Skip to main content

Improving accessibility of the Australian My Health Records while preserving privacy and security of the system


Australian My Health Record (MyHR) is a significant development in empowering patients, allowing them to access their summarised health information themselves and to share the information with all health care providers involved in their care. Consequently, the MyHR system must enable efficient availability of meaningful, accurate, and complete data to assist an improved clinical administration of a patient. However, while enabling this, protecting data privacy and ensuring security in the MyHR system has become a major concern because of its consequences in promoting high standards of patient care. In this paper, we review and address the impact of data security and privacy on the use of the MyHR system and its associated issues. We determine and analyse where privacy becomes an issue of using the MyHR system. Finally, we also present an appropriate method to protect the security and privacy of the MyHR system in Australia.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2


  1. Zhou N. My Health Record: privacy, cybersecurity and the hacking risk. The Guardian. 2018. Accessed 12 May 2019.

  2. Bosch M, et al. Review article: Effectiveness of patient care teams and the role of clinical expertise and coordination: a literature review. Med Care Res Rev. 2009;66(6 Suppl.):5S–35S.

    Article  Google Scholar 

  3. Kannampallil TG, et al. Considering complexity in healthcare systems. J Biomed Inform. 2011;44(6):943–7.

    Article  Google Scholar 

  4. Malin B, Nyemba S, Paulett J. Learning relational policies from electronic health record access logs. J Biomed Inform. 2011;44(2):333–42.

    Article  Google Scholar 

  5. Wang H, Sun L, Bertino E. Building access control policy model for privacy preserving and testing policy conflicting problems. J Comput Syst Sci. 2014;80(8):1493–503.

    Article  MathSciNet  Google Scholar 

  6. Cheng K, et al. Secure k-nn query on encrypted cloud data with multiple keys. IEEE Trans Big Data. 2017.

    Article  Google Scholar 

  7. Lohr H, Sadeghi A-R, Winandy M. Securing the e-health cloud. In: Proceedings of the 1st ACM international health informatics symposium, IHI’10. New York: ACM. 2010. p. 220–9.

  8. Ma J, et al. Supervised anomaly detection in uncertain pseudoperiodic data streams. ACM Trans Internet Technol (TOIT). 2016;16(1):1–20.

    Article  Google Scholar 

  9. Zhang J, et al. On efficient and robust anonymization for privacy protection on massive streaming categorical information. IEEE Trans Depend Secure Comput. 2015;14(5):507–20.

    Article  Google Scholar 

  10. Yu W, Chekhanovskiy M. An electronic health record content protection system using smartcard and PMR. In: 2007 9th international conference on e-Health networking, application and services. 2007. p. 11–18.

  11. Zhang F, et al. Decision-based evasion attacks on tree ensemble classifiers. World Wide Web. 2020;23(5):2957–77.

    Article  Google Scholar 

  12. Rasool RU, et al. Cyberpulse: a machine learning based link flooding attack mitigation system for software defined networks. IEEE Access. 2019;7:34885–99.

    Article  Google Scholar 

  13. Hu H, et al. Combined gene selection methods for microarray data analysis. In: International conference on knowledge-based and intelligent information and engineering systems. 2006. p. 976–83.

  14. Kabir M, Wang H. Conditional purpose based access control model for privacy protection. In: Proceedings of the 12th Australasian conference on Australasian Database, vol. 92. 2009. p. 135–142.

  15. Williams J. Social networking applications in health care: threats to the privacy and security of health information. In: Proceedings of the 2010 ICSE workshop on software engineering in health care. 2010. p. 39–49.

  16. Sun X, et al. Injecting purpose and trust into data anonymization. Comput Security. 2011;30(5):332–45.

    Article  Google Scholar 

  17. Khalil F, Wang H, Li J. Integrating markov model with clustering for predicting web page accesses. In: Proceeding of the 13th Australasian world wide web conference. 2007. p. 63–74.

  18. Wang H, Yi X, Bertino E, Sun L. Protecting outsourced data in cloud computing through access management. Concurr Comput Pract Experience. 2016;28(3):600–15.

    Article  Google Scholar 

  19. Vimalachandran P, et al. The Australian PCEHR System: ensuring privacy and security through an improved access control mechanism. EAI Endorsed Trans Scalable Inf Syst. 2016;3(8):e4.

    Google Scholar 

  20. Li M, Sun X, Wang H, Zhang Y, Zhang J. Privacy-aware access control with trust management in web service. World Wide Web. 2011;14(4):407–30.

    Article  Google Scholar 

  21. New London Consulting. Australia: how privacy considerations drive patient decisions and impact patient care outcomes. Fair Warning. Australian Patient Survey. 2012.

  22. Zhang J, Tao X, Wang H. Outlier detection from large distributed databases. World Wide Web. 2014;17(4):539–68.

    Article  Google Scholar 

  23. Ahmet EFE, Calik E. Holistic security architecture for effective management of healthcare cyber threats. Int J Health Manag Strateg Res. 2018;4(2):150–67.

