classes of healthcare provider that may be assigned a healthcare

identifier by the service operator

Healthcare identifiers for individual healthcare providers

(1) The service operator may, under paragraph 9(1)(a), assign a

healthcare identifier to an individual healthcare provider if:

(a) the individual healthcare provider is registered by a

registration authority as a member of a health profession; or

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201510

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

(b) the individual healthcare provider is a member of a

professional association that:

(i) relates to the healthcare that has been, is, or is to be,

provided by the member; and

(ii) has uniform national membership requirements, whether

or not in legislation.

Healthcare identifiers for a healthcare provider organisation that

is a seed organisation, or is not part of a network

(2) The service operator may, under paragraph 9(1)(a), assign a

healthcare identifier to a healthcare provider organisation that is a

seed organisation for a network, or that is not part of a network, if:

(a) at least one of the employees of the organisation is an

individual who:

(i) is an identified healthcare provider; and

(ii) provides healthcare as part of his or her duties; and

(b) one, and only one of the employees of the organisation is the

responsible officer for the organisation; and

(c) either:

(i) the organisation has at least one other employee who is

an organisation maintenance officer for the

organisation; or

(ii) the responsible officer for the organisation is also the

organisation maintenance officer for the organisation.

Healthcare identifiers for network organisations

(3) The service operator may, under paragraph 9(1)(a), assign a

healthcare identifier to a healthcare provider organisation that is a

network organisation within a network if:

(a) the seed organisation for the network:

(i) has been assigned a healthcare identifier that has not

been retired; and

(ii) does not object to the network organisation being

assigned a healthcare identifier under this subsection;

and

(b) the responsible officer for the seed organisation for the

network is also the responsible officer for every network

organisation within the network; and

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 11

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

(c) there is an organisation maintenance officer for the network

organisation; and

(d) the organisation maintenance officer for the network

organisation is:

(i) an employee of the network organisation (the first

network organisation); or

(ii) an employee of the seed organisation for the network; or

(iii) an employee of another network organisation within the

network that is hierarchically superior to the first

network organisation.

What is a network of healthcare provider organisations?

(4) A network of healthcare provider organisations is a group of

healthcare provider organisations each of which satisfies one of the

following criteria:

(a) the healthcare provider organisation is part of, or subordinate

to, another healthcare provider organisation within the group;

(b) another healthcare provider organisation within the group is

part of, or subordinate to, the healthcare provider

organisation.

What is the seed organisation for a network?

(5) A healthcare provider organisation is the seed organisation for a

network if:

(a) there is at least one other healthcare provider organisation

that is part of, or subordinate to, the organisation; and

(b) the organisation is not itself part of, or subordinate to,

another healthcare provider organisation.

What is a network organisation within a network?

(6) A healthcare provider organisation is a network organisation

within a network if it is part of, or subordinate to, another

healthcare provider organisation within the network.

Responsible officers

(7) A person is the responsible officer for a healthcare provider

organisation if the duties of the person include the following:

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201512

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

(a) nominating the organisation maintenance officer or officers

for the organisation to the service operator;

(b) requesting the assignment or retirement of a healthcare

identifier for the organisation;

(c) if there is a network organisation of the organisation:

(i) nominating the organisation maintenance officer for the

network organisation to the service operator; and

(ii) requesting the assignment or retirement of a healthcare

identifier for the network organisation;

(d) if the organisation is part of a merger or acquisition—

requesting the merger or reconfiguration of a healthcare

identifier for the organisation.

Organisation maintenance officers

(8) A person is an organisation maintenance officer for a healthcare

provider organisation if the duties of the person include the

following:

(a) nominating to the service operator at least one additional

person to be an organisation maintenance officer of the

organisation, if required;

(b) maintaining information that is held by the service operator

about the organisation;

(c) providing current details to the service operator about the

organisation for inclusion in the Healthcare Provider

Directory;

(d) providing any other information requested by the service

operator about the organisation for which the organisation

maintenance officer is responsible;

(e) if the organisation (the seed organisation) has a network

organisation:

(i) nominating to the service operator another person who

meets the employment criteria in paragraph (3)(d) to be

the organisation maintenance officer for the network

organisation—either on the initiative of the seed

organisation or if required by the service operator to do

so;

(ii) requesting the assignment or retirement of a healthcare

identifier for the network organisation;

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 13

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

(iii) maintaining information that is held by the service

operator about the network organisation;

(iv) providing current details to the service operator about

the network organisation for inclusion in the Healthcare

Provider Directory;

(v) providing any other information requested by the

service operator about the network organisation for

which the organisation maintenance officer is

responsible;

(vi) if the network organisation is part of a merger or

acquisition—requesting the merger or reconfiguration

of a healthcare identifier for the organisation.

Sole practitioners

(9) The service operator may assign a healthcare identifier under

paragraph 9(1)(a) to a healthcare provider organisation that is a

sole practitioner even though subsection (2) is not satisfied, if the

sole practitioner:

(a) provides healthcare as part of his or her duties; and

(b) performs the duties of a responsible officer and organisation

maintenance officer.

Duties of the responsible officer performed by another person

(10) For the purposes of subsection (7), a person does not cease to be a

responsible officer for a healthcare provider organisation if a duty

mentioned in subsection (7) is performed by another employee of

the organisation on behalf of the person.

32 Section 10

Omit “Division 2 or 2A of Part 3”, substitute “Division 2 or 3 of

Part 3”.

33 Part 3 (heading)

Repeal the heading, substitute:

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201514

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

Part 3—Collection, use and disclosure of healthcare

identifiers, identifying information and

other information

34 Divisions 1, 2, 2A and 3 of Part 3

Repeal the Divisions, substitute:

Division 1—Simplified outline of this Part

11 Simplified outline of this Part

This Part authorises the collection, use and disclosure of healthcare

identifiers, identifying information and other information.

Healthcare identifiers and other information relating to healthcare

recipients

The service operator may collect information about a healthcare

recipient from various sources for the purpose of assigning a

healthcare identifier to the recipient. Once a healthcare identifier is

assigned to a healthcare recipient, the service operator may

disclose it to healthcare providers to assist in communicating and

managing health information. The healthcare identifier may also be

disclosed to other entities to assist in the operation of the My

Health Record system.

A healthcare provider can obtain the healthcare identifier of a

healthcare recipient from the service operator, so that the

healthcare provider can communicate and manage health

information. The healthcare provider can use the healthcare

identifier in providing healthcare, for example, by using it to access

the My Health Record of a healthcare recipient.

Healthcare identifiers and other information relating to healthcare

providers

Under Part 2, the service operator must keep a record of the

healthcare identifiers that have been assigned and other

information relating to healthcare identifiers. As a national

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 15

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

registration authority assigns healthcare identifiers to most

healthcare providers, the service operator may obtain information

for the record from a national registration authority.

Under Part 2, the service operator assigns healthcare identifiers to

healthcare providers in a number of cases. The service operator

may collect information about a healthcare provider from various

sources for the purposes of assigning those identifiers.

The service operator may disclose the healthcare identifiers of

healthcare providers to healthcare providers to assist in

communicating and managing health information. The healthcare

identifier may also be disclosed to other entities to assist in the

operation of the My Health Record system.

A healthcare provider can obtain the healthcare identifier of a

healthcare provider from the service operator, so that the healthcare

provider can communicate and manage health information. This

includes the use of the identifier in electronic transmissions. The

collection, use and disclosure of identifying information and

healthcare identifiers is permitted for the purposes of

authenticating a healthcare provider’s identity in electronic

transmissions.

A person must not use or disclose information collected for the

purposes of the Act or healthcare identifiers, except where required

or authorised to do so under the Act or in other limited

circumstances. Criminal and civil penalties apply if this obligation

is breached.

Division 2—Healthcare recipients

12 Collection, use and disclosure—assigning a healthcare identifier

to a healthcare recipient

An entity mentioned in column 1 of an item of the following table,

is authorised to take action of the kind described in column 2 of

that item with information of the kind described in column 3 of that

item in the circumstances described in column 4 of that item.

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201516

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

Collection, use and disclosure for the purpose of assigning a healthcare

identifier to a healthcare recipient

Item Column 1

Entity

Column 2

Permitted action

Column 3

Information

Column 4

Circumstances

1 identified use identifying the use or disclosure

healthcare disclose to the information of is for the purpose of

provider service operator a healthcare

recipient

assisting the service

operator to assign a

healthcare identifier

to the healthcare

recipient

2 Chief use identifying the use or disclosure

Executive disclose to the information of is for the purpose of

Medicare

Veterans’

service operator a healthcare

recipient

assisting the service

operator to assign a

Affairs healthcare identifier

Department

Defence

to the healthcare

recipient

Department

3 service collect from:

operator (a) an identified

healthcare

provider; or

(b) the Chief

Executive

Medicare; or

(c) the Veterans’

Affairs

Department;

or

(d) the Defence

Department

use

identifying the collection or use

information of is for the purpose of

a healthcare assigning a healthcare

recipient identifier to a

healthcare recipient

13 Collection, use and disclosure—establishing and maintaining a

record of healthcare identifiers for healthcare recipients

An entity mentioned in column 1 of an item of the following table,

is authorised to take action of the kind described in column 2 of

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 17

Authorised Version C2015A00157

2

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

that item with information of the kind described in column 3 of that

item in the circumstances described in column 4 of that item.

Collection, use and disclosure for the purpose of establishing and maintaining a

record of healthcare identifiers for healthcare recipients

Item Column 1 Column 2 Column 3 Column 4

Entity Permitted action Information Circumstances

1 any entity use healthcare the use or disclosure

that has disclose to the identifier of is for the purposes of

access to the

healthcare service operator the healthcare

recipient

assisting the service

operator to establish

identifier of information and maintain a record

a healthcare that relates to mentioned in

recipient the healthcare section 10 (a record

identifier of of healthcare

the healthcare identifiers assigned

recipient and other matters,

such as requests

made to the service

operator to disclose

those identifiers)

service

operator

collect from any

entity that has

access to the

healthcare

identifier of a

healthcare

recipient

use

healthcare

identifier of

the healthcare

recipient

information

that relates to

the healthcare

identifier of

the healthcare

recipient

the collection or use

is for the purposes of

establishing and

maintaining a record

mentioned in

section 10 (a record

of healthcare

identifiers assigned

and other matters,

such as requests

made to the service

operator to disclose

those identifiers)

14 Collection, use and disclosure—providing healthcare to a

healthcare recipient

(1) An entity mentioned in column 1 of an item of the following table,

is authorised to take action of the kind described in column 2 of

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201518

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

that item with information of the kind described in column 3 of that

item in the circumstances described in column 4 of that item.

Collection, use and disclosure for the purpose of providing healthcare to a

healthcare recipient

Item Column 1 Column 2 Column 3 Column 4

Entity Permitted action Information Circumstances

1 identified use identifying the use or disclosure

healthcare disclose to the information of is for the purpose of

provider service operator a healthcare

recipient

assisting the service

operator to disclose

the healthcare

identifier of the

healthcare recipient

to the healthcare

provider

2 service collect from an identifying the collection, use or

operator identified information of disclosure is for the

healthcare a healthcare purpose of disclosing

provider recipient the healthcare

use identifier of the

disclose to an

identified

healthcare

healthcare recipient

to the healthcare

provider

provider

3 service use healthcare

operator disclose to an identifier of a

identified healthcare

healthcare recipient

provider

the use or disclosure

is for the purpose of

assisting the

healthcare provider to

communicate or

manage health

information, as part

of providing

healthcare to the

healthcare recipient

4 identified collect from the healthcare the collection is for

healthcare service operator identifier of a the purpose of

provider healthcare communicating or

recipient managing health

information, as part

of providing

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 19

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

Collection, use and disclosure for the purpose of providing healthcare to a

healthcare recipient

Item Column 1 Column 2 Column 3 Column 4

Entity Permitted action Information Circumstances

5 healthcare use healthcare

provider identifier of adisclose to healthcareanother entity recipient

healthcare to the

healthcare recipient

the use or disclosure

is for the purpose of

communicating or

managing health

information as part

of:

(a) the provision of

healthcare to the

healthcare

recipient; or

(b) the management

(including the

investigation or

resolution of

complaints),

funding,

monitoring or

evaluation of

healthcare; or

(c) the provision of

indemnity cover

for a healthcare

provider; or

(d) the conduct of

research that has

been approved by

a Human

Research Ethics

Committee

6 entity to collect healthcare the collection, use or

whom

healthcare

identifier of

use

disclose

identifier of a

healthcare

recipient

disclosure is for the

purpose for which the

information was

a healthcare disclosed

recipient is

disclosed for

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201520

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

Collection, use and disclosure for the purpose of providing healthcare to a

healthcare recipient

Item Column 1 Column 2 Column 3 Column 4

Entity Permitted action Information Circumstances

a purpose

mentioned in

column 4 of

item 5

(2) This section does not authorise the collection, use or disclosure of

the healthcare identifier of a healthcare recipient for the purpose of

communicating or managing health information as part of:

(a) underwriting a contract of insurance that covers the

healthcare recipient; or

(b) determining whether to enter into a contract of insurance that

covers the healthcare recipient (whether alone or as a

member of a class); or

(c) determining whether a contract of insurance covers the

healthcare recipient in relation to a particular event; or

(d) employing the healthcare recipient.

15 Collection, use and disclosure—My Health Record system

The service operator is authorised to collect, use and disclose:

(a) identifying information of a healthcare recipient, an

authorised representative of a healthcare recipient or a

nominated representative of a healthcare recipient; and

(b) the healthcare identifier of a healthcare recipient, an

authorised representative of a healthcare recipient or a

nominated representative of a healthcare recipient;

for the purposes of the My Health Record system.

16 Collection, use and disclosure—aged care

An entity mentioned in column 1 of an item of the following table,

is authorised to take action of the kind described in column 2 of

that item with information of the kind described in column 3 of that

item in the circumstances described in column 4 of that item.

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 21

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

Collection, use and disclosure for an aged care purpose

Item

1

2

Column 1

Entity

identified

healthcare

provider

Aged Care

Department

Column 2

Permitted action

disclose to the

Aged Care

Department

collect from an

identified

healthcare

provider

use

disclose to an

identified

healthcare

provider

Column 3

Information

identifying

information of

a healthcare

recipient

identifying

information of

a healthcare

recipient

Column 4

Circumstances

the disclosure is for

an aged care purpose

the collection, use or

disclosure is for an

aged care purpose

3 identified

healthcare

provider

collect from the

Aged Care

Department

use

identifying

information of

a healthcare

recipient

the collection or use

is for an aged care

purpose

4 Aged Care

Department

disclose to the

service operator

identifying

information of

a healthcare

recipient

the disclosure is for

an aged care purpose

5 service

operator

collect from the

Aged Care

Department

use

identifying

information of

a healthcare

recipient

the collection or use

is for an aged care

purpose

6 service

operator

use

disclose to the

Aged Care

Department

healthcare

identifier of a

healthcare

recipient

the use or disclosure

is for an aged care

purpose

7 healthcare

provider

disclose to the

Aged Care

Department

healthcare

identifier of a

healthcare

recipient

the disclosure is for

an aged care purpose

8 Aged Care

Department

collect from the

service operator

or a healthcare

healthcare

identifier of a

healthcare

the collection or use

is for an aged care

purpose

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201522

Authorised Version C2015A00157

1

2

Healthcare identifiers and health records Schedule 1

Amendments Part 1

Collection, use and disclosure for an aged care purpose

Item Column 1 Column 2 Column 3 Column 4

Entity Permitted action Information Circumstances

provider recipient

use

17 Adopting the healthcare identifier of a healthcare recipient etc.

An entity mentioned in column 1 of an item of the following table,

may adopt the healthcare identifier of a healthcare recipient, an

authorised representative of a healthcare recipient or a nominated

representative of a healthcare recipient, for a purpose mentioned in

column 2 of the item.

Adopting the healthcare identifier of a healthcare recipient

Item Column 1 Column 2

Entity Purpose

healthcare provider for use as the healthcare provider’s

own identifier of the healthcare

recipient, the authorised

representative of a healthcare

representative or the nominated

representative of a healthcare

recipient

My Health Record System Operator for use as the My Health Record

System Operator’s own identifier for

the purposes of the My Health

Record system

3 registered repository operator for use as that operator’s own

registered portal operator identifier for the purposes of the My

Health Record system

18 Disclosure of the healthcare identifier of a healthcare recipient to

the healthcare recipient etc.

Any of the following entities may disclose the healthcare identifier

of a healthcare recipient to the healthcare recipient, or a

responsible person (within the meaning of the Privacy Act 1988)

for the healthcare recipient:

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 23

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

(a) the service operator;

(b) the My Health Record System Operator;

(c) a healthcare provider.

19 Other information relating to the healthcare identifier of a

healthcare recipient may be disclosed by the service

operator

The service operator may disclose information included in the

record the service operator maintains under section 10 in relation to

a healthcare recipient to:

(a) the healthcare recipient; or

(b) a responsible person (within the meaning of the Privacy Act

1988) for the healthcare recipient.

20 Regulations relating to the healthcare identifier and identifying

information of a healthcare recipient etc.

