exora exora
Product
How It Works Features Technology Supported Documents Pricing
Company
About Exora Our Mission Careers Contact
Resources
Blog FAQ Guides Community Changelog
Security
Sign In Get Started

Language and Region

English 6
Australia Australia New Zealand New Zealand United Kingdom United Kingdom Ireland Ireland Canada Canada United States United States
Espanol 19
Espana Espana Mexico Mexico Argentina Argentina Colombia Colombia Chile Chile Peru Peru Venezuela Venezuela Ecuador Ecuador Guatemala Guatemala Cuba Cuba Bolivia Bolivia Republica Dominicana Republica Dominicana Honduras Honduras Paraguay Paraguay El Salvador El Salvador Nicaragua Nicaragua Costa Rica Costa Rica Panama Panama Uruguay Uruguay
Francais 2
France France Canada Canada
Portugues 2
Brasil Brasil Portugal Portugal
Currently: English (United States)

25 March 2026 - Xavier Flanagan, Founder

Your health data rights in Australia

Most Australians do not know they have a legal right to access their health records. Not just the summary your GP prints out, or the results your pathology lab posts online. All of it. Every note, every test, every referral letter, every imaging report held by any healthcare provider who has treated you.

That right exists today, in law, and it has existed for decades. But knowing you have the right and actually being able to exercise it are two very different things.

What the law says

The Australian Privacy Act 1988 and the 13 Australian Privacy Principles (APPs) govern how organisations handle your personal information. Health information is classified as sensitive information under the Act, which means it receives additional protections.

APP 12 - Access: You have the right to access any personal information an organisation holds about you. This includes health information held by your GP, specialists, hospitals, pathology labs, imaging centres, allied health providers, and pharmacies. They must give you access within 30 days of your request.

APP 13 - Correction: If you believe information held about you is inaccurate, incomplete, or out of date, you have the right to request a correction. The organisation must respond within 30 days.

There are limited exceptions - for example, a provider may refuse access if they believe it would pose a serious threat to someone’s health or safety - but in practice, most requests are straightforward.

How to request your records

The process is simpler than most people expect:

  1. Identify your providers. Make a list of every doctor, hospital, specialist, pathology lab, and allied health provider you have visited. Go back as far as you can remember.
  2. Contact each provider. A phone call or email is usually enough. Ask for a copy of your complete medical records. Some providers have a form; others will accept a written request.
  3. Specify the format. Ask for electronic copies (PDF) where possible. Some providers will only offer paper copies, which you can scan or photograph.
  4. Be prepared for fees. Providers can charge a reasonable fee for providing access, usually to cover photocopying or administrative costs. They cannot charge an excessive amount, and they cannot refuse access because you do not want to pay.
  5. Follow up. Providers must respond within 30 days. If they do not, remind them of their obligations under the Privacy Act.

It takes effort, but it is your legal right. Every Australian has it.

The practical problem

Here is the challenge: even when you successfully gather your records, what you end up with is a pile of PDFs. Discharge summaries written in clinical shorthand. Pathology reports with reference ranges you cannot interpret. Specialist letters addressed to your GP using terminology that assumes medical training to understand.

You have the data. But you do not have understanding.

Your medication list from one hospital might use brand names while another uses generics. Your lab results from different pathology providers use different formats. Your condition might be described as “T2DM” in one document and “Type 2 Diabetes Mellitus” in another. Without clinical knowledge, connecting the dots across these records is genuinely difficult.

The right to access your records is necessary but not sufficient. What patients need is the ability to understand and use their health information.

Where exora fits

This is the problem exora was built to solve. Once you have your records - exercising the rights the Privacy Act already gives you - exora turns those scattered documents into a unified, searchable health record you can actually understand.

Upload your PDFs and scanned documents. The AI pipeline reads them with clinical understanding, extracts the health information, structures it with international medical codes, and presents it in plain language. Every fact links back to the exact location in the original document, so you can always verify what the AI found.

Your medication list, unified across all providers. Your lab results, trended over time regardless of which lab ran them. Your conditions, your procedures, your immunisations - all in one place, all searchable, all yours.

My Health Record

Australia’s My Health Record system is a government initiative that creates a shared electronic health record for every Australian (unless they opted out). It is a step in the right direction, but it has real limitations.

My Health Record depends on healthcare providers uploading information to it. Many do not, or do so inconsistently. It contains summaries rather than full clinical detail. It does not include records from before the system was established. And it does not cover every type of health interaction - private specialist consultations, allied health visits, and records from providers who have not connected to the system are typically absent.

exora complements My Health Record rather than replacing it. Where My Health Record shows what providers have chosen to upload, exora processes whatever documents you have, regardless of their source or format. You can include records that predate My Health Record, documents from providers who do not participate in the system, and international health records. The two work together: My Health Record as the government layer, exora as your personal, comprehensive layer.

Your rights, summarised

  • Access: You can request a copy of your health records from any provider. They must respond within 30 days.
  • Correction: If information held about you is wrong, you can request it be corrected.
  • Complaint: If a provider refuses to give you access without a valid reason, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
  • Control: You decide who sees your health information. Sharing is always your choice.
  • Deletion: You can request deletion of your data from services you use, including exora, at any time.

The first step

Knowing your rights is the starting point. Exercising them is the next step. And turning the result into something you can actually use - that is where the real value lies.

Request your records. It is your legal right. And when you have them, exora is here to help you make sense of them - turning a pile of PDFs into a health record you own, understand, and control.

Back to blog