Health Check Family Medical Practice Email Policy
This email policy is to provide information on how we manage our privacy and security via email communications.
General practices are increasingly receiving requests from patients, other clinicians and third parties for health information to be sent to them electronically because it is an easily accessible method of communicating. The Australian Privacy Principles published by the Office of the Australian Information Commissioner state that: “Health information is regarded as one of the most sensitive types of personal information.
For this reason, the Privacy Act 1988 (Privacy Act) provides extra protections around its handling”. http://www.oaic.gov.au/privacy/privacy-act/health-and-medical-research The Privacy Act defines health information as:
- information or an opinion about:
- the health or a disability (at any time) of an individual; or
- an individual’s expressed wishes about the future provision of health services to him or her; or
- a health service provided, or to be provided, to an individual; that is also personal information; or
- other personal information collected to provide, or in providing, a health service; or
- other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances; or
- genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual.
As all health information is sensitive by nature, all communication of health information, including via electronic means, must adequately protect the patient’s privacy. Our practice takes reasonable steps to make our communication of health information adequately safe and secure. GPs, health providers and patients should be aware of the risks associated with using email in the healthcare environment.
Our practice considers our obligations under the Privacy Act before we use or disclose any health information. The Privacy Act does not prescribe how a healthcare organization should communicate health information. Any method of communication may be used as long as the organization takes reasonable steps to protect the information transmitted and the privacy of the patient. A failure to take reasonable steps to protect health information may constitute a breach of the Australian Privacy Principles and may result in action taken against the organization by the Australian Privacy Commissioner. What amounts to reasonable steps will depend on the nature of the information and the potential harm that could be caused by unauthorized access to it. The RACGP has developed a matrix is to assist practices in determining the level of security required in order to use email in general practice for communication.
Our practice reserves the right to check an individual’s email accounts as a precaution to fraud, viruses, workplace harassment or breaches of confidence by members of the practice team. Inappropriate use of the email facility will be fully investigated and may be grounds for dismissal.
Protection against spam: Use a spam filtering program.
Email use: education
- If any information held in our email accounts are relied on, you will download and follow download procedure as per practice policy. You will import into relevant patient file to ensure contents are backed up with the rest of our data.
- Do not download or open any email attachments where the sender is not known to you.
- Email use that breaches ethical behaviours and/or violates copyright is prohibited.
- Do not send or forward unsolicited email messages, including the sending of ‘junk mail’ or other advertising material (email spam).
- Do not use email for broadcast messages on personal, political or non-business matters.
Protection against spam
- Do not reply to spam mail.
- Never try to unsubscribe from spam sites.
- Remain vigilant: do not provide confidential information to an email (especially by return email) no matter how credible the sender’s email seems (e.g. apparent emails from your bank).
- Use a spam filtering program.
All email communications should be treated as confidential.
Protection against the theft of information
- There are significant risks if providing confidential information by email: only do so via the internet when the site displays a security lock on the task bar and with an https in the web address.
- Do not inform people of your email password.
- Be aware of phishing scams requesting logon or personal information (these may be via email or telephone).
The practice uses an email disclaimer notice on outgoing emails that are affiliated with the practice stating:
1 – IN CASE OF AN EMERGENCY – Email communication is not suitable in an emergency. If this is an emergency, please contact 000.
2 – RESPONSE TIMES – This email is only monitored on an ad-hoc basis and may not be checked for up to 48 hours. Please consider this time factor when expecting a reply. If your request is urgent, please call us on (02) 9824 1588.
3 — CONFIDENTIALITY NOTICE – The information transmitted in this message and its attachments (if any) is intended only for the person or entity to which it is addressed. The message may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information, by persons or entities other than the intended recipient is prohibited. If you have received this in error, please contact the sender and delete this e-mail and associated material from any computer. The intended recipient of this e-mail may only use, reproduce, disclose or distribute the informationcontained in this e-mail and any attached files, with the permission of the sender.
Email correspondence sent to our website/email address are retained as required by the Public Records Act 2002 and other relevant legislation. Email messages may also be monitored by our information technology staff for system trouble-shooting and maintenance purpose. Your email address details will not be added to a mailing list (unless you so request) or disclosed to a third party unless required by law.
Policy review statement