Two access settings are available for people to control access to their eHealth record.

When a person’s eHealth record is first created, default access settings will automatically apply to it. This means that all healthcare providers involved in the person’s care will be able to access the person’s entire eHealth record in relation to that care.

At any time a person can choose to apply further access controls to their record. These will allow a person to control who can view their eHealth record as a whole, and who can view certain documents within their eHealth record. These settings apply at a healthcare provider organisation level, not to individual healthcare providers. If a person applies stricter access controls to their eHealth record than the default setting, these will only be overridden in the case of a medical emergency.

A person can also choose to remove clinical documents from their eHealth record.

Certain information entered by the person is not accessible by healthcare provider organisations under any circumstances.

The eHealth record system allows people to monitor access to their eHealth record in two ways.

  • A person can elect to be notified by email or short message service (SMS) to their phone when certain activities occur in their eHealth record.
  • An audit log available to people with a PCEHR, via the system, contains information about their eHealth record access including the date and time the record was accessed/edited, the organisation that accessed/edited the record and the role of the individual who took that action, whether the record was accessed because of an emergency and details of the action(s) that occurred – for example if a clinical document was created or deleted, or the person’s contact details amended.