13 February 2020

By Dr Jeannie Knapp.

Criterion C6.4 – Information security Indicators

C6.4 F Our practice has a policy about the use of email.

C6.4 G Our practice has a policy about the use of social media.

Artistic image of a padlock surrounded by social media isons.

Email and social media platforms are valuable tools – but they come with risks.

Why this is important

Practices are increasingly using electronic platforms to communicate with patients and other health professionals.

Email is quick and convenient, but it is not a secure method of communication. Social media can be a valuable tool for practices to communicate and advertise to patients but there are also risks.

Email and social media policies will help to protect the security of patient information and the reputation of your practice.

Email policies

C6.4 F Our practice has a policy about the use of email.

 You must:

  • Maintain an email policy.

You could:

  • Put your email policy on your website
  • Have an automated response to patient emails that advises them of when they are likely to receive a response.

If your practice uses email and social media, you must have policies for their use. The practice team must be familiar with the policies, comply with them and understand the risks associated with using email and social media. The policies could also be made available to patients.

A policy for use of email in the practice may include information about:

  • Maintaining passwords and keeping them secure
  • Verifying and updating email addresses
  • Informing patients of possible risks to their privacy if standard unencrypted email is used
  • Obtaining and recording patient consent to communicate with them by email
  • Your policy may be to not use email, in which case you should advertise this. For example: on your website

For more information, refer to the RACGP’s guide to using email in general practice, which includes a set of guiding principles and the excellent privacy and security matrix.

Social media policies

C6.4 G Our practice has a policy about the use of social media. 

You must:

  • Maintain a social media policy.

You could:

  • Put your social media policy on your website.

Practitioners registered with the Australian Health Practitioner Regulation Agency (AHPRA) are required to comply with AHPRA’s social media policy.

The RACGP’s guide for the use of social media contains guidance for the safe and professional use of social media in a general practice. It contains a template for a social media policy (which complies with AHPRA’s social media policy) that you can adapt to suit your practice.

Information in this article was taken from the RACGP Standards for general practices (5th edition).

Subscribe to NWMPHN

Keep up to date with the latest news and publications, funding opportunities, careers and upcoming events at NWMPHN.

Want to collaborate with us?

Share your thoughts on how the primary health care system can be improved in North Western Melbourne.