My Health Record represents Australia’s most significant national digital health infrastructure. As AI becomes more common in clinical settings, questions arise about how AI systems can—and should—interact with MHR data.

This is important territory that isn’t well understood. Let me share what I know about the current state and emerging approaches.

The Opportunity

My Health Record contains longitudinal health information across care settings. For individual patients, this might include:

• Discharge summaries from hospitals
• Specialist letters
• Pathology results
• Diagnostic imaging reports
• Medication records
• Immunisation histories
• Advance care planning documents

This longitudinal record creates opportunities for AI:

Comprehensive clinical context. AI decision support that draws on full patient history, not just information from the current provider.

Care coordination. AI identification of gaps, duplications, or conflicts across providers.

Risk prediction. AI analysis of longitudinal patterns to predict health risks.

Medication reconciliation. AI comparison of MHR medication records with current prescriptions to identify discrepancies.

Current Technical Pathways

The Australian Digital Health Agency has established pathways for system integration with My Health Record. Clinical AI systems can access MHR data through:

Conformant software. Software that meets ADHA’s conformance requirements can access MHR data within clinical workflows. Many EMR systems have this capability.

API access. The ADHA provides APIs for authorised access to MHR data, though direct API access for AI purposes requires careful navigation.

For AI applications, the typical approach is:

1. AI operates within a conformant clinical system
2. The clinical system accesses MHR data as part of normal functionality
3. AI analyses MHR data as part of its clinical decision support
4. Results are presented to clinicians within the clinical system

Direct AI system access to MHR (AI querying MHR independently) isn’t the standard model and would face additional scrutiny.

Consent and Privacy Considerations

MHR data access is governed by strict consent and privacy frameworks:

Patient consent. Patients consent to MHR participation (with opt-out provisions). This consent covers access by healthcare providers for clinical purposes.

Provider authorisation. Healthcare providers accessing MHR must be authorised and acting within their clinical relationship with the patient.

Access controls. Patients can set access controls limiting which providers can see their information.

For AI, additional considerations apply:

Primary purpose. AI use of MHR data for direct clinical care (supporting the treating clinician) aligns with primary purpose. Secondary uses (research, quality improvement, AI training) face different requirements.

Audit trails. MHR access is auditable. Patients can see who has accessed their records. AI-initiated access must be traceable and explainable.

Data minimisation. AI systems should access only the MHR data necessary for their clinical function, not blanket record retrieval.

Governance Requirements

Organisations implementing AI that accesses MHR data need governance frameworks addressing:

Clinical purpose validation. Why does this AI need MHR access? Is it essential for the clinical function?

Privacy impact assessment. What are the privacy implications? How is patient data protected?

Consent management. How is patient consent for AI involvement handled? Are patients informed when AI accesses their MHR data?

Access control alignment. How does AI respect patient-set access controls?

Audit compliance. Are AI accesses properly logged and auditable?

Secondary use controls. If AI retains or analyses MHR data beyond immediate clinical use, what additional controls apply?

The ADHA is developing further guidance on AI and My Health Record, but implementation details remain with individual organisations.

Practical Implementation Considerations

For healthcare organisations considering AI with MHR integration:

Work through your conformant software. Don’t try to build direct AI connections to MHR. Use your existing EMR’s MHR integration and add AI within that context.

Engage with ADHA early. Novel AI applications involving MHR should be discussed with ADHA. They can provide guidance and may have resources to support compliant implementation.

Prioritise transparency. Patients should understand when AI is accessing their MHR data. Build disclosure into consent processes.

Start simple. Begin with AI applications that use MHR data in straightforward ways (surfacing relevant history, flagging medication interactions) before attempting complex analytics.

Document everything. Clinical governance documentation should clearly describe how AI interacts with MHR, what data is accessed, and why.

What’s Coming

I expect this area to evolve significantly:

Clearer ADHA guidance. More specific guidance on AI use cases and MHR data is likely as the technology matures.

Enhanced API capabilities. ADHA is expanding API functionality. Future APIs may better support AI integration patterns.

Consent framework evolution. As AI becomes more common, consent frameworks will need to address AI specifically, not just rely on existing broad consent.

National AI standards. National standards for clinical AI will likely address MHR integration requirements.

Cautions

Some cautions about AI and MHR:

Don’t assume MHR data is complete. MHR doesn’t contain all health information. AI relying on MHR needs to account for missing data.

Don’t assume MHR data is current. There can be delays between clinical events and MHR upload. AI using MHR for time-sensitive decisions needs to understand currency limitations.

Don’t use MHR data for AI training without appropriate approvals. Using MHR data to train AI models is a secondary use requiring ethics approval and potentially specific consent.

Don’t ignore patient access controls. Some patients restrict MHR access. AI systems need to respect these restrictions.

My Health Record creates genuine opportunities for AI to improve care through better information access. Realising these opportunities requires careful attention to the governance and consent frameworks that protect patients.

---

Dr. Rebecca Liu is a health informatics specialist and former Chief Clinical Information Officer. She advises healthcare organisations on clinical AI strategy and implementation.