Email Policy

Patient Electronic Contact Policy and Procedure

Email can be used by a practice to transmit information outside the practice.

Ideally communication should be via secure messaging or encryption but this is
generally not possible when emailing patients.

The practice has an obligation to take reasonable steps to protect the privacy and
security of information it holds including when it is transmitted or disclosed outside
the organisation.

The practice follows the RACGP recommendations to reduce the risk of interception
of data and sending emails to incorrect addresses, including:

  • use of passwords for sensitive information
  • verification of the patient’s email address
  • obtaining patient consent
  • use of secure messaging facilities between practices where available

Our practice has in place an automatic response in place advising that emails will be
responded to within two business days (see attachment below).

The reception team is responsible for monitoring and managing responses to all
emails received.

The practice must:

  • Obtain and document consent from the patient to send an email message.
  • Ensure that email address is recorded in the patient’s record.
  • Limit the personal/private information contained in the email message (do not
    include any without patient’s prior consent).
  • Store the email messages in the patient’s record.

Request for information to be sent via email
If a patient requests information to be sent by email, the practice:

  1. Explains to the patient that email is not a secure form of communication
  2. Seeks the patient’s consent to use email and asks the patient to provide the
    email address they would like the practice to use (in the same way the
    practice asks for a contact phone number)
  3. Sends the patient an email containing the following wording:
    “You have requested that we send your Medical Certificate by email. Email is
    not a secure way to transfer information. There is a risk that on emailing this
    information, the information could be intercepted. This will be outside the
    control of North East Family Medicine, North East Family Medicine take no
    responsibility for a breach of confidentiality if you request the details to be
    sent via email. If you wish the documents to be sent by email, please reply to
    this message stating that you have read and understand this text and give
    your consent for the documentation to be sent via email.”
  4. Upon receiving patient consent in response to the above email, staff must print the email
    to PDF format and upload to patient file.
  5. Once the doctor has verified the release of the information, the staff member can then email the private
    information that was requested to the patient with password protection on the file.

The practice should document the patient consent and maintain a record of
information sent via email to the patient in accordance with the email policy.

The practice advises patients on our website and verbally not to send clinical
information via email.

An automatic reply message is set up and says the following (also see attachment

“Thank you for your email. If you are experiencing an emergency, please dial 000
immediately. We aim to reply to all emails within 2 business days.
Please do not send clinical requests about medical information particularly those that
are time critical as we can not respond to them in this way.
We encourage patients to phone the practice or make an appointment to discuss
clinical issues.”

The reception staff are responsible for monitoring incoming email from the website