Part of Central Highlands Healthcare
Lot 1 Pilot Farm Road, Emerald07 4986 7400

Our Policies

Patient Rights Policy

Interpreter Services Policy

Information Security Policies and Procedures Policy

Accreditation and Continuous Quality Improvement

Security and Privacy of Records Policy

Transfer of Health Records Policy

Communication Policy and Procedure

Social Media Policy

Internet and email usage Policy

Patient Rights Policy

Due to the nature of general practice, GPs, clinical staff and administrative staff need to provide respectful care to patients that promote their dignity, privacy and safety.

Specifically, all staff need to:

  • have interpersonal and communication skills
  • provide a high level of customer service
  • be warm, caring, friendly, helpful and empathetic
  • identify, be sensitive toward and accommodate personal and cultural needs
  • provide non-discriminatory care
  • provide continuity of care
  • provide adequate information to help patients make informed decisions
  • respect a patient’s right to seek another opinion or alternative care
  • record all essential information in the patient’s health record
  • foster a collaborative relationship based on trust and mutual respect.

Patients must not be refused access to care on the basis of gender, race, disability, Aboriginality, age, religion, ethnicity, sexual preference or medical condition. Patients need to be encouraged to self-identify cultural background (e.g. Aboriginal and Torres Strait Islander self-identification), with this information recorded in active patient health records.

Our practice is familiar with the Federal Disability Discrimination Act 1992, as well as various State or Territory Disability Services Acts and Equal Opportunity Acts regarding anti-discrimination. Details can be found on the Human Rights and Equal Opportunity Commission website.

Additional information regarding patient privacy and the Australian Privacy Principles is available at Office of the Australian Information Commissioner.

Procedure

In our practice, we do not refuse access to care on the basis of gender, race, disability, Aboriginality, age, religion, ethnicity, sexual preference or medical condition.

In our practice, we encourage patients to self-identify cultural background (e.g. Aboriginal and Torres Strait Islander self identification) on their Patient Registration Form and this information is recorded in their health record.

Go to the Top

Interpreter Services Policy

Our practice provides a health service that accommodates a diverse multicultural population including those with disability.

Patients who do not speak English or who are more proficient in another language, have the ability to choose a professional translating service or a translator who may be a family member or friend.

Children must not be encouraged to translate on their parent’s behalf. In some situations, it may also not be appropriate for a family member or friend to translate for the following reasons:

  • Reluctance for the patient to disclose some information
  • Biased translation of information.

Our practice encourages patients to utilise the free Translating and Interpreting Service (TIS) – Doctors Priority Line (1300 131 450) for reasons including:

  • quality patient care
  • confidentiality
  • risk management
  • efficiency and effectiveness
  • impartiality
  • accuracy
  • professional conduct
  • experience

The TIS is a free service available 24 hours a day via telephone at the time of consultation or onsite at the practice if 48 hours notice is given. Further information about the TIS is available on the TIS website.

A free interpreting service is available for patients who are deaf and use Australian Sign Language (AUSLAN). Contact the National AUSLAN Interpreter Booking and Payment Service (NABS) on 1800 246 945 or the NABS website for further information.

Procedure

Our practice advises patients of translating and interpreting services by:

  • GPs
  • Reception staff
  • Clinical staff

Our practice also provides patient support materials in a variety of languages. The Practice Manager is responsible for maintaining these materials.

All doctors in this practice are registered with the Translating and Interpreting Service Translated health information is available from:

In our practice, we follow this procedure when accommodating patients who speak a language other than English:

  1. Ask the patient if they would like the use of an interpreter and offer translation services available in the practice
  2. Check the patient’s health record to see if an interpreter has been used before (if an existing patient)
  3. Record the patient’s preferred language and if they have requested an interpreter (if a new patient)
  4. Ask the patient what time they would prefer an appointment and whether they would prefer a male or female interpreter
  5. Ask the patient how they prefer to be addressed and their preferred order of name (e.g. family name first, then generation name, given name last)
  6. Record this information in the patient’s health record
  7. Make a longer appointment to accommodate interpreting time
  8. Ask the patient to repeat appointment details to confirm they have understood
  9. Contact the TIS on 1300 131 450 to book an interpreter (if requested). Advise the TIS operator of a nominated patient code for easy identification, patient name, language, preferred gender of interpreter and appointment details
  10. Ask the patient to call if they are unable to attend the appointment. Alternatively, call the patient the day before to confirm the appointment.

