The ADHA said in a statement that, based on the number eligible for Medicare — 25,459,544 — about 90.1% had opted to have records in the system which has been dogged by controversy. This means 2,520,494 people have opted out.
The ADHA said even though the opt-out deadline for the system had passed on 31 January, people could still cancel and have their records permanently deleted in the future if they decided to do so.
Similarly, individuals who had opted out already could decide to have records created, it said.
Commenting on the statistics released by ADHA, security firm WatchGuard Technologies ANZ country manager Mark Sinclair said: “Healthcare is an attractive target for cyber criminals as we saw in Singapore last year when the personal data of 1.5 million healthcare patients was compromised.
"However, opting out of the My Health Record has been a personal decision and presented a great opportunity to remind Australians that good security is often way more about sustained behaviours rather than any one decision.
"It’s about patching regularly, not sending payments based only on texts or emails, performing backup, using password managers, using free two-factor authentication whenever available and investing in security hardware or software, no matter what platform you use.
"One would hope that Federal government agencies have security policies in place, but My Health Record is now a timely reminder to us all to think about the security of our own individual digital identity.”
The My Health Record system has been described as a disaster waiting to happen by a number of security experts.
Santosh Devraj, the chief executive of Secure Logic, a provider of cyber security services to the government, told iTWire last year that there were serious concerns about the security and privacy principles which the platform relied upon, as hundreds of thousands of medical practitioners would have access to the data.
And this would be with "limited access controls, including underage patients. This creates potential entry points for hackers which are subject to little-to-no security oversight", he said.
And earlier in 2018, Paul Shetler, a former head of the Digital Transformation Agency, said the My Health Record system could well end up as one of the many Australian Government tech wrecks.
He said the UK Government had built a similar system called care.data and it had failed.
"When it was introduced, it was introduced as an opt-out system. People there didn't particularly like it, they had concerns about the privacy of their data and ultimately it had to be stopped. And the government did stop it, it's not in production," he said.
The ADHA statement said: "There are strict rules and regulations about who can see and use your My Health Record to protect your information from misuse.
"My Health Record has multi-layered and strong safeguards in place to protect your information including encryption, firewalls, secure login, authentication mechanisms and audit logging."