The legal View
“One thing is clear: the law is not able to physically protect your private information. It can only respond to breaches that have already occurred. Allowing your private information to exist outside of your direct personal control then becomes a question of risk versus benefit.” 
This shortcoming in Australian law is compounded because you cannot take legal action for yourself even after a breach: there is still no way to sue here (despite five law reform reports over 30 years recommending a fix). This lack of protection for anyone harmed undermines the potential preventive benefits of the fear of legal consequences by those planning to expose you to risk, since it is well known by Australian governments and industry.
Ownership of your health record
“Your health record is not your property in Australia. Legally, it is your doctor’s record, not yours.” The Productivity Commissioner proposes that this be altered to form a joint record.
This means that, whatever the government may say about it being “your” data, it isn’t.