The Translating and Interpreting Service (TIS National) provides access to phone and onsite interpreting services in over 160 languages and dialects. Further information is available at www.tisnational.gov.au

Go to the Top

Information Security Policies and Procedures Policy

Our practice has systems in place to protect the privacy, security, quality and integrity of the data held. All staff are educated and regularly trained in our computer security policies and procedures. Our policies and procedures are a source of information to clarify roles and responsibilities, and to facilitate the orientation of new practice team members.

The RACGP Computer and Information Security Standards provide information and explanations on the safeguards and procedures that need to be followed by general practices in order to meet appropriate legal and ethical standards concerning privacy and security of patient health information. These documents also contain suggestions for additional security procedures.

Our practice has a My Health Records policy that covers the specific requirements of My Health Records Act 2012 and My Health Records Rule 2016 Our practice has the following information to support the computer and information security policies and procedures:

  • current asset register documenting hardware and software specifications and locations, network information, technical support
  • logbooks/print-outs of maintenance, backup including test restoration, faults, virus scans
  • folder with warranties, invoices/receipts, maintenance agreements.

Procedures

Practice Team Agreements

Upon employment, every practice team member is given confidentiality and privacy agreements to sign, together with an appropriate computer use agreement. These act to protect the owners of the practice in the event of legal action against the practice arising out of a security breach.

These agreements can be used to ensure that practice team members and other people working in a practice who may have access to confidential patient or business information comply with privacy and security of information as required under legislation, including the Privacy Act 1988 and the National Privacy Principles.

External Service Provider Agreements

Unique contractual arrangements are made with all external service providers including information in relation to:

  • data confidentiality
  • remote access
  • backups and restoration procedures
  • response times
  • costs
  • regular maintenance
  • audit logs
  • secure disposal of information assets
  • cloud services

My Health Records Policy

The following information is taken from My Health Records Rule 2016:

The Practice will enforce the following in relation to all its employees and any Organisation with whom we engage under an agreement/contract:

  • The manner by which the Practice authorises persons accessing the My Health Records system via or on behalf of the practice
  • The manner of suspending and deactivating the user account of any authorised person:- who leaves the practice,
  • The manner of suspending and deactivating the user account of any authorised person whose duties no longer require them to access the My Health Records system,
  • The manner of suspending and deactivating the user account of any authorised person whose security has been compromised.

Our practice ensures the following:

  • Training will be provided before a person is authorised to access the My Health Records system, including in relation to how to use the My Health Records system accurately and responsibly, the legal obligations on the practice and our staff members using the My Health Records system and the consequences of breaching those obligations.
  • The process for identifying a person who requests access to a patient’s My Health Records is clear and followed and the person’s identity is communicated to the System Operator so that the healthcare provider and the practice is able to meet its obligations.
  • Physical and information security measures are established and adhered to by the healthcare provider, the practice and people accessing the My Health Records system via or on behalf of the healthcare provider, the practice, including that user account management measures are implemented.
  • Mitigation strategies to ensure My Health Records related security risks can be promptly identified, acted upon and reported to the Practice Manager.

The Practice will authorise the staff members within its team that require access to the My Health Records system by:

  • Generating and maintaining an authorised employee register, which includes the name and HPI-I for all health care professionals working at the Practice or on behalf of the practice.
  • Registering both our HPI-O and the HPI-Is of our practitioners for publication in the Healthcare Provider Directory (HPD)
  • Recording and keeping current the credentials of all our staff who require access to the My Health Records system

For a staff member who leaves the Practice we will deactivate their account by:

  • De-activating the HPI-I in our clinical software and removal of individual login details.
  • Revising our Authorised Employee Register
  • Keeping a local record of the revised Authorised Employee Register for audit trail purposes.

