Welcome to PrimeCare Medical Medical Center

1. Purpose

This policy ensures secure and professional email communication in compliance with:

• RACGP      Standards for General Practices (5th Edition)
• Privacy      and Data Protection Act 2014 (Vic)
• Health      Records Act 2001 (Vic)
• Australian      Privacy Principles (APPs)

2. Scope

Applies to all staff (GPs, nurses, allied health professionals, reception staff) using email for:

• Patient      communications
• Referrals      to specialists/hospitals/other healthcare providers
• Correspondence      with other healthcare providers
• Internal      clinic communications

3. Email Use Guidelines

3.1 Patient Communications

• Consent      Required: All      patients will be asked to provide consent for email communication during      their first visit, unless they explicitly refuse.

· Documentation of Refusals:

Ø Reception staff will record patients who decline email communication in their electronic health record (e.g., prominent alert in the patient file).

Ø A standard note will be added: "Patient declined email communication - [Date]".

· Staff Awareness:

Ø All clinical and administrative staff must check for this alert before sending any email correspondence.

Ø Repeated attempts to email patients who have opted out may result in disciplinary action.

• Limited      Content: Do      not include highly sensitive information (e.g., mental health details, HIV      status) via email.
• No      Consultation: Do      not seek consultations (e.g., script, medical advice) via email.
• Secure      Alternatives: Use      encrypted platforms (e.g., HealthLink, Argus) for sensitive data.

3.2 Referrals and Clinical Correspondence

• Encryption      Mandatory: All      clinical emails containing health information must be encrypted.
• Subject      Line Protocol: Use      "[Secure]" prefix and avoid revealing patient identifiers (e.g.,      "Re: [Secure] Referral for Initials Only").
• Attachment      Security: Password-protect      documents containing health information; share passwords separately.

3.3 Internal Emails

• Avoid      sharing patient health information via internal email unless necessary.      Use the clinic’s secure messaging system instead.

- Best Practice F8 messages

4. Security Measures

• Email      Accounts: Staff      must use clinic-provided email addresses (e.g., admin@primecare.au; nurse@primecare.au). Personal emails are only used      for communications without any patient information.
• Passwords: Change every 90 days;      enable two-factor authentication (2FA).
• Phishing      Awareness: Do      not open attachments or click links from unknown senders. Report      suspicious emails to IT.
• Auto-Forwarding: Disabled to prevent      accidental data breaches.

5. Compliance & Monitoring

• Audits: Random checks of email      compliance quarterly.
• Training: Annual staff training on      email security and privacy.
• Breach      Protocol: Report      accidental disclosures to the Privacy Officer immediately.

6. Patient Consent Workflow

1. During      Registration/First Visit:
   • Reception       provides the Consent Form (paper or digital).
   • If       the patient refuses, reception:
     • Marks        "Declined" in the clinic software (e.g., Best Practice).
     • Adds        a pop-up alert to the patient’s profile.

1. Ongoing      Reminders:
   • Staff       are trained to verify consent status before sending emails (via the       patient’s record).
   • Annual       reviews: Patients are re-offered the option to opt-in during routine       visits.

Example Consent Form Addition:

"By default, our clinic uses email for appointment reminders and general notices. If you DO NOT wish to receive emails, please tick this box: ☐ I decline email communication.
Note: This will be recorded in your file to ensure no emails are sent accidentally."

7. Policy Review

Reviewed annually or after significant IT/privacy law changes.