The email policy has been formulated to uphold the Privacy of the patient as per the guiding principles of the Privacy Act (1988)

1. A written consent should be obtained from the patient indicating that he/she is willing to receive his/her health data or other sensitive health information through email.

2. The email sent to the patient or another health provider should be encrypted and password protected.

3. The email address provided by the patient or the provider should be checked /verified by the practice ( by sending a link or other means to verify ) that it is correct and genuinely belongs to the said party.

4. Documented policy for the use of Email should be in place and it should be revised, to reflect the current changes in IT communications and the laws applicable thereof.

5. Email Communication with other Healthcare Providers and third parties are undertaken only after following the above 4 steps and also ensuring a secure messaging software with digital credentials is used.

6. Communicating with the Australian Government Databases e.g. Medicare Online, HPOS, PCEHR ---- PKI Certificate and NASH certificates should be used, thus ensuring the security of the data exchanged online.

7. At present (July 2025), Allcare Carnes Hill Medical Centre does not exchange / transfer any patient data to the patients via email.

Note: Various resources and guidelines are available in Allcare Carnes Hill Medical Centre Information Security Policy to safeguard the data of the patients and the use of email in medical practices.