Go to top of page

External scrutiny

The Agency is accountable to the Australian Government through the Commonwealth Minister for Health and to state and territory health ministers through the COAG Health Council.

It reports quarterly to AHMAC which is responsible for providing strategic and operational support to the COAG Health Council.

The Agency’s operations are also open to scrutiny from the Auditor-General, the courts, administrative tribunals, parliamentary committees, the Commonwealth Ombudsman, the Australian Information Commissioner and the community under the freedom of information regime.

Auditor-General reports

The Auditor-General issued an unqualified audit opinion for the 2019–20 financial statements of the Agency, which is presented in Part 4 of this report. In January 2019, the Auditor-General commenced a performance audit of the effectiveness of the Agency’s implementation of the national expansion of the My Health Record system. This included an examination of whether the system promotes the achievement of its purposes, system risks are appropriately assessed, managed and monitored, and whether monitoring and evaluation arrangements are effective. Its findings were released in November 2019. The ANAO concluded that the implementation was largely effective, and that planning, governance and communication was appropriate. It suggested that the Agency take the lead on supporting the health sector to continue to improve in digital health matters. As such, the Agency is working with Commonwealth entities, state and territory governments, healthcare providers, the technology industry and consumer groups to implement the recommendations of the report through improvements in management of shared privacy risks, enacting maturity of security controls in a phased way and a focus on compliance.

Judicial decisions or administrative reviews

There were no judicial or administrative tribunal decisions impacting on the operations of the Agency.

Parliamentary, Ombudsman, Australian Information Commissioner reports

The Agency appeared before the Senate Estimates (Community Affairs Legislation) Committee to answer questions about Agency operations on 23 October 2019 and 4 March 2020, but no reports on the Agency were released by a parliamentary committee or the Commonwealth Ombudsman.

Every year the Australian Information Commissioner produces a report which touches directly on the work of the Agency as the My Health Record System Operator. The Information Commissioner has a statutory obligation to produce an annual report on digital health compliance and enforcement activity in accordance with Section 106 of the My Health Records Act 2012. That Act contains provisions that protect and restrict the collection, use and disclosure of personal information. The Australian Information Commissioner monitors and enforces compliance with those provisions as the independent regulator of the privacy aspects of the My Health Record system.

Capability reviews

The Australian Public Service Commission oversees a program of external reviews of public sector agencies to assess their ability to meet future objectives and challenges. No capability reviews of the Agency were conducted during the reporting period.

Freedom of information regime

Part 2 of the Freedom of Information Act 1982 (FOI Act) established the Information Publication Scheme (IPS), effective from 1 May 2011. It reflected a shift to a pro-disclosure culture for government, with the expectation that agencies take the lead in anticipating and publishing material for public accessibility, rather than react to ad hoc requests. The scheme compels the Agency to publish certain categories of information online. These include the Agency’s structure, functions and decision-making powers, as well as operational information supporting the exercise of those functions and powers. The Agency is also required to publish a plan detailing the information that will be made available as part of the IPS, and the steps it will take to ensure compliance with IPS obligations.

The Agency has met the regulatory requirements by website publication of the broad range of information required, as well as by preparing a plan explaining how it will administer the IPS. It undertakes to keep the online content accurate, current and complete.

The Agency recognises that public sector information – information that is generated, collected or funded by government – is a valuable national resource that should be available for community access and use.

Consistent with the objects of the FOI Act and the Agency’s commitment to transparency and open government, the Agency favours disclosure in the absence of competing public interest considerations such as the protection of personal information.

During 2019–20 the Agency received 13 requests pursuant to the FOI Act. Information released in response to the FOI Act requests is published in accordance with IPS requirements and accessible in the FOI Disclosure log page on the Agency website, see www.digitalhealth.gov.au.