Our practice does not transfer patient information via email unless it is encrypted.
The GPCG Computer Security Self Assessment Guide and Checklist for General Practitioners provides information and explanations on the safeguards and procedures that need to be followed by general practices in order to meet appropriate legal and ethical standards concerning privacy and security of patient health information.
Online Security and Technology
The Health Insurance Commission (HIC) has developed a security system for health care electronic transactions using Public Key Infrastructure (PKI) technology. Using digital certificates, transactions can be digitally signed and encrypted and sent to the HIC and other health professionals and locations that also have PKI. This technology is intended for use across the entire Australian health sector.
There are two types of digital certificate used in the HIC’s PKI:
location certificates which relate to a building, location or the practice
individual certificates for persons who will be corresponding electronically with the HIC and other health care professionals and locations.
For most practice situations, a Location certificate for the practice and Individual certificates for GPs and some key staff members is required. If Individual certificates are used, a Location certificate is also required. Both Location certificates and Individual certificates need to be associated with a valid unique email address. Certificate details are stored on a token (a Smart Card or Key Ring).
Internet and email users are responsible for ensuring that the provided facilities are used in an effective, ethical and lawful manner. Internet and email users do not use the internet and email for purposes that are illegal, unethical, harmful to our practice or the medical profession or non-productive. Acceptable use includes obtaining information from medical and business websites, using email for practice business, and accessing online databases.
Unacceptable use includes forwarding chain emails and viruses, transmitting copyrighted materials without permission, visiting websites with obscene or objectionable content; transmitting any offensive, harassing or fraudulent messages or conducting personal business.
Any executable files downloaded from the internet or by email (eg software patches or any files with an .exe, .bat or .com extension) are scanned for viruses following download.
As information from the internet can be outdated, incorrect or misleading, any information obtained from the internet is verified for accuracy with other information sources before being used.
Confidential information is not sent over the internet unless encrypted.
Our practice uses the following confidentiality and privilege notice on outgoing emails that are affiliated with the practice:
‘This message is confidential and should only be used by the intended addressee. If you were sent this email by mistake, please inform us by reply email and then destroy this message. The contents of this email are the opinions of the author and do not necessarily represent the views of the Vineyard Medical Centre
Our practice configures software so that the confidentiality and privilege notice is automatically added to each outgoing email.
Any work related issue or material that could identify an individual who is a customer/client or colleague, which could adversely affect the Employer, a customer/client or the Employer’s relationship with any customer/client must not be placed on any social networking site.
This means that, unless otherwise authorised, work related matters must not be placed on any such site at any time either during or outside of working hours and this includes access via any mobile computer equipment, including mobile phone or other devices.
Likewise, all employees are strictly prohibited from using social media (whether on the Employer’s devices or their own personal device) during work time.
Any breach of this policy will be considered serious.