Can't you just email it?

Ruanne Brell, BA LLB (Hons), Senior Legal Adviser, Advocacy, Education and Research, Avant

Sunday, 9 October 2022

Email symbol

Sally has left a voicemail message asking for a copy of her prescription for her upcoming trip, in case she loses her glasses. She doesn’t have time to come in, can you email it to her?

Electronic communication became even more essential for healthcare during COVID-19 isolations and lockdowns. However, there is still some confusion among practitioners about how to communicate by email without breaching patient privacy.

Email communication requires reasonable steps to protect privacy

Healthcare information is considered sensitive information under the Privacy Act, but that doesn’t mean email communication is prohibited. In fact, healthcare organisations may communicate with or about patients using unencrypted email, provided they take ‘reasonable steps’ to protect the information transmitted and the privacy of the patient.

The Office of the Australian Information Commissioner’s (OAIC) Guide to Securing Personal Information provides guidance on what steps are considered reasonable.

Practices need to develop clear policies and procedures for using email and make sure staff understand these.

Is it appropriate to email?

Always consider whether email is appropriate for the situation and the information you are communicating.

For example, if you need to give a patient bad news or communicate complex or difficult information, this will usually require a face-to-face discussion.

You can send time-sensitive information by email, but make sure you have a process to check it has been received.

Since email is not a secure form of communication, it will be inappropriate for some types of information, or in some circumstances. This applies even if the information itself seems relatively innocuous, such as an optical prescription, so use your judgement and your knowledge of the patient’s circumstances to determine if email is appropriate.

Inadvertently disclosing personal information such as a home address to the wrong recipient would breach privacy and could potentially cause harm.

Confirm patient consent

Also check the patient understands email is not secure and confirm they still wish to have the information sent in that way. Keep a copy of their consent if they give it in writing. Or if the patient consents verbally, document this in the clinical record.

Double check the address

Private information being emailed to the wrong recipient accounted for nearly 18% of breaches reported to the OAIC in the last reporting period (June – December 2021).

  • Always make sure:
  • which address the patient would like you to use – patients may not want health information sent to a work address or shared address
  • that you have typed in the correct address – be particularly careful about auto-complete errors that could see the software completing a recently or frequently used address instead of the one you started to enter.
  • Ideally, contact the patient and ask them to email their request to you. You can reply to that address – which both ensures you’re using the correct address and confirms their consent.

Protect sensitive information

Your policy should also address whether clinical or sensitive information should only be sent in an attachment, or sometimes in a password-protected file. You need a protocol for providing the passwords (for example, phone the patient with the password).

It is always best to ensure there is no sensitive information in the body of the email.

Use a privacy disclaimer

While you want to avoid sending email to unintended recipients, it is still useful to include a privacy disclaimer as an added layer of protection.

Document and communicate your approach

Make sure someone in the practice is responsible for actioning any incoming emails appropriately and in a timely manner. All emails also need to be documented in the patient’s clinical record and stored appropriately. Your policy also needs to address how to manage and store any clinical images sent by email.

If you have an email address on your website, be very clear how and when this address is monitored.

You may need to add a warning that patients should not use email if they need an urgent response and provide an appropriate alternative emergency contact. This information could also be included in an autoreply for emails sent to that address.

Disclaimer: This article is intended to provide commentary and general information. It does not constitute legal or medical advice. You should seek legal or other professional advice before relying on any content, and practise proper clinical decision making with regard to the individual circumstances.

A version of this article first appeared in Insight magazine and has been republished with permission.

Useful resources

Factsheet: Email communication with patients: privacy and patient safety

Office of the Australian Information Commissioner (OAIC) Guide to securing personal information

Share your view

We welcome your feedback on this article.

Contact the editor
To Top

NSW State Office AddressLevel 6, Darling Park 3, 201 Sussex Street, Sydney NSW 2000
Telephone 02 9260 9000 | Facsimile 02 9261 2921

Mailing addressPO Box 746 Queen Victoria Building NSW 1230

Connect with Avant

facebookxlinkedininstagramyoutube

In the spirit of reconciliation Avant acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their Elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.

IMPORTANT: Professional indemnity insurance and the Practice Medical Indemnity Policy available from Avant Mutual Group Limited ABN 58 123 154 898 (Avant Mutual) are issued by Avant Insurance Limited, ABN 82 003 707 471, AFSL 238 765 (Avant). Avant Cyber Insurance cover is available to eligible Avant Practice Medical Indemnity Policy holders up to the cessation of their policy and is provided under a Group Policy between Liberty Mutual Insurance Company ABN 61 086 083 605 (Liberty) and Avant. Private health insurance products are issued by The Doctors’ Health Fund Pty Limited, ABN 68 001 417 527, a member of the Avant Mutual Group. Avant arranges Avant Business Insurance as agent of the insurer Allianz Australia Insurance Limited ABN 15 000 122 850, AFSL 234 708 (Allianz) and may receive a commission on each policy arranged. Avant Travel Cover is available under a Group Policy between QBE Insurance (Australia) Limited, ABN 78 003 191 035, AFSL 239 545 (QBE) and Avant Mutual. Avant Travel Cover is underwritten by QBE and Avant may receive a benefit for arranging cover. Avant Financial Services is a registered business name of Avant Doctors’ Finance Pty Ltd (ACN 637 769 361) and licensed to Avant Doctors’ Finance Brokers Pty Ltd (ABN 75 640 406 784). Avant Doctors’ Finance Brokers Pty Ltd is a wholly owned subsidiary of Avant Doctors’ Finance Pty Ltd. Loan products may be provided by Avant Doctors’ Finance Pty Ltd or arranged by Avant Doctors’ Finance Brokers Pty Ltd. Credit services or assistance to which the National Credit Code applies are provided by Avant Doctors’ Finance Brokers Pty Ltd as authorised Credit Representative (Credit Representative Number 523242) for LMG Broker Services Pty Ltd ACN 632 405 504 Australian Credit Licence 517192. Legal services are provided by Avant Law Pty Ltd ABN 63 136 429 153 (Avant Law). Liability limited by a scheme approved under Professional Standards Legislation. Legal practitioners employed by Avant Law are members of the scheme.


The information provided on this website is general advice only and has been prepared without taking into account your objectives, financial situation and needs. You should consider these, having regard to the appropriateness of the advice before deciding to purchase or continue to hold these products. For full details including the terms, conditions, and exclusions that apply, please read and consider the relevant Product Disclosure Statement or policy wording and Target Market Determination (TMD) which are available on this website or by contacting us on 1800 128 268. Information on this site does not constitute legal or professional advice, and is current as at the date of initial publication.