For a staff member whose duties no longer require them to access the My Health Records system we will deactivate their account by:

  • De-activating the HPI-I in our clinical software and removal of individual login details.
  • Revising our Authorised Employee Register
  • Keeping a local record of the revised Authorised Employee Register for audit trail purposes.

For a staff member whose security has been compromised we will immediately deactivate their account by:

  • De-activating the HPI-I in our clinical software and removal of individual login details.
  • Revising our Authorised Employee Register
  • Keeping a local record of the revised Authorised Employee Register for audit trail purposes.
  • Keeping record of the details surrounding the event (e.g. who and why).
  • Pursuing the necessary disciplinary action if necessary

Training will also be conducted as new functionality is introduced into the system. We will utilise the training resources made available by the System Operator, as a minimum. To assist in ensuring training completion and audit purposes, a record is kept confirming the training completed by each authorised staff member and the date completed.

Notwithstanding any action the System Operator may take with regard to data breaches, the practice will continue to implement local staff conduct and disciplinary policies with regard to any staff unauthorised access to the My Health Records system.

Our practice will also ensure the following:

  • staff members that we authorise to access the system can be identified by either a unique local identifier or system log-in
  • the Practice has current and adequate IT system anti-viral software
  • our Disaster Recovery Plans are current and executable
  • ensure our IT systems and hardware is physically protection against unauthorised access or hacking
  • that each authorised user of the system has a secure password

We regularly review our security and procedures for accessing the My Health Records system, report the findings to management and revise our procedures accordingly.

The practice has set out a risk reporting procedure to allow staff to inform management regarding any suspected security issue or breach of the system.

All staff in the practice and any healthcare providers to whom the organisation supplies services under contract have access to this Policy. The practice will notify all personnel of changes to these Policies and Procedures when they occur.

Useful Link

Australian Privacy Principles

Go to the Top

Accreditation and Continuous Quality Improvement Policy

Our practice is committed to attaining and exceeding the 5th Edition of the RACGP Standards for General Practices, as well as committed to quality improvement activities. To develop, maintain and enhance the business and clinical management aspects of our practice, quality review activities must be used to monitor progress. These activities may include audits, routine data checks, account reviews and health record reviews.

RACGP information on the differences between the 4th and 5th edition of the Standards is attached.

Our practice aims to continually improve processes that will result in the following outcomes:

  • Improved and increased documentation of routine monitoring and specific improvements in health care
  • Increased participation in continuing education for effective and personal work output
  • Identification and resolution of actual and potential deficiencies and risks in practice administration, care and management of patients
  • Improved staff communication
  • Increased staff awareness, participation and management of patient care, occupational health and safety, infection control and medico-legal standards
  • Increased safety for staff and patients of our practice
  • Improved quality of care for patients.

Our practice is able to demonstrate an aspect of activities that has been identified for improvement, and have a planned approach for improvements. Our practice utilises the information resulting from the quality improvement outcomes and use them as part of risk assessment and management program activities. They are also documented and reviewed according to the PDSA cycle of quality as defined below.

Data about our practice population is collected and used by our practice for quality improvement. Although it is preferable to investigate our own data, where it is not easily accessible our practice utilises national registers, eg Australian Childhood Immunisation Register.

Procedure

In our practice, we identify and action areas for quality improvement by:

  • Seeking practice staff, medical practitioner and patient feedback
  • Monitoring recommendations from the Division of General Practice, AGPAL and RACGP

In our practice, we access data about our practice population by querying our database. We use this data to improve our practice population by implementing evidence-based practices.

Plan Do Study Act (PDSA) cycle of quality

A reliable methodology is needed to ensure that any quality improvement activities undertaken by our practice are successful. One such methodology is the Plan Do Study Act (PDSA) cycle.

