By Rhiannon Riches
Optometrists who use unsecure email to send patient referrals to GPs or ophthalmologists are potentially at risk of breaching privacy laws.
Optometry Australia has noticed an increase in the number of enquiries from members seeking clarification of their legal obligations when sharing patient information electronically, as well as enquiries about the current technology available to support secure electronic information exchange.
Policy and advocacy adviser Christopher Poulter says using technology such as secure messaging allows the secure point to point transfer of information such as e-referrals from one health-care provider to another.
‘We want to encourage optometrists to become more involved in e-health and adopt best practice e-health processes including secure messaging. At the same time, we are taking opportunities where we can to highlight to government the need to support the optometry sector to participate in e-health in a meaningful way,’ he said.
In response to the steady flow of member enquiries, Optometry Australia has released a question-and-answer fact sheet to help guide optometrists in what they need to know about sharing electronic information securely.
The fact sheet outlines the obligations optometrists must meet under national law, the difference between secure messaging and an encrypted email, industry standards for secure messaging, and considerations when choosing a secure messaging provider.
‘To ensure optometrists and optometric practices are meeting their privacy obligations, Optometry Australia recommends all electronic transmission of personal clinical information is appropriately secured, either using a form of encryption at a minimum, or preferably through a virtual private network via secure messaging,’ Mr Poulter said.
Clinical information should be sent only by unsecured email as a last resort, for example, in emergency situations.
The Royal Australian College of General Practitioners does not recommend sending unsecure clinical information via email and there have been reports of GPs lodging complaints when other health-care providers have sent them by email unsecured clinical information, such as patient referrals.
Optometry Australia has met with secure messaging providers to encourage suppliers to adopt secure messaging for optometric practice management systems.
‘We have initiated discussions with various providers about their systems and about their supporting best practice information exchange for optometrists,’ he said.
Optometry Australia is encouraging members to discuss with their practice management software provider the need for current systems to be compatible with secure messaging technology. Secure messaging is one of several foundations underpinning the national e-health strategy, including the Personally Controlled Electronic Health Record.
Optometry Australia’s Q&A Practice Note provides an overview of legal obligations to protect personal information and advice sent and received electronically, such as a patient referral.
Optometry Australia is also developing a strategy to assist members to adopt best practice information exchange.
Choosing a secure messaging provider
It is essential to ensure your messaging service provider meets the appropriate privacy obligations and is compatible across your local health-care provider networks. When considering a secure messaging provider for your practice, it is advisable to:
• Consult with your practice management software vendor to find out whether your practice software supports secure messaging and any compatibility issues, as well as any future plans by the vendor to integrate its software with a single messaging service provider.
• Consult with your local Primary Health Network, the organisations replacing Medicare Locals, regarding the most common messaging service providers used by your local health-care community, such as GPs in your area.
• Ensure the messaging service provider is compliant with Secure Message Delivery (SMD). This will ensure it meets the agreed industry standard adopted by National Electronic Health Transition Authority (NEHTA). A register of messaging service providers that are SMD compliant can be found on NEHTA’s website.
From Sharing clinical information electronically: What you need to know