Information security in general practice

Prevention and risk assessment

Patient communication via electronic media – including email

        1. Patient communication via electronic media – including email

Last revised: 21 Apr 2023

Patient communication via electronic media – including email

The ease of and widely available access to sending and receiving messages electronically means patients are using this medium more frequently to contact their general practice.

The Australian Health Practitioner Regulation Agency’s National Board policy for registered health practitioners: Social media policy  is an adjunct to the Medical Board of Australia’s Good medical practice: A code of conduct for doctors in Australia and should be read concurrently. Its provisions apply to all registered health practitioners. Another useful resource is the Electronic Transactions Act 1999

Create a policy: patient communication via electronic media

Your practice needs to address what content is appropriate to send and discuss via electronic messaging. A policy should be developed concerning the safe use of electronic communication for both practice staff and patients.

  • Password protected emails should be utilised. This is now available within Best Practice Software.
  • Patients are highly unlikely to send encrypted emails, so content within an email should be limited in scope, with patient consent.
  • You should inform patients of possible risks to their privacy if standard unencrypted email is used, this could be included in your standard patient consent forms.
  • You should verify and update email addresses, at least on an annual basis.
  • Where possible, secure message delivery should be used with compatible encryption processes.

Use the RACGP practice policy template sample to create your practice policies.


It should be noted that the Privacy Act applies to any electronic communication. Refer to section on safe use of internet and email use for further information.