Secure communications product list

Helping practices communicate safely

Practices need to consider what content is safe and appropriate to send and discuss via electronic messaging and the methods to do so.

The following table highlights the ways general practices can communicate with patients, clinicians, external organisations and internal practice staff.


How does it work

Who is it suitable for?

Availability of this function

Password protected documents or files

Password protecting files that you send by email is a way to increase their security. The recipient needs to know the password, which could be agreed in advance, or else has to be sent separately

Patients Clinicians Practice staff

Most software that produces text or other documents offers password protection of those documents.

File hosting or cloud storage services

An Internet hosting service specifically designed to host user files. It allows users to upload files that could then be accessed over the internet from a different computer, tablet, smart phone or other networked device, by the same user or possibly by other users, after a password or other authentication is provided. Most products will include the necessary security certificate.

Clinicians Practice Staff

For more information see the technology section

Encryption software

Encrypting your messages before sending them renders them unreadable from the start to the point at which the intended recipient opens them. To secure your email effectively, encryption is required at the following points: 1. the connection from your email provider (the channel) 2. your actual email messages (the message) 3. your stored, cached, or archived email messages. The technology for this is readily available, but most patients have not equipped themselves for this or understand the implications of sending health information unencrypted.

Patients Clinician Practice Staff

Software available: 7-Zip (Windows) AxCrypt (Windows) Cryptext (Windows) Disk Utility (Mac) dsCrypt (Windows) Encrypt4all (Windows) FreeOTFE/FreeOTFE Explorer (Windows/Linux

GNU Privacy Guard (Windows/Mac/ Linux) Instant LOCK (Windows) Remora USB File Guard (Windows) Rohos Mini Drive (Windows) SafeHouse Explorer (Windows) Sofonica Folder Soldier (Windows) Sophos Free Encryption (Windows) TrueCrypt (Windows/Mac/Linux)

via secure website portal

A web based communication tool allows patients to send requests directly to their doctor without the need to visit the surgery. Patients can request services such as appointments, prescription renewals, pathology test follow up and referral letters thus saving the time and expense of going to the doctor’s practice. Communicating through a secure practice website helps medical practices improve their workflow while increasing patient satisfaction. Practices can create their own secure website, or do so through commercial providers, who have created mechanisms to facilitate the payment of fees that the practice wishes to charge for the various services. Practice’s secure websites should conform with Standard 12.5 of the current edition of the RACGP Computer Information and Security Standards


Your Practice
Your Health

Secure messaging or Secure message delivery (SMD)

Secure Messaging is a method of sending clinical documents and/or sensitive information between two parties over the internet using encryption. This can be server, software or portal based. Secure Message Delivery (SMD) is an Australian Standard (AS5552 -2013) that supports the secure delivery of messages between two healthcare organisation endpoints, either directly or indirectly through via one or more messaging service providers. SMD software designed for use by general practices allows GPs to send letters and other messages from within their clinical software securely, and it imports incoming letters and other messages into the GP’s clinical in box, which enables the letter or message to be filed easily into the patient’s clinical record. Although SMD is now widely integrated into secure messaging products, no commercial SMD interoperability between vendors is currently available. SMD has not been designed to send clinical documents to patients.


Refer to the NeHTA SMD Product list


The information set out in this publication is current at the date of first publication and is intended for use as a guide of a general nature only and may or may not be relevant to particular patients or circumstances.

Nor is this publication exhaustive of the subject matter. Listing of any proprietary brand names does not imply recommendation nor endorsement of those products. Persons implementing any recommendations contained in this publication must exercise their own independent skill or judgment or seek appropriate professional advice relevant to their own particular circumstances when so doing. Compliance with any recommendations cannot of itself guarantee discharge of the duty of care owed to patients and others coming into contact with the health professional and the premises from which the health professional operates.

While the text is directed to health professionals possessing appropriate qualifications and skills in ascertaining and discharging their professional (including legal) duties, it is not to be regarded as clinical advice and, in particular, is no substitute for a full examination and consideration of medical history in reaching a diagnosis and treatment based on accepted clinical practices. Accordingly

The Royal Australian College of General Practitioners and its employees and agents shall have no liability (including without limitation liability by reason of negligence) to any users of the information contained in this publication for any loss or damage (consequential or otherwise), cost or expense incurred or arising by reason of any person using or relying on the information contained in this publication and whether caused by reason of any error, negligent act, omission or misrepresentation in the information.


Download the PDF version

 Secure communications product list (PDF 480 KB)