Data breaches of Australia’s health records drop 50% after passkey adoption: OAIC

The number of data breaches in the Australian national electronic health record system has declined by half over the last year, according to an annual report on digital health published by the country’s privacy regulator. The system, which contains information such as patient reports, prescriptions and hospital stays, is linked to the myGov public services app which integrated biometric passkey security to prevent widespread identity scams.

The Office of the Australian Information Commissioner (OAIC) received 18 data breach notifications related to the My Health Record system during the 2024-2025 reporting period, compared to 39 reported last year, the agency announced on Monday.

Aside from the My Health Record system, the Australian government administers another key digital health system called the Healthcare Identifiers Service (HI Service), which assigns unique identifiers to individuals, healthcare providers and healthcare provider organizations. Both systems are overseen by the Information Commissioner, who ensures the privacy of sensitive healthcare data.

According to its annual report, the OAIC received just three privacy complaints related to the My Health Record system, compared with 15 in the previous year. No privacy complaints were filed related to the HI Service.

The Information Commissioner also assessed the Australian Digital Health Agency’s myhealth mobile app, recommending greater clarity around overseas disclosure of personal information. The app allows users with a myGov account linked to My Health Record to access health information, prescriptions and health service bookings.

In December last year, the country started piloting the myGov and Services Australia’s Trust Exchange (TEx) proof-of-concept for visits to the doctor’s office. The pilot allowed Australians to perform identity verification and share their credentials without handing over physical ID documents or sharing unnecessary data. A similar trial allowing users to verify their identities at the bank by showing their Medicare card in the myGov app was launched one month later.

Australia has been working on shaping its digital systems and critical infrastructure, such as digital identity. In 2023, the country passed its Digital ID Bill, which will govern its planned national ID system.

Critics, however, say that digital service delivery remains disconnected, resulting in patchwork progress and strategic gaps.

Article Topics

Australia  |  biometrics  |  digital ID  |  healthcare  |  identity verification  |  myGov (Australia)  |  Office of the Information Commissioner (OAIC)  |  passkeys  |  patient identification