Collection, use or disclosure for other purposes

(1) The regulations may authorise the collection, use or disclosure of

the following information:

(a) identifying information of a healthcare recipient, authorised

representative of a healthcare recipient or nominated

representative of a healthcare recipient;

(b) the healthcare identifier of a healthcare recipient, authorised

representative of a healthcare recipient or nominated

representative of a healthcare recipient.

Adoption for other purposes

(2) The regulations may authorise the adoption of the healthcare

identifier of a healthcare recipient, authorised representative of a

healthcare recipient or a nominated representative of healthcare

recipient in the circumstances prescribed by the regulations.

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201524

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

Purposes for which regulation-making powers in subsections (1)

and (2) may be used

(3) However, the regulations may only authorise the collection, use,

disclosure or adoption of that information for purposes related to

one or more of the following:

(a) providing healthcare to healthcare recipients, or a class of

healthcare recipients;

(b) determining whether adequate and appropriate healthcare is

available to healthcare recipients, or a class of healthcare

recipients;

(c) facilitating the provision of adequate and appropriate

healthcare to healthcare recipients, or a class of healthcare

recipients;

(d) assisting persons who, because of health issues (including

illness, disability or injury), require support;

(e) the My Health Record system.

Procedures relating to the disclosure of healthcare identifiers

(4) The regulations may prescribe rules about the process for

disclosing the healthcare identifiers of healthcare recipients,

including rules about requests to the service operator to disclose

healthcare identifiers of healthcare recipients.

Information about disclosures by service operator

(5) If the service operator discloses a healthcare identifier of a

healthcare recipient to an entity, the regulations may require the

entity to provide prescribed information to the service operator in

relation to the disclosure.

Division 3—Healthcare providers

21 Collection, use and disclosure—assigning a healthcare identifier

to a healthcare provider

An entity mentioned in column 1 of an item of the following table,

is authorised to take action of the kind described in column 2 of

that item with information of the kind described in column 3 of that

item in the circumstances described in column 4 of that item.

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 25

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

Collection, use and disclosure for the purpose of assigning a healthcare

identifier to a healthcare provider

Item

1

Column 1

Entity

service

operator

Column 2

Permitted action

collect from:

(a) the Chief

Executive

Medicare; or

(b) the Veterans’

Affairs

Department;

or

(c) the Defence

Department

use

Column 3

Information

identifying

information of

a healthcare

provider

Column 4

Circumstances

the collection or use

is for the purpose of

assigning a healthcare

identifier to the

healthcare provider

2

3

Chief

Executive

Medicare

Veterans’

Affairs

Department

Defence

Department

service

operator

use

disclose to the

service operator

collect from a

healthcare

provider

use

identifying

information of

a healthcare

provider

information

requested by

the service

operator under

section 9B

the use or disclosure

is for the purpose of

assisting the service

operator to assign a

healthcare identifier

to the healthcare

provider

the collection or use

is for the purpose of

assigning a healthcare

identifier to the

healthcare provider

22 Collection, use and disclosure—establishing and maintaining a

record of healthcare identifiers for healthcare providers

An entity mentioned in column 1 of an item of the following table,

is authorised to take action of the kind described in column 2 of

that item with information of the kind described in column 3 of that

item in the circumstances described in column 4 of that item.

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201526

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

Collection, use and disclosure for the purpose of establishing and maintaining a

record of healthcare identifiers for healthcare providers

Item Column 1 Column 2 Column 3 Column 4

Entity Permitted action Information Circumstances

1 a national use healthcare the use or disclosure

registration disclose to the identifier of a is for the purposes of

authority service operator healthcare

provider

assisting the service

operator to establish

information and maintain a record

that relates to mentioned in

the healthcare section 10 (a record

identifier of a of healthcare

healthcare identifiers assigned

provider and other matters,

such as requests

made to the service

operator to disclose

those identifiers)

2 service collect from a

operator national

registration

authority

use

healthcare

identifier of a

healthcare

provider

information

that relates to

the healthcare

identifier of a

healthcare

provider

the collection or use

is for the purposes of

establishing and

maintaining a record

mentioned in

section 10 (a record

of healthcare

identifiers assigned

and other matters,

such as requests

made to the service

operator to disclose

those identifiers)

23 Collection, use and disclosure—providing healthcare

An entity mentioned in column 1 of an item of the following table,

is authorised to take action of the kind described in column 2 of

that item with information of the kind described in column 3 of that

item in the circumstances described in column 4 of that item.

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 27

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

Collection, use and disclosure for the purpose of providing healthcare

Item Column 1 Column 2 Column 3 Column 4

Entity Permitted action Information Circumstances

1 identified use identifying the use or disclosure

healthcare disclose to the information of is for the purpose of

provider service operator a healthcare

provider

assisting the

healthcare provider to

communicate or

manage health

information, as part

of providing

healthcare to a

healthcare recipient

2 service collect from an identifying

operator identified information of

healthcare a healthcare

provider provider

the collection is for

the purpose of

assisting the

healthcare provider to

communicate or

manage health

information, as part

of providing

healthcare to a

healthcare recipient

3 service use healthcare

operator disclose to an identifier of a

identified healthcare

healthcare provider

provider

the use or disclosure

is for the purpose of

assisting the

healthcare provider to

communicate or

manage health

information, as part

of providing

healthcare to a

healthcare recipient

4 identified collect from the healthcare the collection is for

healthcare service operator identifier of a the purpose of

provider healthcare communicating or

provider managing health

information, as part

of providing

healthcare to a

healthcare recipient

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201528

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

Collection, use and disclosure for the purpose of providing healthcare

Item Column 1 Column 2 Column 3 Column 4

Entity Permitted action Information Circumstances

5 healthcare collect from healthcare the collection, use or

provider another healthcare identifier of a disclosure is the

provider healthcare purpose of

use provider communicating or

disclose to

another healthcare

provider

managing health

information, as part

of providing

healthcare to a

healthcare recipient

24 Collection, use and disclosure—My Health Record system

The service operator is authorised to collect, use and disclose:

(a) identifying information of a healthcare provider; and

(b) the healthcare identifier of a healthcare provider;

for the purposes of the My Health Record system.

25 Collection, use and disclosure—enabling authentication in

electronic communications

An entity mentioned in column 1 of an item of the following table,

is authorised to take action of the kind described in column 2 of

that item with information of the kind described in column 3 of that

item in the circumstances described in column 4 of that item.

Collection, use and disclosure for the purpose of facilitating electronic

communications

Item Column 1 Column 2 Column 3 Column 4

Entity Permitted Information Circumstances

action

1 service operator use identifying the use or disclosure

registration disclose to any information of is for the purpose of

authority entity a healthcare enabling the

provider healthcare provider’s

healthcare identity to be

identifier of a authenticated in

electronic

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 29

Authorised Version C2015A00157

2

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

Collection, use and disclosure for the purpose of facilitating electronic

communications

Item Column 1

Entity

Column 2

Permitted

action

Column 3

Information

Column 4

Circumstances

healthcare transmissions

provider

2 an entity to collect from identifying the collection, use or

whom any entity information of disclosure is for the

information is use a healthcare purpose of enabling

disclosed for the

purposes of

enabling a

disclose to any

entity

provider

healthcare

identifier of a

the healthcare

provider’s identity to

be authenticated in

healthcare healthcare electronic

provider’s

identity to be provider transmissions

authenticated in

electronic

communications

25A Collection, use and disclosure—sharing information with

registration authorities

An entity mentioned in column 1 of an item of the following table,

is authorised to take action of the kind described in column 2 of

that item with information of the kind described in column 3 of that

item in the circumstances described in column 4 of that item.

Collection, use and disclosure for the purpose of sharing information with

registration authorities

Item Column 1 Column 2 Column 3 Column 4

Entity Permitted action Information Circumstances

1 service use healthcare the use or disclosure

operator disclose to a identifier of a is for the purpose of

registration

authority

healthcare

provider

assisting the

registration authority

to register the

healthcare provider

registration collect healthcare the collection or use

authority identifier of a is for one of theuse

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201530

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

Collection, use and disclosure for the purpose of sharing information with

registration authorities

Item Column 1 Column 2 Column 3 Column 4

Entity Permitted action Information Circumstances

healthcare following purposes:

provider (a) registering the

healthcare

provider;

(b) performing any

other function of

the registration

authority under an

Australian law

3 service collect from a identifying the collection, use or

operator registration information of disclosure is for the

authority a healthcare purpose of ensuring

use provider that information held

disclose to a

registration

authority

healthcare

identifier of a

healthcare

provider

by the service

operator or the

registration authority

is accurate,

up-to-date and

complete

4 registration collect from the identifying the collection, use or

authority service operator information of disclosure is for the

use a healthcare purpose of ensuring

disclose to the

service operator

provider

healthcare

identifier of a

that information held

by the service

operator or the

healthcare registration authority

provider is accurate,

up-to-date and

complete

25B Adopting the healthcare identifier of a healthcare provider

An entity mentioned in column 1 of an item of the following table,

may adopt the healthcare identifier of a healthcare provider for a

purpose mentioned in column 2 of the item.

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 31

Authorised Version C2015A00157

1

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

Adopting the healthcare identifier of a healthcare provider

Item Column 1 Column 2

Entity Purpose

My Health Record System Operator for use as the My Health Record

System Operator’s own identifier for

the purposes of the My Health

Record system

2 registered repository operator for use as that operator’s own

registered portal operator identifier for the purposes of the My

Health Record system

3 a participant in the My Health

Record system to whom the

healthcare identifier is disclosed by

a registered repository operator or

registered portal operator under

section 58A of the My Health

Records Act

for use in authenticating the identity

of the healthcare provider in

electronic transmissions

a

25C Disclosure of the healthcare identifier of a healthcare provider

to the healthcare provider

Any entity who knows the healthcare identifier of a healthcare

provider may disclose the healthcare identifier to the healthcare

provider.

25D Regulations relating to the healthcare identifier and other

information of a healthcare provider

Collection, use or disclosure for other purposes

(1) The regulations may authorise the collection, use or disclosure of

the following information:

(a) identifying information of a healthcare provider;

(b) the healthcare identifier of a healthcare provider.

Adoption for other purposes

(2) The regulations may authorise the adoption of the healthcare

identifier of a healthcare provider in the circumstances prescribed

by the regulations.

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201532

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

Purposes for which regulation-making powers in subsections (1)

and (2) may be used

(3) However, the regulations may only authorise the collection, use,

disclosure or adoption of that information for purposes related to

one or more of the following:

(a) providing healthcare to healthcare recipients, or a class of

healthcare recipients;

(b) determining whether adequate and appropriate healthcare is

available to healthcare recipients, or a class of healthcare

recipients;

(c) facilitating the provision of adequate and appropriate

healthcare to healthcare recipients, or a class of healthcare

recipients;

(d) assisting persons who, because of health issues (including

illness, disability or injury), require support;

(e) the My Health Record system.

Procedures relating to the disclosure of healthcare identifiers

(4) The regulations may prescribe rules about the process for

disclosing the healthcare identifiers of healthcare providers,

including rules about requests to the service operator to disclose

healthcare identifiers of healthcare providers.

Information about disclosures by service operator

(5) If the service operator discloses a healthcare identifier of a

healthcare provider to an entity, the regulations may require the

entity to provide prescribed information to the service operator in

relation to the disclosure.

Information to be provided to the service operator about the

healthcare identifier of a healthcare provider

(6) The regulations may require an identified healthcare provider to

provide to the service operator information that:

(a) relates to the healthcare provider’s healthcare identifier; and

(b) is prescribed by the regulations for the purposes of this

section.

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 33

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

25E Obligation to keep information accurate, up-to-date and

complete

(1) If a healthcare provider organisation becomes aware that

information held by the service operator in relation to the

organisation is not accurate, up-to-date and complete, the

organisation must:

(a) give the service operator, in writing, accurate, up-to-date and

complete information; and

(b) do so within 20 business days after the organisation becomes

aware that the information held by the service operator is not

accurate, up-to-date and complete.

(2) Subsection (1) does not apply if:

(a) the information that is no longer accurate, up-to-date and

complete is personal information that the service operator

was only able to lawfully obtain with the consent of the

person to whom the information relates; and

(b) instead of giving accurate, up-to-date and complete personal

information within the period specified in that subsection, the

healthcare provider organisation notifies the service operator

within that period, in the manner and form approved by the

service operator, that the person to whom the information

relates has withdrawn consent for the information to be given

to the service operator.

(3) Subsection (1) does not apply if:

(a) the healthcare provider organisation, or an individual

healthcare provider who is linked to the healthcare provider

organisation, is required by an Australian law, or by a lawful

requirement of the national registration authority, to give the

national registration authority the accurate, up-to-date and

complete information; and

(b) the healthcare provider organisation, or the individual

healthcare provider, complies with the requirement.

(4) A person is liable to a civil penalty if:

(a) the person fails to give the service operator information in the

circumstances mentioned in subsection (1); and

(b) the person knows or is reckless as to those circumstances.

Civil penalty: 100 penalty units.

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201534

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

35 Division 4 of Part 3

Repeal the heading, substitute:

Division 4—Unauthorised use and disclosure of healthcare

identifiers and other information obtained under

this Act

36 Section 26

Repeal the section, substitute:

26 Use and disclosure of healthcare identifiers and other

information obtained under this Act

(1) A person must not use or disclose information if:

(a) the person obtains the information in response to a request

under section 9B; or

(b) the person obtains the information in the course of

establishing or maintaining a record for the purposes of

section 10 (a record of healthcare identifiers assigned and

other matters, such as requests made to the service operator

to disclose those identifiers); or

(c) the information is identifying information and the person

obtains the information in circumstances covered by a

requirement or authority under this Act; or

(d) the information is the healthcare identifier of a healthcare

recipient or an individual healthcare provider.

(2) A person must not use or disclose information if the information is

disclosed to the person in contravention of subsection (1).

(3) This section does not apply to the use or disclosure of a healthcare

identifier if:

(a) the use or disclosure of the healthcare identifier is required or

authorised under this Act; or

(b) the use or disclosure of the healthcare identifier is required or

authorised under another Commonwealth law or a

court/tribunal order; or

(c) the use or disclosure is:

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 35

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

(i) by the person to whom the healthcare identifier relates;

and

(ii) for the purposes of, or in connection with, the personal,

family or household affairs of that person (within the

meaning of section 16 of the Privacy Act 1988); or

(d) a permitted general situation of the kind described in item 1,

2, 4 or 5 of the table in subsection 16A(1) of the Privacy Act

1988 exists in relation to the use or disclosure, or would exist

if the person were an APP entity for the purposes of that Act;

or

(e) without limiting the exceptions under this subsection, the use

or disclosure is required or authorised by the Information

Commissioner, or an equivalent officer or agency of a State

or Territory, in exercising powers or performing functions in

relation to privacy.

Note: A defendant bears an evidential burden in relation to the matters in

subsection (3): see subsection 13.3(3) of the Criminal Code.

(4) This section does not apply to the use or disclosure of information

other than a healthcare identifier if:

(a) the use or disclosure of the information is required or

authorised under this Act; or

(b) the use or disclosure of the information is required or

authorised under another Australian law or a court/tribunal

order; or

(c) the information is personal information and the use or

disclosure would not be an interference with the privacy of

the individual for the purposes of the Privacy Act 1988, or

would not be an interference with the privacy of the

individual for the purposes of that Act if the person were an

agency or an organisation for the purposes of that Act; or

(d) without limiting the exceptions under this subsection, the use

or disclosure is required or authorised by the Information

Commissioner, or an equivalent officer or agency of a State

or Territory, in exercising powers or performing functions in

relation to privacy.

Note: A defendant bears an evidential burden in relation to the matters in

subsection (4): see subsection 13.3(3) of the Criminal Code.

(5) A person commits an offence if the person contravenes

subsection (1) or (2).

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201536

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

Penalty: Imprisonment for 2 years or 120 penalty units, or both.

(6) A person is liable to a civil penalty if:

(a) the person uses or discloses information in circumstances

under which the use or disclosure would contravene

subsection (1) or (2); and

(b) the person knows or is reckless as to those circumstances.

Civil penalty: 600 penalty units.

37 Before section 28

Insert:

28AA Simplified outline of this Part

If a person is authorised to collect, use or disclose information

under this Act, the person will not interfere with the privacy of an

individual for the purposes of the Privacy Act 1988 in doing so.

Section 26 imposes a higher standard of privacy in relation to

healthcare identifiers than is imposed in relation to other

information. If a person uses or discloses a healthcare identifier in

circumstances that are not permitted under that section, the person

will not only be subject to criminal and civil penalties. That action

will also be an interference with privacy for the purposes of the

Privacy Act 1988, and can be dealt with as such under that Act.

38 Subsection 29(1)

Omit “An act or practice that contravenes this Act or the regulations in

connection with the healthcare identifier of an individual is taken to

be:”, substitute “An act or practice in connection with a healthcare

identifier of a healthcare recipient or an individual healthcare provider

that contravenes this Act or the regulations, or would contravene this

Act or the regulations but for a requirement relating to state of mind, is

taken to be:”.

39 Paragraph 29(1)(a)

Omit “of the individual”, substitute “of the healthcare recipient or

individual healthcare provider”.

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 37

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

40 Subsection 29(3)

After “healthcare identifier”, insert “of a healthcare recipient or of an

individual healthcare provider”.

