Information security in general practice

Information security strategy

Internet and email use

        1. Internet and email use

Last revised: 21 Apr 2023

Internet and email use

Your practice should have processes in place to ensure the safe and proper work-related use of internet and email.

Your practice team should be educated and trained in best practice processes when using the internet and email. This includes learning about protection measures against malicious software.

Standards indicator

C6.4F Our practice has a policy about the use of email.

C6.4G Our practice has a policy about the use of social media.

You must maintain a social media and email policy.


Create a policy: Internet and email use

Your policy should clearly define and describe the management and reasonable work-related use of internet and email by practice team members.

Your policy should cover:

  • reasonable private use of internet and email by practice team members during business hours
  • how email may or may not be used to communicate with patients
  • how your practice handles requests to communicate via unencrypted email
  • how downloaded files are scanned for viruses
  • details of any internet sites or specific content that cannot be accessed
  • internet browser security setting requirements
  • access to social networking websites such as Facebook and Twitter.

Tips for safe email use

  • If you rely on information in your emails, make sure these emails are backed up with the rest of your data.
  • Do not download or open any email attachments when the sender is unknown.
  • Email use that breaches ethical behaviours and/or violates copyright is prohibited.
  • Do not send or forward unsolicited email messages, including the sending of ‘junk mail’ or other advertising material (email spam).
  • Do not reply to spam mail and never try to unsubscribe from spam sites.
  • Remain vigilant: do not provide confidential information in response to an email (especially by return email), no matter how credible the sender’s email seems (e.g. apparent emails from your bank).
  •  Use a spam filtering program.​