Email Communication Policy
To ensure that email communication within the practice complies with the RACGPStandards for general practices (5th edition), relevant privacy legislation,and best practice information security protocols.
Scope
This policy applies to all clinicians,administrative staff, contractors, and other authorised users who send orreceive email on behalf of the practice.
Policy Statement
The practice uses email communication in accordance with the Australian Privacy Principles and RACGP Standards (5th ed.) to protect patient confidentiality, maintain data integrity, and ensure secure transmission of information.
Patient-related clinical information is only sent via secure messaging systems (e.g. encrypted email, secure health messaging platforms) unless the patient has provided informed consent for unencrypted communication.
Acceptable Use
Use practice email accounts only for work-related purposes.
Do not use personal email accounts for patient-related or business communications.
Avoid sending sensitive or confidential information unless encryption or a secure messaging service is used.
All emails must be professional, respectful, and free of discriminatory or offensive content.
Patient Communication via Email
Patients requesting to receive health information via email must be informed of the risks of unencrypted email.
Document the patient’s consent in their medical record before sending any identifiable health information via unencrypted email.
Include a privacy disclaimer in all external email communications.
Security Measures
Enable multi-factor authentication (MFA) on email accounts where available.
Do not open attachments or click on links from unknown senders.
Report suspicious emails immediately to the practice manager or IT support.
All email accounts must be password-protected with strong, unique passwords, changed regularly.
Storage & Retention
Emails containing patient information must be stored in the patient’s electronic health record and deleted from the email inbox.
Retain emails according to the practice’s Records Management Policy and RACGP requirements.
Monitoring & Compliance
The practice reserves the right to monitor email usage to ensure compliance with this policy.
Breaches of this policy may result in disciplinary action and/or legal consequence