41 Before section 31

Insert:

31AA Simplified outline of this Part

The Healthcare Provider Directory is a directory available to

healthcare providers to allow them to find information about other

healthcare providers, such as:

(a) the healthcare identifier of a healthcare provider; and

(b) whether an individual healthcare provider is linked to a

healthcare provider organisation; and

(c) whether a healthcare provider is registered under the My

Health Record system; and

(d) whether a healthcare provider is registered with a

registration authority and the status of that registration

(such as whether it is conditional, suspended, cancelled

or lapsed); and

(e) the type of healthcare provider that an individual is.

42 Section 31

Repeal the section, substitute:

31 Healthcare Provider Directory

(1) The service operator must establish and maintain a record (the

Healthcare Provider Directory) of the professional and business

details of identified healthcare providers.

(2) The service operator is authorised to:

(a) collect and use personal information for the purposes of

establishing and maintaining the Healthcare Provider

Directory; and

(b) disclose personal information on the Healthcare Provider

Directory to an identified healthcare provider;

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201538

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

but, except in the circumstances dealt with in section 31A, only

with the consent of the individual to whom the personal

information relates.

(3) The professional and business details of a healthcare provider

disclosed on the Healthcare Provider Directory may include

information sufficient to allow the person to whom the information

is disclosed to determine any of the following:

(a) the healthcare identifier of a healthcare provider;

(b) identifying information of a healthcare provider;

(c) whether an individual healthcare provider is linked to a

particular healthcare provider organisation;

(d) whether a healthcare provider organisation is a registered

healthcare provider organisation for the purposes of the My

Health Records Act;

(e) whether an individual healthcare provider is registered with a

registration authority and the status of that registration (such

as conditional, suspended, cancelled or lapsed);

(f) the type of healthcare provider that an individual is.

(4) A person to whom the professional and business details of a

healthcare provider is disclosed on the Healthcare Provider

Directory is authorised to collect, use and disclose that

information:

(a) for the purpose of communicating or managing health

information, as part of providing healthcare to a healthcare

recipient; or

(b) in any other circumstances in which the collection, use or

disclosure of the information is required or authorised by or

under an Australian law or a court/tribunal order; or

(c) in any other circumstances in which the collection, use or

disclosure of the information would not be an interference

with privacy under the Privacy Act 1988.

31A Healthcare Provider Directory—sharing information with the

My Health Record System Operator

(1) The service operator is authorised to collect from the My Health

Record System Operator, use and disclose to the My Health

Record System Operator:

(a) identifying information of a healthcare provider; and

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 39

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

(b) the healthcare identifier of a healthcare provider;

for the purposes of the Healthcare Provider Directory.

(2) The My Health Record System Operator is authorised to use and

disclose to the service operator:

(a) identifying information of a healthcare provider; and

(b) the healthcare identifier of a healthcare provider;

for the purposes of the Healthcare Provider Directory.

43 After Part 5

Insert:

Part 5A—Enforcement

31B Simplified outline of this Part

The civil penalty provisions of this Act and the regulations are

enforceable under Part 4 of the Regulatory Powers Act. The

provisions of this Act and the regulations are also enforceable

using enforceable undertakings under Part 6 of the Regulatory

Powers Act, and injunctions under Part 7 of the Regulatory Powers

Act.

31C Civil penalty provisions

Enforceable civil penalty provisions

(1) Each civil penalty provision of this Act and the regulations is

enforceable under Part 4 of the Regulatory Powers Act.

Note: Part 4 of the Regulatory Powers Act allows a civil penalty provision to

be enforced by obtaining an order for a person to pay a pecuniary

penalty for the contravention of the provision.

Authorised applicant

(2) For the purposes of Part 4 of the Regulatory Powers Act, the

Information Commissioner is an authorised applicant in relation to

the civil penalty provisions of this Act and the regulations.

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201540

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

Relevant court

(3) For the purposes of Part 4 of the Regulatory Powers Act, each of

the following courts is a relevant court in relation to the civil

penalty provisions of this Act and the regulations:

(a) the Federal Court of Australia;

(b) the Federal Circuit Court of Australia;

(c) a court of a State or Territory that has jurisdiction in relation

to the matter.

Extension to external Territories

(4) Part 4 of the Regulatory Powers Act, as that Part applies in relation

to the civil penalty provisions of this Act and the regulations,

extends to every external Territory.

Liability of the Crown

(5) Part 4 of the Regulatory Powers Act, as that Part applies in relation

the civil penalty provisions of this Act and the regulations, does not

make the Crown liable to a pecuniary penalty.

31D Enforceable undertakings

Enforceable provisions

(1) The provisions of this Act and the regulations are enforceable

under Part 6 of the Regulatory Powers Act.

Note: Part 6 of the Regulatory Powers Act creates a framework for accepting

and enforcing undertakings relating to compliance with provisions.

Authorised person

(2) For the purposes of Part 6 of the Regulatory Powers Act, each of

the following persons is an authorised person in relation to the

provisions of this Act and the regulations:

(a) the service operator;

(b) the Information Commissioner.

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 41

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

Relevant court

(3) For the purposes of Part 6 of the Regulatory Powers Act, each of

the following courts is a relevant court in relation to the provisions

of this Act and the regulations:

(a) the Federal Court of Australia;

(b) the Federal Circuit Court of Australia;

(c) a court of a State or Territory that has jurisdiction in relation

to the matter.

Enforceable undertaking may be published on website

(4) An authorised person in relation to a provision of this Act and the

regulations may publish an undertaking given in relation to the

provision on the authorised person’s website.

Extension to external Territories

(5) Part 6 of the Regulatory Powers Act, as that Part applies in relation

to the provisions of this Act and the regulations, extends to every

external Territory.

31E Injunctions

Enforceable provisions

(1) The provisions of this Act and the regulations are enforceable

under Part 7 of the Regulatory Powers Act.

Note: Part 7 of the Regulatory Powers Act creates a framework for using

injunctions to enforce provisions.

Authorised person

(2) For the purposes of Part 7 of the Regulatory Powers Act, each of

the following persons is an authorised person in relation to the

provisions of this Act and the regulations:

(a) the service operator;

(b) the Information Commissioner.

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201542

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

Relevant court

(3) For the purposes of Part 7 of the Regulatory Powers Act, each of

the following courts is a relevant court in relation to the provisions

of this Act and the regulations:

(a) the Federal Court of Australia;

(b) the Federal Circuit Court of Australia;

(c) a court of a State or Territory that has jurisdiction in relation

to the matter.

Extension to external Territories

(4) Part 7 of the Regulatory Powers Act, as that Part applies in relation

to the provisions of this Act and the regulations, extends to every

external Territory.

44 Before section 32

Insert:

31F Simplified outline of this Part

The Minister may give directions to the service operator about the

performance of the service operator’s functions under this Act,

after consulting the Ministerial Council.

The Minister must also consult the Ministerial Council before

regulations are made under this Act.

45 At the end of section 34

Add:

(4) If the service operator is required under section 46 of the Public

Governance, Performance and Accountability Act 2013 to prepare

and give to the Minister an annual report for all or part of a

financial year, the service operator is not required to also give a

report in relation to that financial year under this section.

46 Section 35

Repeal the section, substitute:

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 43

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

35 Review of the operation of this Act

(1) The Minister must, after consulting the Ministerial Council,

appoint an individual to review the operation of this Act and the

regulations.

(2) The individual appointed must give a report to the Minister within

3 years after the commencement of Schedule 1 to the Health

Legislation Amendment (eHealth) Act 2015.

(3) The Minister must:

(a) provide a copy of the report to the Ministerial Council; and

(b) table a copy of the report in each House of Parliament within

15 sitting days after the report is given to the Minister.

47 Before section 36

Insert:

Division 1—Simplified outline of this Part

36AA Simplified outline of this Part

If an entity is authorised to collect, use or disclose information

under this Act, an employee or contracted service provider of the

entity is authorised to do that, provided the duties of the employee

or contracted service provider involve implementing the purpose

for which the collection, use or disclosure is authorised.

If an entity is authorised to disclose information to a healthcare

provider, the entity is authorised to disclose the information to an

employee or contracted service provider of the healthcare provider,

provided the duties of the employee or contracted service provider

involve implementing the purpose for which the disclosure is

authorised.

This Act applies to partnerships, unincorporated associations and

trusts in the same way as it applies to persons.

The service operator may delegate functions and powers under this

Act.

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201544

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

This Part also:

(a) provides for the concurrent operation of State and

Territory law; and

(b) deals with the effect Parts 3 and 4 are to have in certain

constitutionally significant circumstances.

The Governor-General may make regulations prescribing matters

that are required or permitted to be prescribed by this Act, or that

are necessary or convenient to be prescribed for carrying out or

giving effect to this Act.

Division 2—Employees, contractors, partnerships,

unincorporated associations and trusts

48 After section 36

Insert:

36A Authorisation to disclose to employees and contracted service

providers of a healthcare provider

An authorisation under this Act to an entity to disclose information

to a healthcare provider for a particular purpose is an authorisation

to disclose the information to:

(a) an individual:

(i) who is an employee of the healthcare provider; and

(ii) whose duties involve, or are reasonably connected to,

implementing that purpose; or

(b) a contracted service provider of the healthcare provider, if the

duties of the contracted service provider under a contract

with the healthcare provider involve, or are reasonably

connected with, implementing that purpose by providing

information technology services relating to the

communication of health information, or health information

management services, to the healthcare provider; or

(c) an individual:

(i) who is an employee of a contracted service provider to

which paragraph (b) applies; and

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 45

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

(ii) whose duties involve implementing that purpose as

mentioned in that paragraph.

36B Treatment of partnerships

(1) This Act applies to a partnership as if it were a person, but with the

changes set out in this section.

(2) An obligation that would otherwise be imposed on the partnership

by this Act is imposed on each partner instead, but may be

discharged by any of the partners.

(3) An offence against this Act that would otherwise have been

committed by the partnership is taken to have been committed by

each partner in the partnership, at the time the offence was

committed, who:

(a) did the relevant act or made the relevant omission; or

(b) aided, abetted, counselled or procured the relevant act or

omission; or

(c) was in any way knowingly concerned in, or party to, the

relevant act or omission (whether directly or indirectly and

whether by any act or omission of the partner).

(4) This section applies to a contravention of a civil penalty provision

in a corresponding way to the way in which it applies to an

offence.

36C Treatment of unincorporated associations

(1) This Act applies to an unincorporated association as if it were a

person, but with the changes set out in this section.

(2) An obligation that would otherwise be imposed on the

unincorporated association by this Act is imposed on each member

of the association’s committee of management instead, but may be

discharged by any of the members.

(3) An offence against this Act that would otherwise have been

committed by the unincorporated association is taken to have been

committed by each member of the association’s committee of

management, at the time the offence was committed, who:

(a) did the relevant act or made the relevant omission; or

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201546

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

(b) aided, abetted, counselled or procured the relevant act or

omission; or

(c) was in any way knowingly concerned in, or party to, the

relevant act or omission (whether directly or indirectly and

whether by any act or omission of the member).

(4) This section applies to a contravention of a civil penalty provision

in a corresponding way to the way in which it applies to an

offence.

36D Treatment of trusts with multiple trustees

(1) If a trust has 2 or more trustees, this Act applies to the trust as if it

were a person, but with the changes set out in this section.

(2) An obligation that would otherwise be imposed on the trust by this

Act is imposed on each trustee instead, but may be discharged by

any of the trustees.

(3) An offence against this Act that would otherwise have been

committed by the trust is taken to have been committed by each

trustee of the trust, at the time the offence was committed, who:

(a) did the relevant act or made the relevant omission; or

(b) aided, abetted, counselled or procured the relevant act or

omission; or

(c) was in any way knowingly concerned in, or party to, the

relevant act or omission (whether directly or indirectly and

whether by any act or omission of the trustee).

(4) This section applies to a contravention of a civil penalty provision

in a corresponding way to the way in which it applies to an

offence.

Division 3—Delegations

36E Delegations by the service operator

(1) The service operator may, by writing, delegate one or more of his

or her functions and powers to any of the following:

(a) an APS employee in the Department;

(b) if the service operator is not the Chief Executive Medicare—

the Chief Executive Medicare;

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 47

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

(c) any other person with the consent of the Minister.

(2) If the service operator is not the Chief Executive Medicare the

service operator may only delegate a function or power of the

service operator:

(a) to an APS employee in the Department with the agreement of

the Secretary; and

(b) to the Chief Executive Medicare with the agreement of the

Chief Executive Medicare.

(3) Each of the following must comply with any written directions of

the service operator:

(a) a delegate;

(b) if the Chief Executive Medicare delegates under

subsection 8AC(3) of the Human Services (Medicare) Act

1973 a function delegated to him or her under this section—a

subdelegate.

Division 4—Constitutional matters

49 After section 38

Insert:

Division 5—Regulations

Personally Controlled Electronic Health Records Act 2012

50 Section 4

Repeal the section, substitute:

4 Simplified outline of this Act

The My Health Record system is a system for making health

information about a healthcare recipient available for the purposes

of providing healthcare to the recipient.

A healthcare recipient will have a My Health Record if the

recipient registers in the My Health Record system. The Minister

may, however, provide that the opt-out model is to apply under My

Health Records Rules made under Schedule 1. A healthcare

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201548

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

recipient covered by those Rules will be registered in the My

Health Record system, and have a My Health Record, unless the

recipient elects to opt-out of the system.

The My Health Record system is operated by the System Operator.

The System Operator operates the National Repositories Service,

that stores key records that form part of a healthcare recipient’s My

Health Record. Other records are stored by registered repository

operators. Together these records make up a healthcare recipient’s

My Health Record.

If a healthcare recipient is registered in the My Health Record

system, a healthcare provider may upload health information about

the recipient to the My Health Record system, unless the record is

one which the healthcare recipient has advised the healthcare

provider not to upload or the record is not to be uploaded under

prescribed laws of a State or Territory.

Health information may be collected, used and disclosed from a

healthcare recipient’s My Health Record for the purpose of

providing healthcare to the recipient, subject to any access controls

set by the recipient (or if none are set, default access controls).

There are other limited circumstances in which health information

may be collected, used or disclosed from a My Health Record.

Criminal and civil penalties apply if a person collects, uses or

discloses information from a My Health Record without

authorisation. Enforceable undertakings and injunctions are also

available to enforce the provisions of this Act.

An authorisation to collect, use or disclose information under this

Act is also an authorisation to do so for the purposes of the Privacy

Act 1988. A contravention of this Act is also an interference with

privacy for the purposes of the Privacy Act 1988, and so can be

investigated under that Act.

4A Schedule 1

Schedule 1 has effect.

Note: Schedule 1 deals with the opt-out model for registering healthcare

recipients in the My Health Record system.

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 49

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

51 Section 5

Insert:

cinematograph film has the same meaning as in the Copyright Act

1968.

52 Section 5 (definition of civil penalty order)

Repeal the definition.

53 Section 5 (definition of civil penalty provision)

Repeal the definition, substitute:

civil penalty provision has the same meaning as in the Regulatory

Powers Act.

54 Section 5 (definition of Court)

Repeal the definition.

55 Section 5 (definition of healthcare)

Repeal the definition, substitute:

healthcare means health service within the meaning of

subsection 6(1) of the Privacy Act 1988.

56 Section 5 (definition of health information)

Repeal the definition, substitute:

health information has the meaning given by subsection 6(1) of

the Privacy Act 1988.

57 Section 5 (definition of independent advisory council

Repeal the definition.

58 Section 5 (definition of jurisdictional advisory committee)

Repeal the definition.

59 Section 5 (definition of Ministerial Council)

Repeal the definition, substitute:

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201550

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

Ministerial Council means the council (however described)

established by the Council of Australian Governments that has

responsibility for health matters.

60 Section 5

Insert:

Regulatory Powers Act means the Regulatory Powers (Standard

Provisions) Act 2014.

61 Section 5

Insert:

sound recording has the same meaning as in the Copyright Act

1968.

62 Section 5

Insert:

work has the same meaning as in the Copyright Act 1968.

63 Subsections 6(9) and 7(6)

Repeal the subsections.

64 After section 7

Insert:

7A Duties of authorised representative or nominated representative

Duty to ascertain will and preferences

(1) An authorised representative or a nominated representative (a

representative) of a healthcare recipient must make reasonable

efforts to ascertain the recipient’s will and preferences in relation

to the recipient’s My Health Record.

(2) If it is not possible to ascertain the healthcare recipient’s will and

preferences, the representative must make reasonable efforts to

ascertain the recipient’s likely will and preferences in relation to

the recipient’s My Health Record.

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 51

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

(3) The healthcare recipient’s likely will and preferences may be

ascertained from sources including the following:

(a) if the representative is a nominated representative—the

agreement appointing the representative;

(b) to the extent legally possible, from consultation with people

who may be expected to be aware of the recipient’s will and

preferences.

Duty to give effect to will and preferences

(4) The representative must give effect to the healthcare recipient’s

will and preferences, or likely will and preferences, ascertained in

accordance with subsection (1) or (2).

(5) However, if to do so would pose a serious risk to the healthcare

recipient’s personal and social wellbeing, the representative must

instead act in a manner that promotes the personal and social

wellbeing of the healthcare recipient.

