Concept of Operations: Relating to the introduction of a Personally Controlled Electronic Health Record System
5.5.1 The access listAt the core of access control to an individual’s PCEHR is the ‘access list’. The access list provides a set of organisations that are permitted to access an individual’s PCEHR 24.
Through the exercise of access controls, the individual can control how an organisation is added (or removed) from the list.
Individuals will be able to see the access list and update it at any time via a number of channels (including the consumer portal, shop front services, etc).
In general, organisations will remain on the access list for a period of 3 years from the last time they accessed an individual’s PCEHR. After 3 years of inactivity the PCEHR System will automatically remove the organisation from the access list and the organisation will need to re-obtain access based on the individual’s access control settings.