The four steps involved in the PDSA cycle are as follows:

  1. Plan the improvement
  2. Do the improvement
  3. Study the improvement
  4. Act on any changes from the study.

Step 1 – Plan

When planning the improvement activity, the following is identified:

  • what the improvement is, who it will impact, what the outcome should be
  • who needs to be involved, who needs to be made aware, where it is documented
  • how this information will be made available to staff, how often progress will be reviewed
  • how feedback will be gathered.

Step 2 – Do

When doing the improvement activity, the following will be completed:

  • the appropriate staff involved
  • steps taken documented
  • feedback sought from all involved.

Step 3 – Study

  • When studying the improvement activity, the following is reviewed:
  • whether the improvement was successful
  • if the results met expectations
  • whether the changes were incorporated into the way staff work
  • whether further improvements need to be implemented.

Step 4 – Act

Any improvements are acted upon and reviewed as per Steps 2 and 3. If the CQI activity has been successful, our practice considers the following:

  • how the new policy and procedure will be incorporated into the way staff work
  • how staff will be made aware of the change
  • where the new activity will be documented
  • how the new activity will be monitored to ensure all staff are participating.

If the CQI activity has been unsuccessful, our practice considers the following:

  • what the activity has shown
  • what different improvements might be able to be made.

Go to the Top

Security and Privacy of Records Policy

The maintenance of privacy requires that any information regarding individual patients, including staff members who may be patients, must not be disclosed in any form (verbally, in writing, electronic forms inside/outside our practice) except for strictly authorised use within the patient care context at our practice or as legally directed.

Health records must be kept where constant staff supervision is easily provided. Personal health information must be kept out of view and must not be accessible by the public.

All patient health information must be considered private and confidential, and therefore must not be disclosed to family, friends, staff or others without the patient’s consent. This information includes medical details, family information, address, employment and other demographic and accounts data obtained via reception. Any information given to unauthorised personnel will result in disciplinary action, possible dismissal and other legal consequences. Each staff member must sign a confidentiality agreement on commencement of employment.

In addition to Federal legislation, our practice also complies with State or Territory legislation. Care must be taken that individuals cannot see computer screens showing information about other individuals. Screensavers or other methods of protecting information must be engaged.

Access to computerised patient information must be strictly controlled with personal logins and passwords. Staff must not disclose passwords to unauthorised persons. Screens need to be left cleared when information is not being used. Terminals must also be logged off when the computer is left unattended for a significant period of time. Items for the pathology couriers or other pick ups must not be left in public view.

When not in attendance, staff must ensure that prescription pads, prescription computer generated paper, letterhead, scripts, medications, health records and related patient information are out of view. They must also be stored in areas only accessible to authorised persons.Facsimile, printers and other electronic communication devices must only be accessible to authorised staff.

Procedure

In our practice, computer screens are positioned so that individuals cannot see information about other individuals, access to computerised patient information is strictly controlled with passwords and personal logins, automatic screen savers and computer terminals are logged off when the computer is left unattended for a significant period of time.

In our practice, prescription pads, prescription computer generated paper, letterhead, scripts, medications, health records and related patient information are stored in locked store cupboard in the Staff rooms.

In our practice, the facsimile, printers and other electronic communication devices are located within consult rooms and behind reception desk.

In our practice, items for pathology couriers or other pickups are left in a secure desk.

Go to the Top

Transfer of Health Records Policy

When a patient requests for their health records to be transferred to a GP outside of our practice, the GP has an obligation to provide a copy or summary of the patient health record in a timely manner to facilitate care of the patient.

Transfer of health records from our practice can occur in the following instances:

  1. When a patient asks for their health record to be transferred to another practice
  2. For legal reasons, e.g. record is subpoenaed to court
  3. Where an individual health record report is requested from another source.