Duty if will and preferences cannot be ascertained

(6) If the healthcare recipient’s will and preferences, or likely will and

preferences, cannot be ascertained, the representative must act in a

manner that promotes the personal and social wellbeing of the

healthcare recipient.

65 At the end of subsection 9(3)

Add:

; (i) other information that is prescribed by the regulations for the

purpose of this paragraph.

66 Subsection 11(2)

Omit “or liable to a pecuniary penalty”.

67 At the end of Part 1

Add:

13B System Operator may use electronic communications

(1) If under this Act the System Operator is required to give

information in writing, that requirement is taken to have been met

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201552

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

if the System Operator gives the information by means of an

electronic communication, as defined in the Electronic

Transactions Act 1999.

(2) If under this Act the System Operator is permitted to give

information in writing, the System Operator is permitted to give

the information by means of an electronic communication, as

defined in the Electronic Transactions Act 1999.

68 Part 2 (heading)

Repeal the heading, substitute:

Part 2—The System Operator and the functions of

the Chief Executive Medicare

69 After paragraph 15(i)

Insert:

(ia) to establish and operate a test environment for the My Health

Record system, and other electronic systems that interact

directly with the My Health Record system, in accordance

with the requirements (if any) in the My Health Records

Rules;

70 Section 16

Repeal the section.

71 Subparagraph 17(2)(b)(ii)

Omit “the record was first uploaded to the National Repositories

Service”, substitute “the date of birth of the healthcare recipient”.

72 Divisions 2 and 3 of Part 2

Repeal the Divisions.

73 Division 1 of Part 3

After the Division heading, insert:

Note: This Division does not apply to a healthcare recipient if the opt-out model applies to the healthcare recipient because of My Health Records Rules made under Schedule 1 to this Act.

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 53

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

74 After subsection 41(3)

Insert:

(3A) A registered healthcare provider organisation is authorised to

upload to the My Health Record system a record in relation to a

healthcare recipient (the patient) that includes health information

about another healthcare recipient (the third party), if the health

information about the third party is directly relevant to the

healthcare of the patient, subject to a law of a State or Territory

that is prescribed by the regulations for the purposes of

subsection (4).

75 Subsection 41(4)

Omit “A consent referred to in subsection (3) has”, substitute “A

consent referred to in subsection (3), and an authorisation given under

subsection (3A), have”.

76 After paragraph 45(b)

Insert:

(ba) upload to a repository a record of a kind specified in the My

Health Records Rules for the purposes of

subparagraph (b)(ii) unless the record is prepared by a person

who, at the time the record is prepared, is:

(i) an individual who is registered by a registration

authority within the meaning of the Healthcare

Identifiers Act 2010, and whose registration is not

conditional, suspended, cancelled or lapsed (other than

in circumstances prescribed in the My Health Records

Rules); or

(ii) an individual who is a member of a professional

association described in paragraph 9A(1)(b) of the

Healthcare Identifiers Act 2010, and whose membership

is not conditional, suspended, cancelled or lapsed (other

than in circumstances prescribed by the My Health

Records Rules); or

77 Paragraph 45(c)

Repeal the paragraph, substitute:

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201554

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

(c) upload a record to a repository if uploading the record would

involve an infringement of a moral right of the author, within

the meaning of the Copyright Act 1968; or

78 After section 45

Insert:

45A Condition of registration—handling old records that are works

subject to copyright

Old works must not be uploaded if it would be an infringement of

copyright to use the work for healthcare or related purposes

(1) Subsection (2) applies to works made before section 44BB of the

Copyright Act 1968 commences.

Note: Section 44BB of the Copyright Act 1968 provides that there is no

infringement of copyright if an act comprised in the copyright of a

work is done, or authorised to be done, for healthcare or related

purposes.

(2) A healthcare provider organisation must not, for the purposes of

the My Health Record system, upload the work if it would be an

infringement of the copyright in the work for the organisation or

another person to do, or authorise to be done, an act comprised in

the copyright of the work:

(a) for a purpose for which the collection, use or disclosure of

health information is required or authorised under this Act; or

(b) in circumstances in which a permitted general situation exists

under item 1 of the table in subsection 16A(1) of the Privacy

Act 1988 (serious threat to life, health or safety), or would

exist if the act were done, or authorised to be done, by an

entity that is an APP entity for the purposes of that Act; or

(c) in circumstances in which a permitted health situation exists

under section 16B of the Privacy Act 1988, or would exist if

the act were done, or authorised to be done, by an entity that

is an organisation for the purposes of that Act; or

(d) for any other purpose relating to healthcare, or the

communication or management of health information,

prescribed by the regulations.

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 55

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

(3) It is a condition of the registration of a healthcare provider

organisation that the organisation complies with the obligation

under subsection (2).

45B Condition of registration—handling old sound recordings and

cinematograph films that are subject to copyright

(1) Subsection (2) applies to sound recordings and cinematograph

films made before section 104C of the Copyright Act 1968

commences.

Note: Section 104C of the Copyright Act 1968 provides that there is no

infringement of the copyright if an act comprised in the copyright of a

sound recording or cinematograph film is done, or authorised to be

done, for healthcare or related purposes.

(2) A healthcare provider organisation must not, for the purposes of

the My Health Record system, upload the sound recording or

cinematograph film if it would be an infringement of the copyright

in the recording or film for the organisation or another person to do

an act comprised in the copyright of the recording or film:

(a) for a purpose for which the collection, use or disclosure of

health information is required or authorised under this Act; or

(b) in circumstances in which a permitted general situation exists

under item 1 of the table in subsection 16A(1) of the Privacy

Act 1988 (serious threat to life, health or safety), or would

exist if the act were done by an entity that is an APP entity

for the purposes of that Act; or

(c) in circumstances in which a permitted health situation exists

under section 16B of the Privacy Act 1988, or would exist if

the act were done by an entity that is an organisation for the

purposes of that Act; or

(d) for any other purpose relating to healthcare, or the

communication or management of health information,

prescribed by the regulations.

(3) It is a condition of the registration of a healthcare provider

organisation that the organisation complies with the obligation

under subsection (2).

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201556

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

45C Liability where work uploaded in breach of section 45A or 45B

(1) If any person suffers loss or damage as a result of anything done by

an entity that contravenes section 45A or 45B, the person may

bring an action for the amount of the loss or damage against the

entity in:

(a) the Federal Court of Australia;

(b) the Federal Circuit Court of Australia;

(c) a court of a State or Territory that has jurisdiction in relation

to the matter.

(2) The action must be brought within 6 years after the loss or damage

was suffered.

(3) In determining the damage suffered by the person, the court may

include costs incurred by the person as a result of legal action

relating to infringement of copyright.

79 After section 50

Insert:

50A Condition of registration—handling old records that are works

subject to copyright

(1) Subsection (2) applies to works made before section 44BB of the

Copyright Act 1968 commences.

Note: Section 44BB of the Copyright Act 1968 provides that there is no

infringement of copyright if an act comprised in the copyright of a

work is done, or authorised to be done, for healthcare or related

purposes.

(2) A registered repository operator must not make the work available

for the purposes of the My Health Record system, if it would be an

infringement of the copyright in the work for the operator or

another person to do, or authorise to be done, an act comprised in

the copyright of the work:

(a) for a purpose for which the collection, use or disclosure of

health information is required or authorised under this Act; or

(b) in circumstances in which a permitted general situation exists

under item 1 of the table in subsection 16A(1) of the Privacy

Act 1988 (serious threat to life, health or safety), or would

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 57

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

exist if the act were done, or authorised to be done, by an

entity that is an APP entity for the purposes of that Act; or

(c) in circumstances in which a permitted health situation exists

under section 16B of the Privacy Act 1988, or would exist if

the act were done, or authorised to be done, by an entity that

is an organisation for the purposes of that Act; or

(d) for any other purpose relating to healthcare, or the

communication or management of health information,

prescribed by the regulations.

(3) It is a condition of the registration of a registered repository

operator that the operator complies with subsection (2).

50B Condition of registration—handling old sound recordings and

cinematograph films that are subject to copyright

(1) Subsection (2) applies to sound recordings and cinematograph

films made before section 104C of the Copyright Act 1968

commences.

Note: Section 104C of the Copyright Act 1968 provides that there is no

infringement of the copyright if an act comprised in the copyright of a

sound recording or cinematograph film is done, or authorised to be

done, for healthcare or related purposes.

(2) A registered repository operator must not, for the purposes of the

My Health Record system, make the sound recording or

cinematograph film available if it would be an infringement of the

copyright in the recording or film for the operator or another

person to do any act comprised in the copyright in the recording or

film:

(a) for a purpose for which the collection, use or disclosure of

health information is required or authorised under this Act; or

(b) in circumstances in which a permitted general situation exists

under item 1 of the table in subsection 16A(1) of the Privacy

Act 1988 (serious threat to life, health or safety), or would

exist if the act were done by an entity that is an APP entity

for the purposes of that Act; or

(c) in circumstances in which a permitted health situation exists

under section 16B of the Privacy Act 1988, or would exist if

the act were done by an entity that is an organisation for the

purposes of that Act; or

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201558

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

(d) for any other purpose relating to healthcare, or the

communication or management of health information,

prescribed by the regulations.

(3) It is a condition of the registration of a registered repository

operator that the operator complies with subsection (2).

50C Liability where work uploaded in breach of section 50A or 50B

(1) If any person suffers loss or damage as a result of anything done by

an entity that contravenes section 50A or 50B, the person may

bring an action for the amount of the loss or damage against the

entity in:

(a) the Federal Court of Australia;

(b) the Federal Circuit Court of Australia;

(c) a court of a State or Territory that has jurisdiction in relation

to the matter.

(2) The action must be brought within 6 years after the loss or damage

was suffered.

(3) In determining the damage suffered by the person, the court may

include costs incurred by the person as a result of legal action

relating to infringement of copyright.

50D Authorisation to make health information available to the

System Operator

A registered repository operator (other than the Chief Executive

Medicare) is authorised to make health information about a

registered healthcare recipient that is held by the operator available

to the System Operator.

80 At the end of sections 51 and 52

Add:

Note: Under section 53, the System Operator must give the healthcare

recipient or other entity notice before cancelling, suspending or

varying registration (except in urgent circumstances). The decision to

cancel, suspend or vary registration cannot be made before the end of

the period specified in the notice.

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 59

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

81 Subsection 53(4)

Omit “with immediate effect”, substitute “without following the process

outlined in subsections (1) to (3)”.

82 Subsection 53(5)

Repeal the subsection, substitute:

(5) A decision under subsection (4) takes effect:

(a) when notice of the decision is given under that subsection; or

(b) if a later time is specified in the notice under that

subsection—at that later time.

83 Division 6 of Part 3 (heading)

Repeal the heading, substitute:

Division 6—Collection, use and disclosure of information

for the purposes of the My Health Record System

84 Section 58

Repeal the section, substitute:

58 Collection, use and disclosure of health information by the

System Operator

The System Operator may collect, use and disclose health

information about a healthcare recipient for the purposes of

including the health information in the My Health Record of a

registered healthcare recipient.

58A Collection, use and disclosure of healthcare identifiers,

identifying information and information identifying

authorised representatives and nominated representatives

(1) An entity mentioned in column 1 of an item of the following table,

is authorised to take action of the kind described in column 2 of

that item with information of the kind described in column 3 of that

item in the circumstances described in column 4 of that item.

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201560

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

Collection, use and disclosure for the purpose of the My Health Record system

Item Column 1 Column 2 Column 3 Column 4

Entity Permitted Information Circumstances

action

1 System collect identifying information the collection,

Operator use about any of the use or

disclose following:

(a) a healthcare

recipient;

(b) an authorised

disclosure is for

the purposes of

the My Health

Record system

representative of a

healthcare recipient;

(c) a nominated

representative of a

healthcare recipient;

(d) a healthcare

provider

the healthcare identifier

of any of the following:

(a) a healthcare

recipient;

(b) an authorised

representative of a

healthcare recipient;

(c) a nominated

representative of a

healthcare recipient;

(d) a healthcare

provider

2 System collect information relevant to

Operator use whether a person is an

disclose authorised

representative, or

nominated

representative, of

another person

the collection,

use or

disclosure is for

the purposes of

determining

whether a

person is an

authorised

representative,

or a nominated

representative,

of another

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 61

Authorised Version C2015A00157

3

4

5

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

Collection, use and disclosure for the purpose of the My Health Record system

Item Column 1 Column 2 Column 3 Column 4

Entity Permitted Information Circumstances

action

registered

repository

operator

registered

portal

operator

collect

use

disclose to a

participant in

the My Health

Record

System

the healthcare identifier

of any of the following:

(a) a healthcare

recipient;

(b) an authorised

representative of a

healthcare recipient;

(c) a nominated

representative of a

healthcare recipient;

(d) a healthcare

provider

person

the collection,

use or

disclosure is for

the purposes of

the My Health

Record system

service

operator for

the purposes

of the

Healthcare

Identifiers

Act 2010

collect from

the System

Operator

use

disclose to the

System

Operator

information relevant to

whether a person is an

authorised

representative, or

nominated

representative, of

another person

the collection,

use or

disclosure is for

the purposes of

assisting the

System

Operator to

determine

whether a

person is an

authorised

representative,

or a nominated

representative,

of another

person

Chief

Executive

Medicare

collect from

the System

Operator

use

disclose to the

System

Operator

identifying information

about any person who

is, or may be, any of

the following:

(a) a healthcare

recipient;

(b) an authorised

representative of a

the collection,

use or

disclosure is:

(a) for the

purposes of

assisting the

System

Operator to

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201562

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

Collection, use and disclosure for the purpose of the My Health Record system

Item Column 1 Column 2 Column 3 Column 4

Entity Permitted Information Circumstances

action

healthcare recipient; verify the

(c) a nominated

representative of a

identity of

the person;

healthcare recipient or

(b) otherwise

for the

purposes of

the My

Health

Record

system

6 Chief collect from information relevant to the collection,

Executive the System whether a person is an use or

Medicare Operator authorised disclosure is for

use representative, or the purposes of

disclose to the

System

Operator

nominated

representative, of

another person

assisting the

System

Operator to

determine

whether a

person is an

authorised

representative,

or a nominated

representative,

of another

person

7 Chief collect identifying information the collection,

Executive use about any of the use or

Medicare disclose to a

participant in

the My Health

Record system

following:

(a) a healthcare

recipient;

(b) an authorised

representative of a

healthcare recipient;

(c) a nominated

disclosure is for

the purpose of

including health

information in

the healthcare

recipient’s My

Health Record

representative of a

healthcare recipient

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 63

Authorised Version C2015A00157

9

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

Collection, use and disclosure for the purpose of the My Health Record system

Item Column 1 Column 2 Column 3 Column 4

Entity Permitted Information Circumstances

action

8 Veterans’ use

Affairs disclose to the Department System

Defence Operator

Department

Veterans’

Affairs

Department

Defence

Department

collect from

the service

operator under

the Healthcare

Identifiers Act

2010

use

disclose to a

participant in

the My Health

Record system

healthcare identifier of

any of the following:

(a) a healthcare

recipient;

(b) an authorised

representative of a

healthcare recipient;

(c) a nominated

representative of a

healthcare recipient

identifying information

about any person who

is, or may be, any of

the following:

(a) a healthcare

recipient;

(b) an authorised

representative of a

healthcare recipient;

(c) a nominated

representative of a

healthcare recipient

identifying information

about any of the

following:

(a) a healthcare

recipient;

(b) an authorised

representative of a

healthcare recipient;

(c) a nominated

representative of a

healthcare recipient

healthcare identifier of

any of the following:

(a) a healthcare

the use or

disclosure is for

the purposes of

assisting the

System

Operator to

verify the

identity of the

person

the collection,

use or

disclosure is for

the purpose of

including

prescribed

information in

the healthcare

recipient’s My

Health Record

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201564

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

Collection, use and disclosure for the purpose of the My Health Record system

Item Column 1 Column 2 Column 3 Column 4

Entity Permitted Information Circumstances

action

10 a prescribed

entity

collect

use

disclose to

another

prescribed

entity

recipient;

(b) an authorised

representative of a

healthcare recipient;

(c) a nominated

representative of a

healthcare recipient

identifying information

about any person who

is, or may be, any of

the following:

(a) a healthcare

recipient;

(b) an authorised

representative of a

healthcare recipient;

(c) a nominated

representative of a

healthcare recipient

the collection,

use or

disclosure is for

the purposes of

assisting the

System

Operator to

verify the

identity of the

person

Note: Under section 15 of the Healthcare Identifiers Act 2010, the service

operator under that Act is authorised to collect, use and disclose

healthcare identifiers of, and identifying information about, healthcare

recipients and their representatives for the purposes of the My Health

Record system. The service operator is also authorised to collect, use

and disclose healthcare identifiers of, and identifying information

about, healthcare providers under section 24 of that Act.

(2) If:

(a) any of the following entities discloses information to the

System Operator in circumstances in which the information

is authorised to be disclosed under subsection (1):

(i) the Chief Executive Medicare;

(ii) the Veterans’ Affairs Department;

(iii) the Defence Department;

(iv) the service operator for the purposes of the Healthcare

Identifiers Act 2010;

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 65

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

(v) an entity prescribed for the purposes of item 10 of the

table in subsection (1); and

(b) the entity that disclosed the information becomes aware that

the information has changed;

that entity must, as soon as practicable after becoming aware of the

change, inform the System Operator of the change.

