As part of the 2010/11 Federal budget, the Government announced a $466.7 million investment over two years for a national Personally Controlled Electronic Health Record (PCEHR) system for all Australians who choose to register on-line, from 2012-2013. This initiative has the potential to be a revolutionary step for Australian health care, in terms of both consumer's access to their own health information and improvement in information which will be available to health professionals when they treat a patient.

To date, the uptake has been slow. NeHTA scorecard as at 29 October 2013:

  • The total number of people who registered for an eHealth record as at 29 October 2013 was 1,042,966.
  • More than 5,681 healthcare provider organisations have signed onto the eHealth Record system.
  • 8,105 individual doctors, nurses and other healthcare providers throughout Australia has been authorized by their organisations to access the PCEHR system;
  • More than 15.25 million documents have been uploaded into the PCEHR system.

With respect to the number of providers with HPI-Is that have been linked to access the system, it is NeHTA’s understanding that these numbers are linkages via the provider portal and exclude any linkages through local clinical information systems, so the total number of authorized users can be significantly greater.

Aims of PCEHR include:

  • Reduce risks in the health system;
  • Fewer patients will experience adverse events
  • Improve access to health records and thereby reduce medication errors.

Some key concepts are:

  • Individuals are able to choose whether or not to have a  PCEHR and will be able to set their own access controls and may withdraw at any time.
  • The PCEHR will contain clinical documents such as Shared Health Summaries, Discharge Summaries, Event Summaries, Pathology Result Reports, Imaging Reports and Specialist Letters. It may also include key health information entered by the individual such as over-the-counter medicines and allergies and access information from Medicare Australia such as an individual's organ donor status, dispensed medications funded under the PBS, information about healthcare events from an individual's Medicare claiming history and a child's immunisation history. The PCEHR may also contain an individual's advance
  • care directives (if any). The PCEHR is, however, not a comprehensive health record.
  • Healthcare organisations  can  choose  to  participate and will need a healthcare organisation identifier (HPI- O). They must agree to use appropriate authentication mechanisms to access the PCEHR and use software that has been conformance tested to be used with the PCEHR system.
  • Health information within the PCEHR system is protected through a combination of legislation, governance arrangements and security and technology measures, including under the Personally Controlled Electronic Health Records Act 2012 (Cth).

The PCEHR legislation imposes penalties for intentional or reckless unauthorized collection, use and disclosure of health information; Fines up to 120 penalty units for individuals (AUD$20,400); and x 5 penalties for bodies corporate AUD$102,000. One Commonwealth penalty unit is currently AUD$170.

There are a number of medico-legal and privacy issues which arise with the PCEHR. Some of these are summarised below:


  • If a medical practitioner consults with a patient and is negligent in entering information  onto  the  PCEHR, there   are more clinicians relying upon it, so the potential for liability from a negligent assessment of a patient or    negligently   prepared   medical   record increases.
  • Health professionals must be mindful that the PCEHR is not a complete medical record and must continue to be vigilant in continuing to obtain independent information from patients. Information may be excluded from the PCEHR at the request of a patient and missing information is unlikely to be flagged. A consumer request to withhold information or remove information is never flagged unless it is specifically indicated in the record by agreement between the consumer or clinician.
  • If a medical practitioner has relied upon information on the   PCEHR  which  is  incorrect,  then  the  medical practitioner will need to track the author of the original information to join as a cross-defendant.
  • If  a  patient  instructs  a  medical  practitioner  not  to include information on the PCEHR then the medical practitioner may be under a common law obligation to inform the patient the risks and consequences of this.
  • Direct access to a medical record may be denied if providing access would pose a serious threat to the life or  health of any individual. In those cases, the patient is  usually provided access through another medical practitioner. If consumer access requests are dealt with centrally, measures should be implemented to  ensure  that   a  clinical  assessment  is  made  in relation  to  whether  or  not  a  patient's  request  for access or information  could pose a serious threat to the life or health of any  individual. Arguably the clinician should use their professional judgment to not upload such information in the PCEHR.
  • Often a request for access can be an indicator of a potential claim which can be resolved quickly by the clinician by early discussions with the patients. There should be a mechanism so that relevant clinicians are informed if there is a potential claim early.

Privacy issues

There are also a number of privacy issues, including:

  • Obtaining adequate privacy consent from patients;
  • Ensuring that the systems can accurately implement the   consent options of patients, such as limiting access or prohibiting access to the PCEHR to health professionals nominated by patients.
  • Ensuring that only information which is required to provide treatment for the patient is collected.
  • Privacy issues if the system involves a number of system vendors and subcontractors or cloud computing.
  • Uniformity of the usage of medical terms and abbreviations and clear handwriting is preferred to protect data quality.
  • Clear understanding of the information flows and potential for leakage of personal health information to unapproved persons or overseas.
  • Data security issues.
  • Patient and participating health professional identification and verification issues.
  • Education and  training of participating  health professionals.