GP EAST EMAIL POLICY
At GpEast we are aware that Email is one of the most prevalent and convenient forms of communication. We often receive requests from patients, other clinicians and third parties to send health information via email. General practices must ensure their communication of health information is safe and secure. The use of unencrypted and unsecured email can create risks to the privacy and security of personal and sensitive health information.
We will send Emails to patients to communicate healthcare information but it is important that patients understand the risks.
Risks of using email to send
All forms of written communication involve an element of risk that information could be read by someone other than the intended recipient. The risks of using unsecured or
unencrypted email include:
• emails can easily be sent to the wrong recipient
• email is often accessed on portable devices, such as
smart phones, tablets and laptops, which are easily lost or stolen
• emails can be forwarded or changed without the knowledge or consent of the original sender
• email is vulnerable to interception.
Because of the risks of email and fax communication, the RACGP has long been a strong advocate for the use of secure electronic communications as the most efficient and appropriate method of communication across the healthcare sector.
We use secure messaging systems if possible, including ARGUS and HEALTHLINK to send and receive data from connected organisations and individual doctors.
This is not possible when communicating with patients. Particularly during the current Pandemic there has been an increase in email communication with patients and pharmacies. Referrals and Prescriptions have been sent by email
We have the current protective measures in place:
1. Computer security measures
2. Using 3 identifiers to identify patients
3. Notifying patients that the information is not encrypted and that there is a security risk in sending emails to them containing their personal medical information. They can choose to collect a hard copy from our office if they prefer
4. Our patient registration form has information about email security
5. A notice on our emails if the email is sent to the wrong address
6. Notification to OAIC of any significant data breach
Our obligations under the Privacy Act 1988
Health information is considered one of the most sensitive types of personal information. The Privacy Act 1988 (Privacy Act) provides extra protections around the collection, use or disclosure of health information.
Whilst the Privacy Act does not prescribe how healthcare organisations should communicate health information, reasonable steps must be taken to protect the information transmitted and the privacy of the patient. What is considered reasonable steps will depend on the nature of the information and the potential for harm caused by unauthorised access. Failure to take reasonable steps to protect health information may constitute a breach of the Australian Privacy Principles (APPs).