85 Subsections 59(1) and (2) (civil penalty)

Repeal the civil penalties.

86 At the end of section 59

Add:

Fault-based offence

(3) A person commits an offence if the person contravenes

subsection (1) or (2).

Penalty: Imprisonment for 2 years or 120 penalty units, or both.

Civil penalty

(4) A person is liable to a civil penalty if the person contravenes

subsection (1) or (2).

Civil penalty: 600 penalty units.

87 Subsection 60(1) (civil penalty)

Repeal the civil penalty.

88 At the end of section 60

Add:

Fault-based offence

(3) A person commits an offence if the person contravenes

subsection (1).

Penalty: Imprisonment for 2 years or 120 penalty units, or both.

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201566

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

Civil penalty

(4) A person is liable to a civil penalty if the person contravenes

subsection (1).

Civil penalty: 600 penalty units.

89 Section 72

Omit “to use” (wherever occurring), substitute “to collect, use”

90 Section 75

Repeal the section, substitute:

75 Data breaches

(1) This section applies to an entity if:

(a) the entity is, or has at any time been, the System Operator, a

registered healthcare provider organisation, a registered

repository operator, a registered portal operator or a

registered contracted service provider; and

(b) the entity becomes aware that:

(i) a person has, or may have, contravened this Act in a

manner involving an unauthorised collection, use or

disclosure of health information included in a healthcare

recipient’s My Health Record; or

(ii) an event has, or may have, occurred (whether or not

involving a contravention of this Act) that compromises,

may compromise, has compromised or may have

compromised, the security or integrity of the My Health

Record system; or

(iii) circumstances have, or may have, arisen (whether or not

involving a contravention of this Act) that compromise,

may compromise, have compromised or may have

compromised, the security or integrity of the My Health

Record system; and

(c) the contravention, event or circumstances directly involved,

may have involved or may involve the entity.

Note: This section applies to an entity when the entity becomes aware of a

matter referred to in paragraph (b) regardless of when that matter

arose or occurred or if the matter is ongoing at the time the entity

became aware of the matter.

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 67

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

Notifying the System Operator or Information Commissioner

(2) If:

(a) the entity is a registered healthcare provider organisation, a

registered repository operator, a registered portal operator or

a registered contracted service provider; and

(b) the entity becomes aware that:

(i) the contravention or event referred to in subsection (1)

has or may have occurred; or

(ii) the circumstances referred to in subsection (1) have or

may have arisen;

then, as soon as practicable after becoming aware, the entity must

notify:

(c) in the case of an entity that is a State or Territory authority or

an instrumentality of a State or Territory—the System

Operator; or

(d) otherwise—both the System Operator and the Information

Commissioner.

Civil Penalty: 100 penalty units.

(3) If:

(a) the entity is the System Operator; and

(b) the entity becomes aware that:

(i) the contravention or event referred to in subsection (1)

has or may have occurred; or

(ii) the circumstances referred to in subsection (1) have or

may have arisen;

then, as soon as practicable after becoming aware, the entity must

notify the Information Commissioner.

(4) If an entity has given notice under subsection (2) or (3) on

becoming aware that the contravention, event or circumstances

may have occurred or arisen then, despite subsection (2) or (3), the

entity need not give notice again on becoming aware that the

contravention, event or circumstances has occurred or arisen.

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201568

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

Steps to be taken if contravention, event or circumstances may

have occurred or arisen

(5) The entity must, as soon as practicable after becoming aware that

the contravention, event or circumstances may have occurred or

arisen, do the following things:

(a) so far as is reasonably practicable contain the potential

contravention, event or circumstances;

(b) evaluate any risks that, if the contravention, event or

circumstances has occurred or arisen, may be related to or

arise out of the contravention, event or circumstances;

(c) if there is a reasonable likelihood that the contravention,

event or circumstance has occurred or arisen and the effects

of the contravention, event or circumstances might be serious

for at least one healthcare recipient:

(i) if the entity is not the System Operator—ask the System

Operator to notify all healthcare recipients that would be

affected; or

(ii) if the entity is the System Operator—notify all

healthcare recipients that would be affected.

Note: A contravention of this subsection is not a civil penalty provision.

However, contraventions of this Act may have other consequences

(for example, cancellation of registration).

Steps to be taken if contravention or event has occurred or the

circumstances have arisen

(6) The entity must, as soon as practicable after becoming aware that

the contravention or event has occurred or the circumstances have

arisen, do the following things:

(a) so far as is reasonably practicable, contain the contravention,

event or circumstances and undertake a preliminary

assessment of the causes;

(b) evaluate any risks that may be related to or arise out of the

contravention, event or circumstances;

(c) if the entity is the System Operator:

(i) notify all affected healthcare recipients; and

(ii) if a significant number of healthcare recipients are

affected, notify the general public;

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 69

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

(d) if the entity is not the System Operator—ask the System

Operator:

(i) to notify all affected healthcare recipients; and

(ii) if a significant number of healthcare recipients are

affected, to notify the general public;

(e) take steps to prevent or mitigate the effects of further

contraventions, events or circumstances described in

paragraph (1)(b).

Note: A contravention of this subsection is not a civil penalty provision.

However, contraventions of this Act may have other consequences

(for example, cancellation of registration).

(7) If an entity has given notice, or requested that the System Operator

give notice, under paragraph (5)(c) then, despite paragraphs (6)(c)

and (d), the entity need not give notice or request the System

Operator to give notice under paragraphs (6)(c) and (d).

(8) The System Operator must comply with a request under

paragraph (5)(c) or (6)(d).

91 Subsection 77(1) (civil penalty)

Repeal the civil penalty.

92 After subsection 77(2)

Insert:

Fault-based offence

(2A) A person commits an offence if the person contravenes

subsection (1).

Penalty: Imprisonment for 2 years or 120 penalty units, or both.

Note: Where a fault element for a physical element of an offence is not

stated, see section 5.6 of the Criminal Code for the appropriate fault

element.

Civil penalty

(2B) A person is liable to a civil penalty if the person contravenes

subsection (1).

Civil penalty: 600 penalty units.

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201570

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

93 Section 78

Repeal the section, substitute:

78 My Health Records Rules must not be contravened

A person that is, or has at any time been:

(a) a registered healthcare provider organisation; or

(b) a registered repository operator; or

(c) a registered portal operator; or

(d) a registered contracted service provider;

must not contravene a My Health Record Rule that applies to the

person.

Civil penalty: 100 penalty units.

94 Parts 6 and 7

Repeal the Parts, substitute:

Part 6—Enforcement

Division 1—Civil penalties

79 Civil penalty provisions

Enforceable civil penalty provisions

(1) Each civil penalty provision of this Act is enforceable under Part 4

of the Regulatory Powers Act.

Note: Part 4 of the Regulatory Powers Act allows a civil penalty provision to

be enforced by obtaining an order for a person to pay a pecuniary

penalty for the contravention of the provision.

Authorised applicant

(2) For the purposes of Part 4 of the Regulatory Powers Act, the

Information Commissioner is an authorised applicant in relation to

the civil penalty provisions of this Act.

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 71

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

Relevant court

(3) For the purposes of Part 4 of the Regulatory Powers Act, each of

the following courts is a relevant court in relation to the civil

penalty provisions of this Act:

(a) the Federal Court of Australia;

(b) the Federal Circuit Court of Australia;

(c) a court of a State or Territory that has jurisdiction in relation

to the matter.

Extension to external Territories

(4) Part 4 of the Regulatory Powers Act, as that Part applies in relation

to the civil penalty provisions of this Act, extends to every external

Territory.

Liability of the Crown

(5) Part 4 of the Regulatory Powers Act, as that Part applies in relation

the civil penalty provisions of this Act, does not make the Crown

liable to a pecuniary penalty.

Division 2—Enforceable undertakings

80 Enforceable undertakings

Enforceable provisions

(1) This Act is enforceable under Part 6 of the Regulatory Powers Act.

Note: Part 6 of the Regulatory Powers Act creates a framework for accepting

and enforcing undertakings relating to compliance with provisions.

Authorised person

(2) For the purposes of Part 6 of the Regulatory Powers Act, each of

the following persons is an authorised person in relation to the

provisions of this Act:

(a) the System Operator;

(b) the Information Commissioner.

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201572

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

Relevant court

(3) For the purposes of Part 6 of the Regulatory Powers Act, each of

the following courts is a relevant court in relation to the provisions

of this Act:

(a) the Federal Court of Australia;

(b) the Federal Circuit Court of Australia;

(c) a court of a State or Territory that has jurisdiction in relation

to the matter.

Enforceable undertaking may be published on website

(4) An authorised person in relation to a provision of this Act may

publish an undertaking given in relation to the provision on the

authorised person’s website.

Extension to external Territories

(5) Part 6 of the Regulatory Powers Act, as that Part applies in relation

to the provisions of this Act, extends to every external Territory.

Division 3—Injunctions

81 Injunctions

Enforceable provisions

(1) This Act is enforceable under Part 7 of the Regulatory Powers Act.

Note: Part 7 of the Regulatory Powers Act creates a framework for using

injunctions to enforce provisions.

Authorised person

(2) For the purposes of Part 7 of the Regulatory Powers Act, each of

the following persons is an authorised person in relation to the

provisions of this Act:

(a) the System Operator;

(b) the Information Commissioner.

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 73

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

Relevant court

(3) For the purposes of Part 7 of the Regulatory Powers Act, each of

the following courts is a relevant court in relation to the provisions

of this Act:

(a) the Federal Court of Australia;

(b) the Federal Circuit Court of Australia;

(c) a court of a State or Territory that has jurisdiction in relation

to the matter.

Extension to external Territories

(4) Part 7 of the Regulatory Powers Act, as that Part applies in relation

to the provisions of this Act, extends to every external Territory.

95 Subsection 98(1)

Omit “If the System Operator is the Secretary, the”, substitute “The”.

96 Subsections 98(3), (4) and (5)

Repeal the subsections, substitute:

(3) If the System Operator is not the Secretary, the System Operator

may only delegate a function or power of the System Operator:

(a) to an APS employee in the Department—with the agreement

of the Secretary; and

(b) to the Chief Executive Medicare—with the agreement of the

Chief Executive Medicare.

(4) Each of the following must comply with any written directions of

the System Operator:

(a) a delegate;

(b) if the Chief Executive Medicare delegates under

subsection 8AC(3) of the Human Services (Medicare) Act

1973 a function delegated to him or her under this section—a

subdelegate.

97 Subsection 100(3)

Repeal the subsection, substitute:

(3) An offence against this Act that would otherwise have been

committed by the partnership is taken to have been committed by

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201574

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

each partner in the partnership, at the time the offence was

committed, who:

(a) did the relevant act or made the relevant omission; or

(b) aided, abetted, counselled or procured the relevant act or

omission; or

(c) was in any way knowingly concerned in, or party to, the

relevant act or omission (whether directly or indirectly and

whether by any act or omission of the partner).

(4) This section applies to a contravention of a civil penalty provision

in a corresponding way to the way in which it applies to an

offence.

98 Subsection 101(3)

Repeal the subsection, substitute:

(3) An offence against this Act that would otherwise have been

committed by the unincorporated association is taken to have been

committed by each member of the association’s committee of

management, at the time the offence was committed, who:

(a) did the relevant act or made the relevant omission; or

(b) aided, abetted, counselled or procured the relevant act or

omission; or

(c) was in any way knowingly concerned in, or party to, the

relevant act or omission (whether directly or indirectly and

whether by any act or omission of the member).

(4) This section applies to a contravention of a civil penalty provision

in a corresponding way to the way in which it applies to an

offence.

99 Subsection 102(3)

Repeal the subsection, substitute:

(3) An offence against this Act that would otherwise have been

committed by the trust is taken to have been committed by each

trustee of the trust, at the time the offence was committed, who:

(a) did the relevant act or made the relevant omission; or

(b) aided, abetted, counselled or procured the relevant act or

omission; or

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 75

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

(c) was in any way knowingly concerned in, or party to, the

relevant act or omission (whether directly or indirectly and

whether by any act or omission of the trustee).

(4) This section applies to a contravention of a civil penalty provision

in a corresponding way to the way in which it applies to an

offence.

100 Section 103

Repeal the section.

101 Section 107

Repeal the section, substitute:

107 Annual reports by the System Operator

The System Operator must include in any annual report prepared

by the System Operator and given to the Minister under section 46

of the Public Governance, Performance and Accountability Act

2013:

(a) statistics of the following:

(i) registrations, and cancellations and suspensions of

registrations, under this Act;

(ii) use of the My Health Record system by healthcare

providers and healthcare recipients;

(iii) complaints received, and investigations undertaken, in

relation to the My Health Record system;

(iv) occurrences compromising the integrity or security of

the My Health Record system;

(v) enforceable undertakings accepted by the System

Operator under this Act;

(vi) proceedings taken by the System Operator in relation to

enforceable undertakings or injunctions; and

(b) any other matter prescribed by the regulations.

102 Section 108

Repeal the section, substitute:

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201576

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

108 Review of the operation of the Act

(1) The Minister must, after consulting the Ministerial Council,

appoint an individual to review the operation of this Act.

(2) The individual appointed must give a report to the Minister within

the later of:

(a) 3 years after the commencement of Schedule 1 to the Health

Legislation Amendment (eHealth) Act 2015; or

(b) if the Minister makes My Health Records Rules under

clause 2 of Schedule 1 to this Act within 3 years after the

commencement of Schedule 1 to the Health Legislation

Amendment (eHealth) Act 2015—3 years after the day on

which the Rules are made.

(3) The Minister must:

(a) provide a copy of the report to the Ministerial Council; and

(b) table a copy of the report in each House of Parliament within

15 sitting days after the report is given to the Minister.

103 Subsection 109(2)

Repeal the subsection, substitute:

Consultation

(2) Before the Minister makes My Health Records Rules, the Minister

must consult:

(a) the System Operator; and

(b) a subcommittee of the Ministerial Council, prescribed by the

regulations for the purposes of this paragraph.

A failure to consult does not affect the validity of the Rules.

104 At the end of subsection 109(3)

Add:

; (e) requirements relating to the establishment and the operation

of a test environment for the My Health Record system, or

another electronic system that interacts directly with the My

Health Record system.

105 At the end of section 109

Add:

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 77

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

Incorporation of other instruments

(9) Despite subsection 14(2) of the Legislative Instruments Act 2003,

the My Health Records Rules may make provision in relation to a

matter by applying, adopting or incorporating any matter contained

in an instrument or other writing as in force or existing from time

to time.

Scope of the My Health Records Rules rule-making power

(10) To avoid doubt, the My Health Records Rules may not do the

following:

(a) create an offence or civil penalty;

(b) provide powers of:

(i) arrest or detention; or

(ii) entry, search or seizure;

(c) impose a tax;

(d) set an amount to be appropriated from the Consolidated

Revenue Fund under an appropriation in this Act;

(e) directly amend the text of this Act.

(11) My Health Records Rules that are inconsistent with the regulations

have no effect to the extent of the inconsistency, but My Health

Records Rules are taken to be consistent with the regulations to the

extent that the Rules are capable of operating concurrently with the

regulations.

106 At the end of the Act

Add:

Schedule 1—My Health Records for all

healthcare recipients Note: See section 4A.

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201578

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

Part 1—Opt-out model for the participation of

healthcare recipients in the My Health

Record system

1 Trial of opt-out model

(1) The Minister may make My Health Records Rules applying Part 2

of this Schedule (the opt-out model) to a class, or classes, of

healthcare recipients.

(2) The Minister must not make rules under subclause (1), unless the

Minister is satisfied that applying the opt-out model to that class, or

those classes, of healthcare recipients would provide evidence of

whether the opt-out model results in participation in the My Health

Record system at a level that provides value for those using the My

Health Record system.

(3) Before the Minister makes My Health Records Rules under this

clause, the Minister must consult a subcommittee of the Ministerial

Council, prescribed by the regulations for the purposes of this

subclause.

2 Minister may apply the opt-out model to all healthcare recipients

after trial

(1) If, having applied the opt-out model under clause 1, the Minister

decides that the opt-out model results in participation in the My

Health Record system at a level that provides value for those using

the My Health Record system, the Minister may make My Health

Records Rules applying the opt-out model to all healthcare

recipients in Australia.

(2) In making the decision, the Minister may take into account:

(a) the evidence obtained in applying the opt-out model under

clause 1; and

(b) any other matter relevant to the decision.

(3) Before the Minister makes My Health Records Rules under this

clause, the Minister must consult the Ministerial Council.

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 79

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

Part 2—Registering all healthcare recipients

Division 1—Registering healthcare recipients

3 Registration of a healthcare recipient by the System Operator

(1) The System Operator may register a healthcare recipient if:

(a) the healthcare recipient is eligible for registration under

clause 4; and

(b) the System Operator is satisfied, having regard to the matters

(if any) specified in the My Health Records Rules, that the

identity of the healthcare recipient has been appropriately

verified; and

(c) the System Operator is satisfied that:

(i) the healthcare recipient has been given the opportunity,

in accordance with clause 5, to make an election not to

be registered; and

(ii) no such election is in force.