    Google Scholar 

  24. Hartwig RP. Cyber risks: the growing threat. Glob Risks. 2014;9:5–14.

    Google Scholar 

  25. Wang H, Zhang Z, Taleb T. Special issue on security and privacy of IoT. World Wide Web. 2018;21(1):1–6.

    Article  Google Scholar 

  26. Peng M, et al. Personalized app recommendation based on app permissions. World Wide Web. 2018;21(1):89–104.

    Article  Google Scholar 

  27. Omotosho A, Emuoyibofarhe J. A criticism of the current security, privacy and accountability issues in electronic health records. IJAIS. 2014;7(8):11–8.

    Article  Google Scholar 

  28. Sun X, Wang H, Li J, Pei J. Publishing anonymous survey rating data. Data Min Knowl Discov. 2011;23(3):379–406.

    Article  MathSciNet  Google Scholar 

  29. Sellars C, Easey DA. Electronic health records: data protection issues in Europe. BNA International, BNA‘s World Data Protection Report, April 2008.

  30. Appari A, Johnson M. Information security and privacy in healthcare: current state of research. Int J Internet Enterprise Manag. 2010;6(4):279.

    Article  Google Scholar 

  31. Yi X, Zhang Y. Privacy-preserving distributed association rule mining via semi-trusted mixer. Data Knowl Eng. 2007;63(2):550–67.

    Article  MathSciNet  Google Scholar 

  32. Åhlfeldt RM, Söderström E. Patient safety and patient privacy in information security from the patient’s view: a case study19. Inf Security Distrib Healthc. 2010;6(4):71–85.

    Google Scholar 

  33. Shen Y, et al. Microthings: a generic IoT architecture for flexible data aggregation and scalable service cooperation. IEEE Commun Mag. 2017;55(9):86–93.

    Article  Google Scholar 

  34. Salkind NJ, Kristin R. Encyclopedia of measurement and statistics. 1st ed. Thousand Oaks, CA: SAGE; 2007. p. 5.

    Book  Google Scholar 

  35. Sun X, et al. An efficient hash-based algorithm for minimal k-anonymity. In: Proceedings of the 31st Australasian conference on Computer science, vol. 74 (ACSC ‘08). 2008. p. 101–107.

  36. National Institute of Standards and Technology. Performance measurement guide for information security. NIST Special Publication. Gaithersburg: NIST; 2012

  37. Vimalachandran P, Zhang Y, Cao J, Sun L, Yong J (2018) Preserving data privacy and security in australian my health record system: a quality health care implication. In Web information systems engineering—WISE 2018. Lecture notes in computer science, vol. 11234. p. 111–120.

  38. Wang H, Cao J, Zhang Y. Ticket-based service access scheme for mobile users. Aust Comput Sci Commun. 2002;24(1):285–92.

    Google Scholar 

  39. Wang H, Cao J, Zhang Y. A flexible payment scheme and its role-based access control. IEEE Trans Knowl Data Eng. 2005;17(3):425–36.

    Article  Google Scholar 

  40. Bosch M, et al. Review article: Effectiveness of patient care teams and the role of clinical expertise and coordination: a literature review. Med Care Res Rev. 2009;66(6 Suppl):5S–35S.

    Article  Google Scholar 

  41. Kannampallil TG, et al. Considering complexity in health care systems. J Biomed Informatics. 2011;44(6):943–7.

    Article  Google Scholar 

  42. Malin B, Nyemba S, Paulett J. Learning relational policies from electronic health record access logs. J Biomed Informatics. 2011;44(2):333–42.

    Article  Google Scholar 

  43. Wang K, et al. Medications and prescribing patterns as factors associated with hospitalizations from long-term care facilities: a systematic review. Drugs Aging. 2018;35(5):423–57.

    Article  Google Scholar 

  44. Kemp K, Arnold BB, Vaile D. My Health Record: the case for opting out. The conversation [Online]. 2018.

  45. Australian Privacy Foundation. MEDIA RELEASE: ‘Open Data’: too much sharing, too little care? Who’s reading your health information now? [Online]. 2018.

  46. Vimalachandran P, Wang H, Zhang Y. Securing electronic medical record and electronic health record systems through an improved access control. In 4th international health information science conference (HIS), Melbourne, vol. 9085. New York: Springer; 2015. p. 17–30.

  47. Wang H, Wang Y, Taleb T, Jiang X. Special issue on security and privacy in network computing. World Wide Web. 2020;23(2):951–7.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Hong Liu.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Vimalachandran, P., Liu, H., Lin, Y. et al. Improving accessibility of the Australian My Health Records while preserving privacy and security of the system. Health Inf Sci Syst 8, 31 (2020).

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI:


  • Data security
  • Health care
  • EHR
  • EMR
  • MyHR