Patient Electronic Contact Policy and Procedure
Email can be used by a practice to transmit information outside the practice.
Ideally communication should be via secure messaging or encryption but this is
generally not possible when emailing patients.
The practice has an obligation to take reasonable steps to protect the privacy and
security of information it holds including when it is transmitted or disclosed outside
the organisation.
The practice follows the RACGP recommendations to reduce the risk of interception
of data and sending emails to incorrect addresses, including:
- use of passwords for sensitive information
- verification of the patient’s email address
- obtaining patient consent
- use of secure messaging facilities between practices where available
Our practice has in place an automatic response in place advising that emails will be
responded to within two business days (see attachment below).
The reception team is responsible for monitoring and managing responses to all
emails received.
The practice must:
- Obtain and document consent from the patient to send an email message.
- Ensure that email address is recorded in the patient’s record.
- Limit the personal/private information contained in the email message (do not
include any without patient’s prior consent). - Store the email messages in the patient’s record.
Request for information to be sent via email
If a patient requests information to be sent by email, the practice:
- Explains to the patient that email is not a secure form of communication
- Seeks the patient’s consent to use email and asks the patient to provide the
email address they would like the practice to use (in the same way the
practice asks for a contact phone number) - Sends the patient an email containing the following wording:
“You have requested that we send your Medical Certificate by email. Email is
not a secure way to transfer information. There is a risk that on emailing this
information, the information could be intercepted. This will be outside the
control of North East Family Medicine, North East Family Medicine take no
responsibility for a breach of confidentiality if you request the details to be
sent via email. If you wish the documents to be sent by email, please reply to
this message stating that you have read and understand this text and give
your consent for the documentation to be sent via email.” - Upon receiving patient consent in response to the above email, staff must print the email
to PDF format and upload to patient file. - Once the doctor has verified the release of the information, the staff member can then email the private
information that was requested to the patient with password protection on the file.
The practice should document the patient consent and maintain a record of
information sent via email to the patient in accordance with the email policy.
The practice advises patients on our website and verbally not to send clinical
information via email.
An automatic reply message is set up and says the following (also see attachment
below):
“Thank you for your email. If you are experiencing an emergency, please dial 000
immediately. We aim to reply to all emails within 2 business days.
Please do not send clinical requests about medical information particularly those that
are time critical as we can not respond to them in this way.
We encourage patients to phone the practice or make an appointment to discuss
clinical issues.”
The reception staff are responsible for monitoring incoming email from the website
link.