Ninety-nine data breaches occurred in the controversial My Health Record system in six years, but the agency responsible for its implementation insists that there has never been a "security or privacy" violation.
Health Minister Greg Hunt also defended the digital records, which will be created for all Australians starting this Thursday, unless people deactivate it.
A spokeswoman for the minister said: "A security breach of the system has never been reported."
The scope of the infractions to hit the My Health Registry has been revealed by the Office of the Australian Information Commissioner, who is notified under the mandatory notification laws when a data breach occurs.
11 data breaches occurred in just 11 weeks between July and September 13 of this year, according to the presentation of the OAIC to a recent Senate investigation of my health record.
There were another 88 cases between July 2012 and June of this year, including at least eight cases in which an unauthorized third party had access to the records.
Another case included a MyGov mix where several individuals were linked to the wrong record.
Other cases included charging Medicare data in the wrong account because the individuals had similar demographic information, while other cases involved people who had incorrect data loaded because the scammers made Medicare claims on their behalf.
Mr. Hunt's office said that the Australian Digital Health Agency "had no evidence that any of these issues led to unauthorized access to the medical information of any individual."
An ADHA spokesman told News Corp that the 11 most recent infractions were administrative processing errors when inaccurate or inaccurate data was loaded into the system, which occurred in six cases, or allegedly fraudulent Medicare claims cases.
"These are not violations of the privacy or security of the system," he said.
"In six years of operation, a security breach or system privacy has never been reported."
When asked about the eight cases in which unauthorized third parties had access to My Health Records, the spokesman said: "The term & # 39; violation of privacy & # 39; is not defined in the legislation."
"The Australian Digital Health Agency notifies the OAIC in all cases where there may be a 'reportable data breach', which is a definite term."
Labor & # 39; s Health spokeswoman Catherine King said the confusion surrounding these data breaches would only increase the public's concerns about My Health Record.
"Minister Hunt says there have been no violations, but the Office of the Information Commissioner of Australia seems to be saying something different," he told News Corp.
"The minister should publicly explain this discrepancy and stop hiding behind ridiculous technicalities."
Ms. King again requested a review of My Health Record's privacy provisions "so that persistent privacy concerns like these can be addressed appropriately."
But he welcomed the health minister's announcement last week that the government would make additional changes to health records, including increased penalties for improper use of a My Health record from two years to five years. jail and more than double the fines for individuals $ 315,000.
It will also include stronger protections against the misuse of records in situations of domestic violence and to prohibit employers from accessing records of potential employees.
The Australians will have a record of my health created for them as of Thursday of this week, unless they choose not to participate, but the government intends to introduce changes in legislation so that people can permanently delete their registration or just parts of your record at any time in your lives.
Cybersecurity expert Nigel Phair of the University of New South Wales said it was unlikely that the My Health Record database would be hacked, but he predicted that data breaches would occur over compliance and governance. system, including doctors who could see the records that they should not For personal interest.
"More people are watching it, it's a numbers game, there will be more violations," he said.
"Some of them will only be administrative oversights and others may have a criminal basis."
He said that a breach was still a breach, even if it did not occur through piracy.