(2) Despite subclause (1), the System Operator must not register a

healthcare recipient:

(a) if the System Operator is satisfied that registering the

healthcare recipient may compromise the security or integrity

of the My Health Record system, having regard to the matters

(if any) prescribed by the My Health Records Rules; or

(b) in other circumstances prescribed by the My Health Records

Rules.

4 When a healthcare recipient is eligible for registration

A healthcare recipient is eligible for registration if:

(a) a healthcare identifier has been assigned to the healthcare

recipient under paragraph 9(1)(b) of the Healthcare

Identifiers Act 2010; and

(b) the System Operator has collected the following information

in relation to the healthcare recipient:

(i) full name;

(ii) date of birth;

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201580

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

(iii) healthcare identifier, Medicare card number or

Department of Veterans’ Affairs file number;

(iv) sex;

(v) such other information as is prescribed by the

regulations.

5 Healthcare recipient elects not to be registered

(1) A healthcare recipient may, by notice to the System Operator, elect

not to be registered.

(2) The notice:

(a) must be in the approved form; and

(b) be lodged at a place, or by a means, specified in the form;

and

(c) if:

(i) under the My Health Records Rules, it is provided that

the election by a member of a class of healthcare

recipients must be given within a period, or on the

occurrence of an event, specified in those rules; and

(ii) the healthcare recipient is a member of that class;

the notice of the election must be given to the System

Operator within that period, or on the occurrence of that

event.

(3) The election begins to be in force on the day on which the

healthcare recipient gives notice of the election to the System

Operator.

(4) The election ceases to be in force on the day on which an

application is made under clause 6 to be registered.

6 Healthcare recipients may apply for registration

(1) A healthcare recipient may apply to the System Operator for

registration of the healthcare recipient.

(2) The application must:

(a) be in the approved form; and

(b) include, or be accompanied by, the information and

documents required by the form; and

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 81

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

(c) be lodged at a place, or by a means, specified in the form.

(3) If:

(a) a healthcare recipient makes an application in accordance

with this clause; and

(b) the healthcare recipient is eligible for registration under

clause 4; and

(c) the System Operator is satisfied, having regard to the matters

(if any) specified in the My Health Records Rules, that the

identity of the healthcare recipient has been appropriately

verified;

the System Operator must register the healthcare recipient.

(4) Despite subclause (3), the System Operator must not register a

healthcare recipient:

(a) if the System Operator is satisfied that registering the

healthcare recipient may compromise the security or integrity

of the My Health Record system, having regard to the matters

(if any) prescribed by the My Health Records Rules; or

(b) in other circumstances prescribed by the My Health Records

Rules.

Division 2—Information sharing for the purposes of the

opt-out system

7 Collection, use and disclosure of health information by the System

Operator

The System Operator may collect, use and disclose health

information about a healthcare recipient for the purposes of

including the health information in the My Health Record of a

registered healthcare recipient.

8 Collection, use and disclosure of healthcare identifiers, identifying

information and information identifying authorised

representatives and nominated representatives

(1) An entity mentioned in column 1 of an item of the following table,

is authorised to take action of the kind described in column 2 of

that item with information of the kind described in column 3 of that

item in the circumstances described in column 4 of that item.

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201582

Authorised Version C2015A00157

1

Healthcare identifiers and health records Schedule 1

Amendments Part 1

Collection, use and disclosure for the purpose of the My Health Record system

Item Column 1 Column 2 Column 3 Column 4

Entity Permitted Information Circumstances

action

System collect

Operator use

disclose

identifying information

about any of the

following:

(a) a healthcare

recipient;

(b) an authorised

representative of a

healthcare recipient;

(c) a nominated

representative of a

healthcare recipient;

(d) a healthcare

provider

the healthcare identifier

of any of the following:

(a) a healthcare

recipient;

(b) an authorised

representative of a

healthcare recipient;

(c) a nominated

representative of a

healthcare recipient;

(d) a healthcare

provider

the collection,

use or

disclosure is for

the purposes of

the My Health

Record system

2 System collect information relevant to

Operator use whether a person is an

disclose authorised

representative, or

nominated

representative, of

another person

the collection,

use or

disclosure is for

the purposes of

determining

whether a

person is an

authorised

representative,

or a nominated

representative,

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 83

Authorised Version C2015A00157

3

4

5

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

Collection, use and disclosure for the purpose of the My Health Record system

Item Column 1 Column 2 Column 3 Column 4

Entity Permitted Information Circumstances

action

registered

repository

operator

registered

portal

operator

collect

use

disclose to a

participant in

the My Health

Record

System

the healthcare identifier

of any of the following:

(a) a healthcare

recipient;

(b) an authorised

representative of a

healthcare recipient;

(c) a nominated

representative of a

healthcare recipient;

(d) a healthcare

provider

of another

person

the collection,

use or

disclosure is for

the purposes of

the My Health

Record system

service

operator for

the purposes

of the

Healthcare

Identifiers

Act 2010

collect from

the System

Operator

use

disclose to the

System

Operator

information relevant to

whether a person is an

authorised

representative, or

nominated

representative, of

another person

the collection,

use or

disclosure is for

the purposes of

assisting the

System

Operator to

determine

whether a

person is an

authorised

representative,

or a nominated

representative,

of another

person

Chief

Executive

Medicare

collect from

the System

Operator

use

disclose to the

System

Operator

identifying information

about any person who

is, or may be, any of

the following:

(a) a healthcare

recipient;

(b) an authorised

the collection,

use or

disclosure is:

(a) for the

purposes of

assisting the

System

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201584

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

Collection, use and disclosure for the purpose of the My Health Record system

Item Column 1 Column 2 Column 3 Column 4

Entity Permitted Information Circumstances

action

representative of a Operator to

healthcare recipient; verify the

(c) a nominated

representative of a

identity of

the person;

healthcare recipient or

(b) otherwise

for the

purposes of

the My

Health

Record

system

6 Chief collect from information relevant to the collection,

Executive the System whether a person is an use or

Medicare Operator authorised disclosure is for

use representative, or the purposes of

disclose to the

System

Operator

nominated

representative, of

another person

assisting the

System

Operator to

determine

whether a

person is an

authorised

representative,

or a nominated

representative,

of another

person

7 Chief collect identifying information both of the

Executive use about any of the following are

Medicare disclose to a

following: satisfied:

participant in

the My Health

Record system

(a) a healthcare

recipient;

(b) an authorised

representative of a

healthcare recipient;

(c) a nominated

representative of a

(a) the

collection,

use or

disclosure is

for the

purpose of

including

health

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 85

Authorised Version C2015A00157

9

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

Collection, use and disclosure for the purpose of the My Health Record system

Item Column 1 Column 2 Column 3 Column 4

Entity Permitted Information Circumstances

action

healthcare recipient information

healthcare identifier of in the

any of the following:

(a) a healthcare

recipient;

healthcare

recipient’s

My Health

Record; (b) an authorised

representative of a

healthcare recipient;

(b) an election is

not currently

in force (c) a nominated under

representative of a clause 13 not healthcare recipient to have the

healthcare

recipient’s

health

information

made

available to

the System

Operator

8 Veterans’ use identifying information the use or

Affairs disclose to the about any person who disclosure is for

Department

Defence

Department

System

Operator

is, or may be, any of

the following:

(a) a healthcare

recipient;

the purposes of

assisting the

System

Operator to

(b) an authorised

representative of a

verify the

identity of the

healthcare recipient; person

(c) a nominated

representative of a

healthcare recipient

Veterans’

Affairs

Department

Defence

Department

collect from

the service

operator under

the Healthcare

Identifiers Act

2010

identifying information

about any of the

following:

(a) a healthcare

recipient;

(b) an authorised

both of the

following are

satisfied:

(a) the

collection,

use or

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201586

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

Collection, use and disclosure for the purpose of the My Health Record system

Item Column 1 Column 2 Column 3 Column 4

Entity Permitted Information Circumstances

action

use representative of a disclosure is

disclose to a

participant in

the My Health

Record system

healthcare recipient;

(c) a nominated

representative of a

healthcare recipient

healthcare identifier of

any of the following:

for the

purpose of

including

prescribed

information

in the

healthcare (a) a healthcare recipient’s

recipient; My Health

(b) an authorised Record;

representative of a (b) an election is healthcare recipient; not currently

(c) a nominated in force

representative of a under

healthcare recipient clause 13 not

to have the

healthcare

recipient’s

health

information

made

available to

the System

Operator

10 a prescribed collect identifying information the collection,

entity use about any person who use or

disclose to

another

prescribed

entity

is, or may be, any of

the following:

(a) a healthcare

recipient;

(b) an authorised

representative of a

healthcare recipient;

disclosure is for

the purposes of

assisting the

System

Operator to

verify the

identity of the

(c) a nominated person

representative of a

healthcare recipient

Note: Under section 15 of

operator under that

the Healthcare Identifiers Ac

Act is authorised to collect, u

t 2010, the service

se and disclose

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 87

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

healthcare identifiers of, and identifying information about, healthcare

recipients and their representatives for the purposes of the My Health

Record system. The service operator is also authorised to collect, use

and disclose healthcare identifiers of, and identifying information

about, healthcare providers under section 24 of that Act.

(2) If:

(a) any of the following entities discloses information to the

System Operator in circumstances in which the information

is authorised to be disclosed under subclause (1):

(i) the Chief Executive Medicare;

(ii) the Veterans’ Affairs Department;

(iii) the Defence Department;

(iv) the service operator for the purposes of the Healthcare

Identifiers Act 2010;

(v) an entity prescribed for the purposes of item 10 of the

table in subclause (1); and

(b) the entity that disclosed the information becomes aware that

the information has changed;

that entity must, as soon as practicable after becoming aware of the

change, inform the System Operator of the change.

Division 3—Handling health information for the purposes

of a healthcare recipient’s My Health Record

Subdivision A—Healthcare provider to upload health

information

9 Authorisation for healthcare provider to upload health

information

(1) A registered healthcare provider organisation is authorised to

upload to the My Health Record system any record that includes

health information about a registered healthcare recipient, subject

to the following:

(a) express advice given by the healthcare recipient to the

registered healthcare provider organisation that a particular

record, all records or a specified class of records must not be

uploaded;

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201588

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

(b) a law of a State or Territory that is prescribed by the

regulations for the purposes of subclause (3).

(2) A registered healthcare provider organisation is authorised to

upload to the My Health Record system a record in relation to a

healthcare recipient (the patient) that includes health information

about another healthcare recipient (the third party), if the health

information about the third party is directly relevant to the

healthcare of the patient, subject to a law of a State or Territory

that is prescribed by the regulations for the purposes of

subclause (3).

(3) An authorisation referred to in subclause (1) or (2) has effect

despite a law of a State or Territory that requires consent to the

disclosure of particular health information:

(a) given expressly; or

(b) given in a particular way;

other than a law of a State or Territory prescribed by the

regulations for the purposes of this subclause.

Subdivision B—Functions of the Chief Executive Medicare

10 Registered repository operator

It is a function of the Chief Executive Medicare to seek to become

a registered repository operator and, if registered, to operate a

repository for the purposes of the My Health Record system in

accordance with this Division.

11 Uploading health information to the repository

At any time when the Chief Executive Medicare is a registered

repository operator, the Chief Executive Medicare may, at his or

her discretion, upload health information held by the Chief

Executive Medicare about a registered healthcare recipient to the

repository operated by the Chief Executive Medicare.

12 Making health information available to the System Operator

(1) At any time when the Chief Executive Medicare is a registered

repository operator, the Chief Executive Medicare may, at his or

her discretion, make available to the System Operator health

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 89

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

information held by the Chief Executive Medicare about a

registered healthcare recipient.

(2) Despite subclause (1), the Chief Executive Medicare must not

make health information about a healthcare recipient available to

the System Operator, if the healthcare recipient has elected under

clause 13 not to have the information made available, and that

election is in force.

13 Healthcare recipient may elect not to have health information

disclosed to the System Operator

(1) A healthcare recipient may, by notice to the System Operator, elect

not to have health information about the healthcare recipient held

by the Chief Executive Medicare made available to the System

Operator.

(2) The notice under subclause (1):

(a) must be in the approved form; and

(b) be lodged at a place, or by a means, specified in the form;

and

(c) if:

(i) under the My Health Records Rules, it is provided that

the election by a member of a class of healthcare

recipients must be given within a period, or on the

occurrence of an event, specified in those rules; and

(ii) the healthcare recipient is a member of that class;

the notice of the election must be given to the System

Operator within that period, or on the occurrence of that

event.

(3) The election begins to be in force from the day on which the

healthcare recipient gives notice of the election to the System

Operator.

(4) The election ceases to be in force:

(a) if the healthcare recipient notifies the System Operator that

the healthcare recipient withdraws the election—from the day

on which the notice is given; and

(b) if another time is prescribed by the My Health Records

Rules—at that time.

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201590

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

(5) The notice under subclause (4):

(a) must be in the approved form; and

(b) be lodged at a place, or by a means, specified in the form.

14 Health information uploaded or made available may include

details of healthcare providers

The health information about a healthcare recipient uploaded under

clause 11 or made available under clause 12 may include the name

of one or more healthcare providers that have provided healthcare

to the healthcare recipient.

15 Way in which repository operated not limited by this Division

Nothing in this Division limits the way in which the repository is to

be operated.

Subdivision C—Other registered repository operators

16 Making health information available to the System Operator

A registered repository operator (other than the Chief Executive

Medicare) may make available to the System Operator health

information held by the registered repository operator about a

registered healthcare recipient.

Part 3—Other consequences of applying the opt-out

rules

17 References to other provisions of this Act

If Part 2 of this Schedule applies in relation to a healthcare

recipient:

(a) Division 4 of Part 2 of this Act does not apply in relation to

the healthcare recipient; and

(b) Division 1 of Part 3 of this Act does not apply in relation to

the healthcare recipient; and

(c) section 46 applies as if the reference to “this Part” were a

reference to “Part 2 of Schedule 1 to this Act”; and

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 91

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

(d) section 50D does not apply in relation to the healthcare

recipient; and

(e) paragraphs 51(2)(d) and (e) do not apply in relation to the

healthcare recipient (consent to upload information to the My

Health Record system); and

(f) section 57 applies as if a reference to a decision under Part 3

to register a healthcare recipient were a reference to a

decision under Part 2 of this Schedule to register the

healthcare recipient; and

(g) Division 6 of Part 3 of this Act does not apply in relation to

the healthcare recipient; and

(h) in relation to the healthcare recipient, the reference in

paragraph 97(1)(b) to a decision under section 41 to refuse to

register a healthcare recipient is taken to include a reference

to a decision under Part 2 of this Schedule to refuse to

register the healthcare recipient; and

(i) if the healthcare recipient is registered under Part 2 of this

Schedule—a reference in this Act to a registered healthcare

recipient is taken to include a reference to the healthcare

recipient.

Privacy Act 1988

107 Subsection 6(1) (definition of health information)

Repeal the definition, substitute:

health information has the meaning given by section 6FA.

108 Subsection 6(1) (definition of health service)

Repeal the definition, substitute:

health service has the meaning given by section 6FB.

109 After section 6F

Insert:

6FA Meaning of health information

The following information is health information:

(a) information or an opinion about:

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201592

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Amendments Part 1

(i) the health, including an illness, disability or injury, (at

any time) of an individual; or

(ii) an individual’s expressed wishes about the future

provision of health services to the individual; or

(iii) a health service provided, or to be provided, to an

individual;

that is also personal information;

(b) other personal information collected to provide, or in

providing, a health service to an individual;

(c) other personal information collected in connection with the

donation, or intended donation, by an individual of his or her

body parts, organs or body substances;

(d) genetic information about an individual in a form that is, or

could be, predictive of the health of the individual or a

genetic relative of the individual.

6FB Meaning of health service

(1) An activity performed in relation to an individual is a health

service if the activity is intended or claimed (expressly or

otherwise) by the individual or the person performing it:

(a) to assess, maintain or improve the individual’s health; or

(b) where the individual’s health cannot be maintained or

improved—to manage the individual’s health; or

(c) to diagnose the individual’s illness, disability or injury; or

(d) to treat the individual’s illness, disability or injury or

suspected illness, disability or injury; or

(e) to record the individual’s health for the purposes of

assessing, maintaining, improving or managing the

individual’s health.

(2) The dispensing on prescription of a drug or medicinal preparation

by a pharmacist is a health service.

(3) To avoid doubt:

(a) a reference in this section to an individual’s health includes

the individual’s physical or psychological health; and

(b) an activity mentioned in subsection (1) or (2) that takes place

in the course of providing aged care, palliative care or care

for a person with a disability is a health service.

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 93

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 1 Amendments

(4) The regulations may prescribe an activity that, despite

subsections (1) and (2) is not to be treated as a health service for

the purposes of this Act.

110 After subsection 16B(1)

Insert:

(1A) A permitted health situation exists in relation to the collection by

an organisation of health information about an individual (the third

party) if:

(a) it is necessary for the organisation to collect the family,

social or medical history of an individual (the patient) to

provide a health service to the patient; and

(b) the health information about the third party is part of the

family, social or medical history necessary for the

organisation to provide the health service to the patient; and

(c) the health information is collected by the organisation from

the patient or, if the patient is physically or legally incapable

of giving the information, a responsible person for the

patient.