Practice staff must notify the GP about all requests for patient health information. Our practice records the request by the patient to transfer patient health information on the health record, and this needs to include details as to the date, where and when the information was sent and who authorised the transfer.

The patient must provide written consent to the transfer.

For medico-legal reasons, our practice retains the original record and provides the new GP with a summary or a copy. If a summary of the patient’s health record is provided to the new GP, a copy of the summary must be kept on file for record purposes.

Our practice may choose to charge a reasonable fee to the practice or the patient for transferring the patient’s health record to another practice.

It is necessary for a doctor to become familiar with a new patient’s medical history via their health record from a previous practice. If a copy or summary of a health record is required, written patient consent must be provided to the former practice by the patient.

Our practice assists new patients by providing a consent form and posting to the former practice.

Procedure

Transfer of Health Records to Another Practice

Our practice follows this procedure when transferring health records to another practice:

  1. Advise the patient to nominate a new GP and to have the new practice send a request for transfer of medical records signed by both the doctor and patient.
  2. Send the request to the Doctor’s inbox to authorise the release of the patient’s medical record.
  3. Follow the Doctor’s instructions to generate the health summary.
  4. Where possible send the summary va “Medical Objects” as encrypted information but if not.
  5. Post or fax the health record to the requesting practice. Copies sent by post must have ‘ and Confidential’ stamped on the envelope
  6. Make a note in the patient’s health record the date and destination of the records transferred.
  7. Mark the patient’s electronic medical record as ‘archived’ and ‘inactive’.

Transfer from another practice

Our practice follows this procedure when transferring health records from another practice:

  1. Generate a request form and ask the patient to sign the form indicating consent for their previous practice to forward a copy or summary of their health record
  2. Send/fax the signed consent form to the previous practice requesting that they provide a copy or summary of the patient’s health record

Go to the Top

Communication Policy and Procedure

1. Purpose

The purpose of this policy is to assist our clients and patients to understand how we receive and respond to inquiries. This policy also guides staff communicating with our patients and the community.

2. Objective

To reduce the risks of damaging or ineffective communication, and to ensure that all staff are aware of how communications are best conducted, and who has responsibility for which aspects.

3. Scope

This policy applies to the communication processes across Central Highlands Healthcare and aligns with the endorsed Central Highlands Communication Plan 2019 and stated values of Commitment to Excellence; Compassionate and Caring; Integrity and Respect; and Responsive and Agile.

4. Definitions

Communication with our practice can be via traditional postal mail, electronic forms such as email, SMS and via our website or social media pages. Patients, other service providers and the community may also phone and come to visit face-to-face.

eFax is a scanned document sent by email to a fax number.

Secure information transfer refers to the use of encrypted information through Medical Objects or My Health Record.

Health management purposes include:

  • Appointment scheduling (online appointment system)
  • Appointment reminders
  • Health reminders (e.g. pap smear)
  • Health recall (e.g. follow up of results and investigations)
  • Telehealth

5. Policy

Central Highlands Healthcare endeavours to provide patients with access to timely advice or information about their clinical care via the telephone or in face-to-face consultations. The urgency of a patients needs are determined promptly. We aim to communicate effectively over the telephone and use simple, straight forward language and check that patients have understood what has been said.

Electronic communication provides a useful and alternative point of access for our patients. Our patients have the option to contact or be contacted by our practice through electronic means via email and SMS. Our patients are informed of the risks associated with some methods of electronic communications and that their privacy and confidentiality may be compromised. Patients must agree via signing patient form. Our practice adheres to the Australian Privacy Principles (APPs), the Privacy Act 1988, and the Queensland Information Privacy Act 2009. The practice may become liable for the contents of any email message under certain circumstances and therefore an email disclaimer is inserted into the signature of all practice emails. Email and SMS between the practice and the patient, including any action taken in response to the message/s are included in the patient’s medical record. Our Practice uses secure messaging wherever possible or eFax for communication by fax.

