Electronic Communication Policy

ELECTRONIC COMMUNICATION POLICY

for use of email, SMS, internet and social media

Date 20/11/2021

Preamble

General practices are increasingly using electronic communication to correspond with patients and other health professionals.

Our practice electronic communication policy for use with email, SMS, internet and social media will help protect the security of patient information and the reputation of Newcastle After Hours Medical Service.

The practice team will be familiar with the following policy, comply with the policy, and understand the risks associated with using electronic forms of communication, both internally and external.

The Electronic Communication Officer

The practice has appointed Tracey Monaghan to act as Electronic Communications Officer.

The Electronic Communications Officer is responsible for:

  • Maintaining this policy.
  • Providing an information session on this policy as part of a new employee’s induction.
  • Informing staff of updates and refresher training through staff meetings and notices.
  • Responding to any concerns that staff or patients have with the policy.
  • Implementing and recording quality improvements to the system as a quality improvement activity in the Practice Improvement Log.

Email and SMS – For staff

The use of email and short message services (SMS) are recognised as a useful tool for communication purposes. Practice staff are permitted to use the practice email accounts to send and receive business related material such as education updates, stakeholder communication, submitting Medicare provider number applications and communicating with locums or other staff where appropriate.

Practice staff will have access to a practice email account in the following levels:

  • Generic: This is the address that patients can utilise to contact the practice, for example admin@nameofpractice.com.au
  • Practice manager: Personalised use of a practice email account, for example practicemanager@nameofpractice.com.au
  • Receptionists: Group access to a practice email account, for example reception@nameofpractice.com.au
  • Clinical practice team members: Medical practitioners, nurses, allied health practitioners will have personalised use of a practice email account, for example joe.bloggs@nameofpractice.com.au
  • Guest clinical account: This level of access is for locums and agency nurses. Visitors will not have a practice email account.

The use of the practice email account is for business communications only.

Patient information will only be sent via e-mail if it is securely encrypted according to industry standards, practice policy and where the patient has consented to this mode of direct communication. Employees are reminded that the practice may become liable for the contents of any email message under certain circumstances. As such, a template email disclaimer will be inserted into the signature of all practice emails.

The use of personal email accounts using practice internet and computer systems is Not Permitted. Large files such as video files and photographs should not be transmitted over the practice internet computer systems for personal communication.

Protection against spam and theft of information

The practice utilises a spam filtering program Webroot Anywhere (your IT company can provide this information).

Staff will need to exercise caution in email communication and are advised to:

  • Not open any email attachments or click on a link where the sender is not known.
  • Not reply to spam mail.
  • Not to share email passwords.
  • Never try to unsubscribe from spam sites.
  • Remain vigilant: do not provide confidential information to an email (especially by return email) no matter how credible the sender’s email seems (for example, apparent emails from your bank).
  • Be aware of phishing scams requesting logon or personal information (these may be via email or telephone).

Encrypted files are automatically checked for viruses. All team members are to save, decrypt and then scan before opening the document if needed.

Password maintenance

Each of our team members will have unique identification for all protected systems.

Staff will not share passwords. Access will be by individual password only and passwords will be periodically changed 90 days and immediately if compromised.

  • Passwords will not be generic.
  • Passwords will be private and not shared.
  • Passwords cannot be re-used.
  • Passwords will be made up of 6 – 8 characters with alpha, numeric and special characters. The preference is use of a unique phrase.
  • Our staff are strongly discouraged from using:
    • Dates of birth.
    • Family or pet names.
    • Dictionary words.

Password management

  • Only the IT (Tim Willis) or practice manager can reset passwords.
  • User identifications are archived or removed upon leaving the employment of the practice.
  • Lock-out will occur after three unsuccessful login attempts to an account.

Email and SMS – For patients

Our patients will be given the option of being contacted by electronic means such as via email and/or SMS.

All new and existing patients in the practice will be given an information sheet on our electronic communication policy, and are asked to provide signed consent to agree or disagree to be communicated with in this manner.

It is acknowledged by the practice that consent is implied if the patient initiates electronic communication with the practice.

Reception staff are to check each patient has this information on their record on arrival to the practice, along with the verification of their name, date of birth and address.

The signed consent will be scanned and recorded in the patient electronic record and their response recorded on the practice software.

The consent form will state that the practice may use this mode of communication:

  • to send reminders for a scheduled appointment.
  • when the patient needs to make an appointment to review a test result.
  • as a reminder that a generic preventative screening test (for example, flu vaccine, skin-check, cervical screening) is due.

Further information will state that the practice:

  • cannot guarantee confidentiality of information transferred via email (if using encryption, please state how your encryption works).
  • will comply with the Australian Privacy Principles and the Privacy Act 1988.
  • communications will not contain sensitive information, due to the risk of confidential information being accessed inadvertently or intentionally by a third party.
  • communications will not contain results that only the general practitioner should be divulging in a follow-up appointment, ie abnormal results, education concerning a new diagnosis, etc
  • communication will not entail promotion of any product and/or preventative health care (as some patients can interpret this as an advertisement)

Patients will be advised through the consent form that:

  • emails will be answered within <<insert timeframe>> (also included in the automatic email response).
  • patients should not use email to contact the practice in an emergency (also included in the automatic email response).

Our practice email account for patients and stakeholders for non-urgent communication with our practice is admin@nahms.com.au

This email account will the routinely checked throughout the business day by the delegated authority, Tracey Monaghan or Tayla Capper

  • at the start of business
  • midday
  • one hour before end of business

The email message will then be forwarded to the appropriate team member for response. Communication conducted with a patient via electronic means will be added to the patient’s medical record by the team member resolving the enquiry.

When recalling a patient for a test result, the extent to which patients are followed up will depend on the level of urgency and the clinical significance of their test results. If the patient has not responded to the SMS or email in 5 days then other forms of communication (phone call, registered mail) should be considered.

Email and SMS between the practice and the patient will form part of the medical record and need to be included, as must any actions taken in response to the message. (Some electronic health record systems can perform this feature automatically.)

Internet

The use of the internet as a legitimate business and research tool is both recognised and approved by Newcastle After Hours Medical Service. However, staff and management have a responsibility to ensure that there is no abuse of the resources for private purposes, that staff productivity is not compromised, that offensive material is not spread throughout the organisation and that the practice computer system is protected from the introduction of computer viruses.

All downloads from the internet must be scanned for viruses.

All sites accessed must comply with legal and ethical standards and the practice policies. The internet must never be used to download or access any illegal software or pornographic, defamatory, offensive, share-trading or gambling-related material.

Downloading of material via the internet slows access for other staff. The internet should not be used for downloading music, videos or radio programs, for making personal purchases or accessing interactive social websites, including Facebook, Youtube, Skype and Twitter, except in a professional capacity and approved by the Electronic Communications Officer.

Web browser security settings are not to be changed without authorisation of the practice manager.

The practice will have in place firewalls and intrusion detection systems as advised by our IT company The Image Factory.

Social media

Social media is defined as websites and applications that enable users to create and share content or to participate in social networking. These include Instagram, Facebook, Twitter and YouTube.

Social media is not permitted to be used from practice devices in a private capacity by any staff member.

The practice utilises the Royal Australian College of General Practitioners (RACGP) social media policy which can be found on page 13 in the RACGP’s Guide for the use of social media in general practice and can be accessed by clicking the following link (attach to this policy):

https://www.racgp.org.au/download/Documents/e-health/Social-media-guide-v5.pdf

Further information

The RACGP has additional information on using electronic forms of communication in general practice.

Visit: