Email Policy
Email Policy
Introduction
Arkaba Medical Centre considers our obligations under the Privacy Act before we use or disclose any health information. The Privacy Act does not prescribe how a healthcare organisation should communicate health information. Any method of communication may be used if the organisation takes reasonable steps to protect the information transmitted and the privacy of the patient. A failure to take reasonable steps to protect health information may constitute a breach of the Australian Privacy Principles and may result in action taken against the organisation by the Australian Privacy Commissioner. What amounts to reasonable steps will depend on the nature of the information and the potential harm that could be caused by unauthorized access to it.
Our practice reserves the right to check an individual’s email account as a precaution to fraud, viruses, workplace harassment or breaches of confidence by members of the practice team. Inappropriate use of the email facility will be fully investigated and may be grounds for dismissal. Our practice does not email documents to patients except in rare circumstances.
Email configuration
Communication of clinical information to and from healthcare providers are completed from within the practice’s clinical software, wherever possible, using a secure clinical messaging system such as Health link. The use of a practice’s clinical software means that a record of communication is automatically retained in the patient’s medical record. This is not possible when communicating via email.
As such we have the current protective measures in place:
· Computer security measures
· Using 3 identifiers to identify patients
· Notifying patients that the information is not encrypted and that there is a security risk in sending emails to them containing their personal medical information. They can choose to collect a hard copy from our office if they prefer
· A notice on our emails if the email is sent to the wrong address
· Notification to OAIC of any significant data breach
· Protection against spam: Use a spam filtering program.
· Encryption of patient information: Use server to server encryption such as SSL or TLS.
· Staff email use education
General protection
· If any information held in our email accounts that is specific to a patient’s health information will be downloaded as per practice policy. It will be imported into relevant patient file to ensure contents are backed up with the rest of our data.
· We do not provide confidential information by return email no matter how credible the sender’s email seems. Confirmation of the email address is obtained from the intended recipient prior to sending the email.
· Use a spam filtering program.
· Encryption of patient information
· All email communications should be treated as confidential.
· When sending patient information or other confidential data by email, it is best practice to use encryption.
· Be aware that encrypted files are not automatically checked for viruses. They must be saved, decrypted, and then scanned for viruses before being opened.
Protection against the theft of information
There are significant risks if providing confidential information by email: only do so via the internet when the site displays a security lock on the task bar and with an https in the web address.
Do not inform people of your email password.
Be aware of phishing scams requesting logon or personal information (these may be via email or telephone).
Email disclaimer
The practice uses an email disclaimer notice on outgoing emails that are affiliated with the practice stating:
PRIVACY & CONFIDENTIALITY NOTICE
(The information contained in this email is confidential and may be protected by legal/medical professional privilege. If you are not the intended recipient, any use, disclosure, publication or copying of this document and/or its attachment is unauthorised. If you have received this transmission in error notify us immediately by telephone and delete it.)
Email correspondence
Email correspondence sent to our email address is retained as required by the Public Records Act 2002 and other relevant legislation. Email messages may also be monitored by our information technology staff for system troubleshooting and maintenance purpose. Patient email address details will not be added to a mailing list or disclosed to a third party unless required by law.
The content of emails received from patients may be copied into a patient’s file note.