Central Highlands Healthcare aims to ensure all patient messages or other communications including emails that require subsequent follow-up by a doctor or other staff member are responded to in a timely manner. All messages from patients, to patients, or about patients become part of the patient’s health record, in addition to any actions taken in response to the message.

Our aim is to facilitate optimal communication opportunities with our patients. Patients who do not speak or read English or who are more proficient in another language, or who have special communication needs are offered the choice of using the assistance of a language service to communicate with the GPs or clinical team members.

Our practice encourages and supports the use of digital technology to enable our patients 24-hour access to our appointment system. Our practice allows patients to book their healthcare appointment with their preferred healthcare provider online via the booking page on our website or direct with the HotDoc app.

6. Procedure

6.1. Communicating by telephone
All telephone calls are answered by a member of the practice who must adhere to the following standards:

  • Staff follow the practice booking system for all patient appointments
  • Before any calls are placed on hold staff must first ask if the matter is an emergency
  • Staff follow the practice triage system for patients requesting urgent appointments
  • Staff make sure that the patient is correctly identified by using three of the approved patient identifiers1
    ✓ Family name and given names
    ✓ Date of birth
    ✓ Gender (as identified by the patient)
    ✓ Address
  • Staff are mindful of confidentiality and patient’s right to privacy. No names are openly stated over the telephone within earshot of other patients and/or visitors
  • Staff members are aware of each doctor’s policy on accepting or returning calls.

In non-urgent situations, patient calls need not interrupt consultations with other patients, but a message containing the information is given to the person in a timely manner

6.2. Communicating by Electronic Means
Our practice email account for patients and stakeholders for communication with our practice is enquiries@chhealth.com.au. Only appropriate non-clinical matters are dealt with via email exchanges unless patient informed consent is recorded to collect their own information. Central Highlands Healthcare uses an encrypted and secure messaging system (Medical Objects) for the transfer of clinical information.

No consulting or advice services are conducted by email. This must be communicated face to face by a medical practitioner or other appropriate health professional unless there are exceptional circumstances. Central Highlands Healthcare supports the use of My Health Record so that patients and other designated service providers can see results. Results once checked by the general Practitioner may be relayed to the patient by a nurse.

This email account will be routinely checked throughout the business day by administration staff. Email messages are forwarded to the appropriate team member for response within 24 hours.

Our practice uses SMS messaging to remind patients of their upcoming appointments. There is no medical or identifying information used in these messages. It is the patient’s responsibility to contact the practice and follow up on the message.

Communication conducted with a patient via electronic means will be added to the patient’s medical record by the team member resolving the enquiry.

6.3. Informing the clinical team of communications
All communications are documented for a staff member’s attention and action, or in their absence to the designated person who is responsible for that team member’s workload. This information is contained in our appointment screen, F8’s (internal secure messages) or as non-visit notes in the patient’s chart for the Doctors attention.

Appointment screen / patient chart is used to document all significant and important telephone conversations or electronic communications including after-hours contacts and medical emergencies and urgent queries.

The log records:

  • The name and contact phone number of the patient/caller
  • The date and time of the call
  • The urgent or non-urgent nature of the call
  • Important facts concerning the patient’s condition
  • The advice or information received from the doctor
  • Details of any follow up appointments

All documented communications are provided to the staff member on the day of receipt and must be responded to within a timely manner or within 24 hours.

6.4. Communicating with patients with special needs
A contact list of translator and interpreter services and services for patients with a disability is maintained, updated regularly and readily available to all staff at reception.
These include:

  • National Relay Service (NRS)
  • Auslan services 1300 AUSLAN
  • Translation and Interpreter Service (TIS) Doctors Priority Line 1300 131 450

7. Compliance with this policy

If there is allegations that staff have not complied with the policy, an investigation will be led to explore the circumstances with resulting action being recommended to the CEO.

8. Other relevant Policies

  • Interpreter services (Practice Hub)
  • Patient Electronic Contact (Practice Hub)
  • Patient Telephone Contact (Practice Hub)

Contacts

For questions about this policy, contact the Chief Executive Officer by email on enquiries@chhealth.com.au

Go to the Top

Social Media Policy C6.4G

Our practice social media policy is as follows.