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201594

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Rule-making powers, application and transitional provisions Part 2

Part 2—Rule-making powers, application and transitional provisions

111 Meaning of application day

(1) The application day means a single day to be fixed by Proclamation for

the purposes of this item.

(2) However, if the application day is not fixed for a day that occurs within

the period of 6 months beginning on the day this Schedule commences,

the application day is on the day after the end of that period.

112 Meaning of governance restructure day

The governance restructure day means a single day to be fixed by

Proclamation for the purposes of this item.

113 Copyright amendments

(1) The amendment made by item 1 of this Schedule applies to works made

on or after the application day.

(2) The amendment made by item 2 of this Schedule applies to sound

recordings and cinematograph films made on or after the application

day.

(3) The amendments made by items 77, 78 and 79 of this Schedule (other

than the insertion of section 50D into the My Health Records Act 2012)

apply to works, sound recordings and cinematograph films uploaded on

or after the application day.

(4) Section 50D of the My Health Records Act 2012, as inserted by item 79

of this Schedule, applies to information made available to the System

Operator on or after the application day.

114 Assigning healthcare identifiers

The amendment made by item 31 of this Schedule applies to healthcare

identifiers assigned on or after the commencement of this Schedule.

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 95

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 2 Rule-making powers, application and transitional provisions

115 Information sharing under the Healthcare Identifiers Act 2010

(1) The amendments made by items 34 and 36 of this Schedule (other than

the insertion of section 25E into the Healthcare Identifiers Act 2010)

apply to the adoption, collection, use and disclosure of healthcare

identifiers and other information on or after the application day.

(2) Section 25E of the Healthcare Identifiers Act 2010, as inserted by

item 34 of this Schedule, applies where a healthcare provider

organisation becomes aware on or after the application day that

information held by the service operator in relation to the organisation

is not accurate, up-to-date or complete.

(3) Despite the repeal of sections 15 and 26 of the Healthcare Identifiers

Act 2010 by items 34 and 36 of this Schedule, those sections, as in force

immediately before the commencement of this Schedule, continue to

apply to the adoption, collection, use and disclosure of healthcare

identifiers and other information before the application day.

116 Section 29 of the Healthcare Identifiers Act 2010

The amendments made by items 38 to 40 of this Schedule apply to acts

and practices occurring on or after the application day.

117 Healthcare Provider Directory

The amendment made by item 42 of this Schedule applies on and after

the application day.

118 Enforcement under the Healthcare Identifiers Act 2010

(1) Part 4 of the Regulatory Powers (Standard Provisions) Act 2014, as that

Part applies under section 31C of the Healthcare Identifiers Act 2010,

applies in relation to contraventions of civil penalty provisions

occurring on or after the application day.

(2) Part 6 of the Regulatory Powers (Standard Provisions) Act 2014, as that

Part applies under section 31D of the Healthcare Identifiers Act 2010,

applies in relation to undertakings given on or after the application day.

(3) Part 7 of the Regulatory Powers (Standard Provisions) Act 2014, as that

Part applies under section 31E of the Healthcare Identifiers Act 2010,

applies in relation to contraventions occurring on or after the application

day.

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201596

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Rule-making powers, application and transitional provisions Part 2

119 Amendments of the Healthcare Identifiers Act 2010 relating to employees, contractors, partnerships, incorporated associations and trusts

(1) Section 36A of the Healthcare Identifiers Act 2010, as inserted by

item 48 of this Schedule, applies to the disclosure of information on or

after the application day.

(2) Sections 36B, 36C and 36D of the Healthcare Identifiers Act 2010, as

inserted by item 48 of this Schedule, apply to:

(a) obligations arising on or after the application day; and

(b) offence and civil penalty provisions contravened on or after

the application day.

120 Governance restructure

The amendments made by items 57, 58, 70, 72 and 103 of this Schedule

apply on and after the governance restructure day.

121 Duties of authorised representatives and nominated representatives

The amendments made by items 63 and 64 of this Schedule apply to

actions taken and decisions made by an authorised representative of a

healthcare recipient, or a nominated representative of a healthcare

recipient, on or after the application day.

122 System Operator may communicate electronically

The amendment made by item 67 of this Schedule applies to

communications on or after the commencement of this Schedule.

123 Retention of records uploaded to National Repositories Service

The amendment made by item 71 of this Schedule applies whether or

not the record was uploaded before, on or after the commencement of

this Schedule.

124 Uploading information about the status of the registration of a healthcare provider

The amendment made by item 76 of this Schedule applies to

information uploaded on or after the application day.

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 97

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 2 Rule-making powers, application and transitional provisions

125 Uploading information about third parties

The amendments made by items 74 and 75 of this Schedule apply to

information uploaded on or after the application day.

126 Sharing information for the purposes of the My Health Record system—opt-in

The amendment made by item 84 of this Schedule applies to healthcare

identifiers and other information collected, used or disclosed on or after

the application day.

127 When decisions about status of registration under the My Health Record system come into effect

The amendments made by items 81 and 82 of this Schedule apply to

decisions made on or after the day on which this Schedule commences.

128 Contraventions of obligations under sections 59, 60 and 77 of the My Health Records Act 2012

The amendments made by items 85, 86, 87, 88, 91 and 92 of this

Schedule apply to contraventions of subsections 59(1), 59(2), 60(1) and

77(1) of the My Health Records Act 2012 that occur on or after the

application day.

129 Application of amendments relating to data breach

(1) Section 75 of the My Health Records Act 2012 as inserted by item 90 of

this Schedule applies to contraventions, events or circumstances that

have or may have occurred or arisen on or after the application day.

(2) Section 75 of the My Health Records Act 2012, as in force immediately

before the commencement of this Schedule, continues to apply in

relation to contraventions that have or may have occurred, or events or

circumstances that have occurred or arisen before the application day,

whether or not the entity becomes aware before that day.

130 Consequences of contravening the My Health Records Rules

The amendment made by item 93 of this Schedule applies to

contraventions of the My Health Records Rules that occur on or after

the application day.

Health Legislation Amendment (eHealth) Act 2015 No. 157, 201598

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Rule-making powers, application and transitional provisions Part 2

131 Application and saving provision—civil penalties

(1) Part 4 of the Regulatory Powers (Standard Provisions) Act 2014, as that

Part applies under Division 1 of Part 6 of the My Health Records Act

2012, applies in relation to contraventions of civil penalty provisions

occurring on or after the application day.

(2) Part 6 of the My Health Records Act 2012, as in force immediately

before the commencement of this Schedule, continues to apply on and

after the application day in relation to contraventions of civil penalty

provisions occurring before the application day.

132 Application and saving provision—enforceable undertakings

(1) Part 6 of the Regulatory Powers (Standard Provisions) Act 2014, as that

Part applies under Division 2 of Part 6 of the My Health Records Act

2012, applies in relation to undertakings given on or after the

application day.

(2) Sections 94 and 95 of the My Health Records Act 2012, as in force

immediately before the commencement of this Schedule, continue to

apply on and after the application day in relation to the following:

(a) an undertaking given before the application day;

(b) an application for an order made, but not decided, under

subsection 95(1) of that Act before the application day;

(c) an order made under subsection 95(2) of that Act before, on

or after the application day as a result of an application made

before the application day.

133 Application and saving provision—injunctions

(1) Part 7 of the Regulatory Powers (Standard Provisions) Act 2014, as that

Part applies under Division 3 of Part 6 of the My Health Records Act

2012, applies in relation to contraventions occurring on or after the

application day.

(2) Section 96 of the My Health Records Act 2012, as in force immediately

before the commencement of this Schedule, continues to apply on and

after the application day in relation to contraventions occurring before

the application day.

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 99

Authorised Version C2015A00157

Schedule 1 Healthcare identifiers and health records

Part 2 Rule-making powers, application and transitional provisions

134 Amendments of the My Health Records Act 2012 relating to partnerships, unincorporated associations and trusts

The amendments made by items 97, 98 and 99 of this Schedule apply

to:

(a) obligations arising on or after the application day; and

(b) offence and civil penalty provisions contravened on or after

the application day.

135 Repeal of requirement for the System Operator to give an annual report

The amendment made by item 101 of this Schedule applies to financial

years beginning on or after the governance restructure day.

136 Rules

(1) The Minister may, by legislative instrument, make rules prescribing

matters:

(a) required or permitted by this Act to be prescribed by the

rules; or

(b) necessary or convenient to be prescribed for carrying out or

giving effect to this Act.

(2) Without limiting subitem (1), the rules may prescribe matters of a

transitional nature (including prescribing any saving or application

provisions) relating to:

(a) the amendments or repeals made by this Act; or

(b) the enactment of this Act.

(3) Without limiting subitem (2), rules made for the purposes of that

subitem may provide that the following Acts have effect with any

modifications prescribed by the rules:

(a) the Healthcare Identifiers Act 2010;

(b) the My Health Records Act 2012;

(c) the Privacy Act 1988.

(4) To avoid doubt, the rules may not do the following:

(a) create an offence or civil penalty;

(b) provide powers of:

(i) arrest or detention; or

100 Health Legislation Amendment (eHealth) Act 2015 No. 157, 2015

Authorised Version C2015A00157

Healthcare identifiers and health records Schedule 1

Rule-making powers, application and transitional provisions Part 2

(ii) entry, search or seizure;

(c) impose a tax;

(d) set an amount to be appropriated from the Consolidated

Revenue Fund under an appropriation in this Act;

(e) directly amend the text of this Act.

(5) This Part (other than subitem (4)) does not limit the rules that may be

made for the purposes of this item.

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 101

Authorised Version C2015A00157

Schedule 2 Renaming PCEHR as My Health Record

Schedule 2—Renaming PCEHR as My Health Record

Healthcare Identifiers Act 2010

1 Section 5

Insert:

My Health Record has the same meaning as in the My Health

Records Act 2012.

My Health Record system has the same meaning as in the My

Health Records Act 2012.

My Health Record System Operator means the System Operator

within the meaning of the My Health Records Act 2012.

2 Section 5

Insert:

participant in the My Health Record system has the same meaning

as in the My Health Records Act 2012.

3 Section 5 (definition of participant in the PCEHR system)

Repeal the definition.

4 Section 5

Repeal the following definitions:

(a) definition of PCEHR;

(b) definition of PCEHR system;

(c) definition of PCEHR System Operator.

5 Section 5 (definitions of registered portal operator and registered repository operator)

Omit “Personally Controlled Electronic Health Records Act 2012”,

substitute “My Health Records Act 2012”.

6 Subparagraphs 36(ba)(i) and (ii)

Omit “PCEHR”, substitute “My Health Record”.

102 Health Legislation Amendment (eHealth) Act 2015 No. 157, 2015

Authorised Version C2015A00157

Renaming PCEHR as My Health Record Schedule 2

Health Insurance Act 1973

7 Subsection 3(1)

Insert:

My Health Record System Operator has the same meaning as

System Operator has in the My Health Records Act 2012.

8 Subsection 3(1) (definition of PCEHR System Operator)

Repeal the definition.

9 Subsection 3(1) (definition of registered repository operator)

Omit “Personally Controlled Electronic Health Records Act 2012”,

substitute “My Health Records Act 2012”.

10 Subsection 130(1)

Omit “Personally Controlled Electronic Health Records Act 2012”,

substitute “My Health Records Act 2012”.

National Health Act 1953

11 Subsection 135A(1)

Omit “Personally Controlled Electronic Health Records Act 2012”,

substitute “My Health Records Act 2012”.

12 Subsection 135AA(5AA)

Omit “PCEHR” (wherever occurring), substitute “My Health Record”.

13 Subsection 135AA(11)

Insert:

My Health Record has the same meaning as in the My Health

Records Act 2012.

My Health Record System Operator has the same meaning as

System Operator has in the My Health Records Act 2012.

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 103

Authorised Version C2015A00157

Schedule 2 Renaming PCEHR as My Health Record

14 Subsection 135AA(11)

Repeal the following definitions:

(a) definition of PCEHR;

(b) definition of PCEHR System Operator.

Personally Controlled Electronic Health Records Act 2012

15 Section 1

Omit “Personally Controlled Electronic Health Records Act 2012”,

substitute “My Health Records Act 2012”.

Note: This item amends the short title of the Act. If another amendment of the Act is described by reference to the Act’s previous short title, that other amendment has effect after the commencement of this item as an amendment of the Act under its amended short title (see section 10 of the Acts Interpretation Act 1901).

16 Section 5 (definitions of contracted service provider and index service)

Omit “PCEHR” (wherever occurring), substitute “My Health Record”.

17 Section 5

Insert:

My Health Record of a healthcare recipient means the record of

information that is created and maintained by the System Operator

in relation to the healthcare recipient, and information that can be

obtained by means of that record, including the following:

(a) information included in the entry in the Register that relates

to the healthcare recipient;

(b) health information connected in the My Health Record

system to the healthcare recipient (including information

included in a record accessible through the index service);

(c) other information connected in the My Health Record system

to the healthcare recipient, such as information relating to

auditing access to the record;

(d) back-up records of such information.

My Health Records Rules has the meaning given by section 109.

My Health Record system means a system:

(a) that is for:

104 Health Legislation Amendment (eHealth) Act 2015 No. 157, 2015

Authorised Version C2015A00157

Renaming PCEHR as My Health Record Schedule 2

(i) the collection, use and disclosure of information from

many sources using telecommunications services and by

other means, and the holding of that information, in

accordance with the healthcare recipient’s wishes or in

circumstances specified in this Act; and

(ii) the assembly of that information using

telecommunications services and by other means so far

is it is relevant to a particular healthcare recipient, so

that it can be made available, in accordance with the

healthcare recipient’s wishes or in circumstances

specified in this Act, to facilitate the provision of

healthcare to the healthcare recipient or for purposes

specified in this Act; and

(b) that involves the performance of functions under this Act by

the System Operator.

18 Section 5

Insert:

participant in the My Health Record system means any of the

following:

(a) the System Operator;

(b) a registered healthcare provider organisation;

(c) the operator of the National Repositories Service;

(d) a registered repository operator;

(e) a registered portal operator;

(f) a registered contracted service provider, so far as the

contracted service provider provides services to a registered

healthcare provider.

19 Section 5 (definition of participant in the PCEHR system)

Repeal the definition.

20 Section 5

Repeal the following definitions:

(a) definition of PCEHR;

(b) definition of PCEHR Rules;

(c) definition of PCEHR system.

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 105

Authorised Version C2015A00157

Schedule 2 Renaming PCEHR as My Health Record

21 Section 5 (definition of personally controlled electronic health record)

Repeal the definition.

22 Section 5 (definition of registered portal operator)

Omit “PCEHR”, substitute “My Health Record”.

23 Section 5 (definition of registered repository operator)

Omit “personally controlled electronic health records”, substitute “My

Health Records”.

24 Section 5 (definition of registered repository operator)

Omit “PCEHR”, substitute “My Health Record”.

25 Section 5 (definitions of this Act and use)

Omit “PCEHR”, substitute “My Health Record”.

26 Paragraphs 6(3)(a) and (6)(b)

Omit “PCEHR”, substitute “My Health Record”.

27 Subsection 7(3)

Omit “PCEHR” (wherever occurring), substitute “My Health Record”.

28 Section 15

Omit “PCEHR” (wherever occurring), substitute “My Health Record”.

29 Paragraph 17(1)(b)

Omit “PCEHR”, substitute “My Health Record”.

30 Subsection 38(1)

Omit “PCEHR”, substitute “My Health Record”.

31 Subsections 41(1) to (3)

Omit “PCEHR” (wherever occurring), substitute “My Health Record”.

32 Paragraph 43(b)

Omit “PCEHR”, substitute “My Health Record”.

106 Health Legislation Amendment (eHealth) Act 2015 No. 157, 2015

Authorised Version C2015A00157

Renaming PCEHR as My Health Record Schedule 2

33 Subsection 44(2)

Omit “PCEHR” (wherever occurring), substitute “My Health Record”.

34 Section 45

Omit “PCEHR” (wherever occurring), substitute “My Health Record”.

35 Section 46 (heading)

Repeal the heading, substitute:

46 Condition of registration—non-discrimination in providing

healthcare to a healthcare recipient who does not have a

My Health Record etc.

36 Paragraphs 46(2)(a) and (b)

Omit “PCEHR”, substitute “My Health Record”.

37 Paragraph 48(a)

Omit “PCEHR”, substitute “My Health Record”.

38 Subsection 49(2)

Omit “PCEHR” (wherever occurring), substitute “My Health Record”.

39 Section 50

Omit “PCEHR”, substitute “My Health Record”.

40 Subsections 51(2) and (3)

Omit “PCEHR” (wherever occurring), substitute “My Health Record”.

41 Section 55 (heading)

Repeal the heading, substitute:

55 My Health Records Rules may specify requirements after

registration is cancelled or suspended

42 Section 55

Omit “PCEHR” (wherever occurring), substitute “My Health Record”.

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 107

Authorised Version C2015A00157

Schedule 2 Renaming PCEHR as My Health Record

43 Paragraph 55(3)(a)

Omit “PCEHRs”, substitute “My Health Records”.

44 Paragraphs 57(a) and (b)

Omit “PCEHR”, substitute “My Health Record”.