Policy

This policy provides guidance for employee use of social media. Social media has many forms. This policy must be broadly applied to all forms of social media; these include but are not restricted to Facebook, Twitter, Linkedln, Share, Slogging, Messenger, message boards, chatrooms, electronic newsletters, online forums, social networking sites, and wikis.

Guidelines

  • Employees need to be aware that their actions may have an impact on their individual image as well as the practice’s image. The information that employees post or publish may be public information for a long time. Employees must use their best judgement in posting material that is neither inappropriate nor harmful to the practice, its employees or patients.
  • Our practice may observe the content and information made available by employees through social media.
  • Examples of prohibited social media conduct include posting commentary, content or images that are defamatory, pornographic, proprietary, harassing, or libelous.
  • Employees are note to publish, post or release any information that is considered confidential or not public.
  • Employees must get appropriate permission before referring or posting images of current or former employees, contractors or patients.
  • Employees must be clear that their online posts as personal and purely their own. The practice should not be held liable for any repercussions the employee’s content may generate.
  • Employees must show respect for others’ and others’ opinions in all posts.

Overall employees must observe the principles of integrity, professionalism, privacy and impartiality when posting online. There may be disciplinary implications for employees not complying with the practice’s social media policy and guidelines.

The RACGP’s Guide for the use of social media in general practice is available at here

Go to the Top

Internet and Email Usage

Policy

All staff within the practice are to assist in mitigating security risks. This includes being aware of the risks associated with email and internet usage. All staff are to use the internet, email and secure messaging in a manner which meet our privacy obligations and are to use such resources in a respectful and professional manner.

Procedures

To avoid unnecessary risk to information systems, the following is advised:

Internet usage
  • internet use for business, clinical and research purposes only
  • all downloads accessed from the internet must be scanned for viruses
  • all sites accessed must comply with legal and ethical standards
  • web browser security settings are not to be changed without authorisation

In our practice, the type of firewall we have is recommended by our IT solutions provider and upgraded as necessary.

The firewall is tested on a monthly basis. The person responsible for testing the firewall is AuslT.

This practice uses antivirus, anti-malware and anti-spyware which are centrally installed and managed and locally deployed.

Email usage

Communication with patients via electronic means (e.g. email) is conducted with appropriate regard to the privacy and confidentiality of the patient’s health information.

Our practice uses the following confidentiality and privilege notice on outgoing emails that are affiliated with the practice: ‘This message is confidential and should only be used by the intended addressee. If you were sent this email by mistake, please inform us by reply email and then destroy this message. The contents of this email are the opinions of the author and do not necessarily represent the views of the Practice.” Best practice when using email:

  • Do not open unexpected email even from people known to you as this might have been spread by a virus.
  • Use an antivirus mail filter to screen email before downloading.
  • Do not use the ‘preview pane’ in your email program as this automatically opens your email when you click on the header.
  • Save attachments and check for viruses before opening or executing them (note this does not relate to the clinical secure messaging but to attachments received through email and websites).
  • Do not run programs directly from websites. If files are downloaded, check for viruses first.
  • Email use that breaches ethical behaviours and/or violates copyright is prohibited.
  • Do not send or forward unsolicited email messages, including the sending of ‘junk mail’ or other advertising material (email spam).
  • Do not use email for broadcast messages on personal, political or non-business matters.
  • Practice staff are never to send emails that might be construed as offensive or constitute as any form of harassment.

Emails and internet usage will be monitored by the IT provider including discretion to blacklist certain sites such as personal email or social media sites. this is endorsed by the CEO who can receive reports of unusual internet use.

All staff have signed a computer use agreement as a condition of their employment.

Useful Links

RACGP Social Media Guide

Recognise scam or hoax emails and websites

Australian Privacy Principles

Go to the Top