45 Part 4 (heading)

Repeal the heading, substitute:

Part 4—Collection, use and disclosure of health

information included in a healthcare

recipient’s My Health Record

46 Division 1 of Part 4 (heading)

Repeal the heading, substitute:

Division 1—Unauthorised collection, use and disclosure of

health information included in a healthcare

recipient’s My Health Record

47 Section 59 (heading)

Repeal the heading, substitute:

59 Unauthorised collection, use and disclosure of health information

included in a healthcare recipient’s My Health Record

48 Section 59

Omit “PCEHR” (wherever occurring), substitute “My Health Record”.

49 Subsection 60(1)

Omit “PCEHR”, substitute “My Health Record”.

50 Sections 61 and 62

Omit “PCEHR” (wherever occurring), substitute “My Health Record”.

108 Health Legislation Amendment (eHealth) Act 2015 No. 157, 2015

Authorised Version C2015A00157

Renaming PCEHR as My Health Record Schedule 2

51 Section 63 (heading)

Repeal the heading, substitute:

63 Collection, use and disclosure for management of My Health

Record system

52 Sections 63 to 70

Omit “PCEHR” (wherever occurring), substitute “My Health Record”.

53 Division 3 of Part 4 (heading)

Repeal the heading, substitute:

Division 3—Prohibitions and authorisations limited to My

Health Record system

54 Section 71 (heading)

Repeal the heading, substitute:

71 Prohibitions and authorisations limited to health information

collected by using the My Health Record system

55 Subsections 71(1), (2) and (3)

Omit “PCEHR” (wherever occurring), substitute “My Health Record”.

56 Subsection 71(4) (heading)

Repeal the heading, substitute:

Information originally obtained by means of My Health Record

system

57 Subsection 71(4)

Omit “PCEHR” (wherever occurring), substitute “My Health Record”.

58 Subsections 73(1) and (3)

Omit “PCEHR”, substitute “My Health Record”.

59 Section 73A

Omit “PCEHR”, substitute “My Health Record”.

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 109

Authorised Version C2015A00157

Schedule 2 Renaming PCEHR as My Health Record

60 Section 73B

Omit “PCEHR” (wherever occurring), substitute “My Health Record”.

61 Paragraph 74(1)(a)

Omit “PCEHR”, substitute “My Health Record”.

62 Section 77

Omit “PCEHR” (wherever occurring), substitute “My Health Record”.

63 Subparagraphs 99(c)(i) and (ii)

Omit “PCEHR”, substitute “My Health Record”.

64 Subsection 106(1)

Omit “PCEHR”, substitute “My Health Record”.

65 Subparagraph 106(2)(a)(i)

Omit “PCEHR”, substitute “My Health Record”.

66 Subparagraph 106(2)(a)(ii)

Omit “PCEHRs”, substitute “My Health Records”.

67 Subparagraph 106(2)(a)(ii)

Omit “PCEHR”, substitute “My Health Record”.

68 Division 7 of Part 8 (heading)

Repeal the heading, substitute:

Division 7—My Health Records Rules, regulations and

other instruments

69 Section 109 (heading)

Repeal the heading, substitute:

109 Minister may make My Health Records Rules

70 Subsection 109(1)

Omit “PCEHR”, substitute “My Health Record”.

110 Health Legislation Amendment (eHealth) Act 2015 No. 157, 2015

Authorised Version C2015A00157

Renaming PCEHR as My Health Record Schedule 2

71 Subsection 109(1)

Omit “PCEHR”, substitute “My Health Record”.

72 Subsection 109(3) (heading)

Repeal the heading, substitute:

My Health Records Rules may relate to registration etc.

73 Subsection 109(3)

Omit “PCEHR” (wherever occurring), substitute “My Health Record”.

74 Subsection 109(4A) (heading)

Repeal the heading, substitute:

My Health Records Rules may relate to agreements

75 Subsections 109(4A) and (5)

Omit “PCEHR”, substitute “My Health Record”.

76 Subsection 109(6) (heading)

Repeal the heading, substitute:

My Health Records Rules may relate to access control mechanisms

77 Subsection 109(6)

Omit “PCEHR” (wherever occurring), substitute “My Health Record”.

78 Subsection 109(7) (heading)

Repeal the heading, substitute:

My Health Records Rules may relate to authorised representatives

and nominated representatives

79 Subsection 109(7)

Omit “PCEHR”, substitute “My Health Record”.

80 Subsection 109(7A) (heading)

Repeal the heading, substitute:

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 111

Authorised Version C2015A00157

Schedule 2 Renaming PCEHR as My Health Record

My Health Records Rules may relate to research

81 Subsection 109(7A)

Omit “PCEHR”, substitute “My Health Record”.

82 Subsection 109(8) (heading)

Repeal the heading, substitute:

My Health Records Rules may apply to specified classes of

participants

83 Subsection 109(8)

Omit “PCEHR” (wherever occurring), substitute “My Health Record”.

84 Subsection 112(2)

Omit “PCEHR”, substitute “My Health Record”.

112 Health Legislation Amendment (eHealth) Act 2015 No. 157, 2015

Authorised Version C2015A00157

Renaming consumers as healthcare recipients Schedule 3

Schedule 3—Renaming consumers as healthcare recipients

Health Insurance Act 1973

1 Subsection 3(1) (definition of registered consumer)

Repeal the definition.

2 Subsection 3(1)

Insert:

registered healthcare recipient has the meaning given by the My

Health Records Act 2012.

National Health Act 1953

3 Subsection 135AA(5AA)

Omit “consumer”, substitute “healthcare recipient”.

Personally Controlled Electronic Health Records Act 2012

4 Section 5 (definitions of consumer and consumer-only notes)

Repeal the definitions.

5 Section 5

Insert:

healthcare recipient means an individual who has received,

receives, or may receive, healthcare.

healthcare recipient-only notes, in relation to a healthcare

recipient, means health information included by the healthcare

recipient in his or her My Health Record and described in the My

Health Record system as healthcare recipient-only notes (whether

using that expression or an equivalent expression).

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 113

Authorised Version C2015A00157

1

2

4

5

6

7

8

9

10

Schedule 3 Renaming consumers as healthcare recipients

6 Section 5 (definition of registered consumer)

Repeal the definition.

7 Section 5

Insert:

registered healthcare recipient means a healthcare recipient who is

registered under section 41.

8 Amendments of listed provisions

Further amendments

Item Provision Omit Substitute

Section 3 consumers of recipients of healthcare

healthcare

Paragraph 3(d) consumers healthcare recipients

3 Section 5 (definitions of consumer (wherever healthcare recipient

authorised occurring)

representative and

nominated healthcare

provider)

Section 5 (paragraph (a) consumer’s healthcare recipient’s

of the definition of

nominated healthcare

provider)

Section 5 (definitions of consumer healthcare recipient

nominated

representative and

parental responsibility)

Section 5 (definition of consumer’s healthcare recipient’s

use)

Section 5 (definition of consumer healthcare recipient

Veterans’ Affairs

Department file

number)

Section 6 (heading) consumer healthcare recipient

Subsection 6(1) Consumers Healthcare recipients

(heading)

Subsections 6(1) to (3) consumer (wherever healthcare recipient

114 Health Legislation Amendment (eHealth) Act 2015 No. 157, 2015

Authorised Version C2015A00157

11

12

13

14

15

16

17

18

20

22

23

24

28

29

30

31

32

Renaming consumers as healthcare recipients Schedule 3

Further amendments

Item Provision Omit Substitute

occurring)

Subsection 6(4) Consumers Healthcare recipients

(heading)

Subsections 6(4) and (6) consumer (wherever healthcare recipient

occurring)

Subsection 6(7) consumer (wherever healthcare recipient

occurring)

Subsection 6(8) consumer (first and healthcare recipient

second occurring)

Subsection 6(8) consumer’s healthcare recipient’s

Subsection 6(8) consumer (third healthcare recipient

occurring)

Section 7 (heading) consumer healthcare recipient

Subsection 7(1) consumer (first healthcare recipient

occurring)

19 Paragraph 7(1)(a) consumer healthcare recipient

Paragraph 7(1)(a) consumer’s healthcare recipient’s

21 Paragraph 7(1)(b) consumer healthcare recipient

Subsection 7(2) consumer (first healthcare recipient

occurring)

Paragraph 7(2)(a) consumer (first healthcare recipient

occurring)

Subparagraph 7(2)(a)(i) consumer’s healthcare recipient’s

25 Subparagraph 7(2)(a)(ii) consumer healthcare recipient

26 Paragraph 7(2)(b) consumer healthcare recipient

27 Subsection 7(3) consumer healthcare recipient

Subsection 7(3) consumer’s healthcare recipient’s

Subsection 7(4) consumer (wherever healthcare recipient

occurring)

Subsection 7(5) consumer (first and healthcare recipient

second occurring)

Subsection 7(5) consumer’s healthcare recipient’s

Subsection 7(5) consumer (third, healthcare recipient

fourth, fifth and sixth

occurring)

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 115

Authorised Version C2015A00157

34

35

37

39

41

43

45

47

48

49

50

51

52

53

54

55

Schedule 3 Renaming consumers as healthcare recipients

Further amendments

Item Provision Omit Substitute

33 Section 8 consumer (wherever healthcare recipient

occurring)

Section 10 consumer (first healthcare recipient

occurring)

Paragraph 10(a) consumer’s healthcare recipient’s

(wherever occurring)

36 Section 10 (note) consumer healthcare recipient

Subparagraphs 15(a)(i) consumers healthcare recipients

and (ii)

38 Subparagraph 15(b)(i) consumer healthcare recipient

Subparagraph 15(b)(i) consumer’s healthcare recipient’s

40 Subparagraph 15(b)(ii) consumer healthcare recipient

Subparagraph 15(b)(iii) consumer’s healthcare recipient’s

42 Paragraph 15(c) consumer healthcare recipient

Paragraph 15(c) consumer’s healthcare recipient’s

44 Subparagraphs 15(c)(i) consumer healthcare recipient

and (ii)

Paragraph 15(f) consumers healthcare recipients

46 Subparagraphs 15(h)(i) consumer healthcare recipient

and (ii)

Paragraph 15(i) consumer’s healthcare recipient’s

(wherever occurring)

Paragraph 15(m) consumers healthcare recipients

Section 17 consumer (wherever healthcare recipient

occurring)

Subsections 38(2) and consumer (wherever healthcare recipient

(3) occurring)

Division 1 of Part 3 consumers healthcare recipients

(heading)

Section 39 (heading) Consumers Healthcare recipients

Subsection 39(1) consumer (wherever healthcare recipient

occurring)

Section 40 (heading) consumer healthcare recipient

Section 40 consumer (wherever healthcare recipient

116 Health Legislation Amendment (eHealth) Act 2015 No. 157, 2015

Authorised Version C2015A00157

56

57

58

59

60

61

62

64

66

68

70

73

74

75

Renaming consumers as healthcare recipients Schedule 3

Further amendments

Item Provision Omit Substitute

occurring)

Section 41 (heading) consumer healthcare recipient

Subsections 41(1) to (3) consumer (wherever healthcare recipient

occurring)

Section 45 consumer (wherever healthcare recipient

occurring)

Subsection 46(1) Consumer Healthcare recipient

(heading)

Subsection 46(1) consumer (wherever healthcare recipient

occurring)

Subsection 46(2) consumer’s healthcare recipient’s

(heading)

Subsection 46(2) consumer (wherever healthcare recipient

occurring)

63 Section 50 consumer healthcare recipient

Subsection 51(1) consumer (wherever healthcare recipient

occurring)

65 Subsection 51(2) consumer healthcare recipient

(heading)

Subsection 51(2) consumer (wherever healthcare recipient

occurring)

67 Subsection 51(3) consumer healthcare recipient

Subsection 51(4) consumer’s healthcare recipient’s

(heading)

69 Subsection 51(4) consumer healthcare recipient

Subsection 51(4) consumer’s healthcare recipient’s

71 Subsection 51(5) consumer healthcare recipient

72 Subsection 51(6) consumer healthcare recipient

(heading)

Subsection 51(6) consumer (wherever healthcare recipient

occurring)

Paragraph 51(7)(b) consumer (wherever healthcare recipient

occurring)

Section 52 consumer (wherever healthcare recipient

occurring)

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 117

Authorised Version C2015A00157

76

77

78

79

80

81

82

83

84

85

86

88

89

90

91

92

93

95

97

98

Schedule 3 Renaming consumers as healthcare recipients

Further amendments

Item Provision Omit Substitute

Subsections 53(1), (2), consumer (wherever healthcare recipient

(3) and (4) occurring)

Sections 54 and 55 consumer (wherever healthcare recipient

occurring)

Section 57 consumer (wherever healthcare recipient

occurring)

Section 59 consumer’s healthcare recipient’s

(wherever occurring)

Subsection 60(1) consumer’s healthcare recipient’s

Subsection 61(1) consumer’s healthcare recipient’s

Subsection 61(1) consumer (wherever healthcare recipient

occurring)

Subsection 61(2) consumer-only notes healthcare

recipient-only notes

Section 62 consumer’s healthcare recipient’s

(wherever occurring)

Paragraph 62(b) consumer (wherever healthcare recipient

occurring)

Section 63 consumer’s healthcare recipient’s

87 Paragraph 63(a) consumer healthcare recipient

Subsections 64(1) and consumer’s healthcare recipient’s

(2) (wherever occurring)

Subsection 64(3) consumer-only notes healthcare recipient

only-notes

Subsection 65(1) consumer’s healthcare recipient’s

Subsection 65(2) consumer-only notes healthcare

recipient-only notes

Section 66 (heading) consumer’s healthcare recipient’s

Subsection 66(1) consumer’s healthcare recipient’s

94 Subsection 66(1) consumer healthcare recipient

Subsection 66(2) consumer’s healthcare recipient’s

96 Subsection 66(2) consumer healthcare recipient

Section 67 (heading) consumer healthcare recipient

Section 67 consumer (wherever healthcare recipient

118 Health Legislation Amendment (eHealth) Act 2015 No. 157, 2015

Authorised Version C2015A00157

99

Renaming consumers as healthcare recipients Schedule 3

Further amendments

Item Provision Omit Substitute

occurring)

Section 67 (note) consumer’s healthcare recipient’s

100 Subsection 68(1) consumer’s healthcare recipient’s

101 Subsection 68(2) consumer-only notes healthcare

recipient-only notes

102 Subsections 69(1) and consumer’s healthcare recipient’s

(2)

103 Subsection 69(3) consumer healthcare recipient

104 Subsection 69(3) consumer’s healthcare recipient’s

105 Subsection 69(4) consumer’s healthcare recipient’s

106 Subsection 69(4) consumer healthcare recipient

107 Subsection 69(5) consumer-only notes healthcare

recipient-only notes

108 Subsections 70(1) and consumer’s healthcare recipient’s

(3)

109 Subsection 70(5) consumer-only notes healthcare

recipient-only notes

110 Section 71 consumer’s healthcare recipient’s

(wherever occurring)

111 Subsection 73(1) consumer’s healthcare recipient’s

112 Paragraphs 73(1)(a) and consumer healthcare recipient

(3)(a)

113 Paragraph 73B(1)(b) consumer healthcare recipient

114 Paragraph 74(1)(a) consumer’s healthcare recipient’s

115 Subparagraphs 77(2)(a) consumer healthcare recipient

(i) and (b)(i)

116 Subsection 97(1) consumer (wherever healthcare recipient

occurring)

117 Paragraph 105(6)(h) consumer healthcare recipient

118 Subsection 105(7) consumer (wherever healthcare recipient

occurring)

119 Paragraph 109(3)(d) consumers healthcare recipients

120 Subsection 109(5) consumers healthcare recipients

121 Subsection 109(5) consumer healthcare recipient

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 119

Authorised Version C2015A00157

Schedule 3 Renaming consumers as healthcare recipients

Further amendments

Item Provision Omit Substitute

122 Paragraph 109(6)(b) consumer’s healthcare recipient’s

123 Paragraphs 109(7)(a) and consumer (wherever healthcare recipient

(b) occurring)

120 Health Legislation Amendment (eHealth) Act 2015 No. 157, 2015

Authorised Version C2015A00157

Further consequential amendments Schedule 4

Amendments relating to the Legislation Act 2003 Part 1

Schedule 4—Further consequential amendments

Part 1—Amendments relating to the Legislation Act 2003

Personally Controlled Electronic Health Records Act 2012

1 Subsection 109(9)

Omit “Legislative Instruments Act 2003”, substitute “Legislation Act

2003”.

No. 157, 2015 Health Legislation Amendment (eHealth) Act 2015 121

Authorised Version C2015A00157

Schedule 4 Further consequential amendments

Part 2 Amendments relating to delegations

Part 2—Amendments relating to delegations

Health Insurance Act 1973

2 Subsection 131(1)

Omit “or the Healthcare Identifiers Act 2010”, substitute “or

instruments made under this Act”.

3 Subsection 131(2)

After “this Act”, insert “or an instrument under which the power

exists”.

[Minister’s second reading speech made in—

House of Representatives on 17 September 2015

Senate on 15 October 2015]

(157/15)

122 Health Legislation Amendment (eHealth) Act 2015 No. 157, 2015


立法 修正 (1 文本) 修正 (1 文本)
无可用数据。

WIPO Lex编号 AU520