Strengthen security by:
- using secure messaging or encrypted email instead of standard unencrypted email
- sending clinical information as a password-protected PDF and sending the password by another means.
Concise Advice
Using technology for communicating with/about patients
Last reviewed/updated: 01 Jun 2022
Can I use SMS to communicate with patients?
Yes – provided you have the patient's consent. We recommend you:
- use this type of communication for administrative rather than clinical matters, remembering that an SMS may be seen by someone else
- send the SMS from a practice-dedicated phone or web subscription rather than your personal number
- consider any workplace protocols about the use of SMS and related consent and privacy issues
- save the message to the medical record.
Text messaging in general practice, The Royal Australian College of General Practitioners
General practice ethics: text messages and boundaries in the GP–patient relationship, Australian Family Physician
Can I use SMS or apps such as WhatsApp to communicate with colleagues about patients?
Yes, but use with caution. There’s a high risk of a privacy breach because:
- SMS is not encrypted and could be intercepted
- messages on the device may be seen or accessed by someone outside the group
- WhatsApp is encrypted during transmission but once decrypted on your device the messages may be stored in the cloud on a server overseas
- ex-employees may still have access to group chats.
If your organisation allows it and you decide the benefits outweigh the risks:
- avoid identifying the patient in the message
- save each message to the patient’s record
- keep your phone secure via settings and strong passwords.
Some healthcare organisations are now using secure clinical communication platforms which allow messaging, group chats and sending images.
Can I use email to communicate with patients?
Yes, if:
- patients consent to it and understand that email isn’t necessarily secure
- there are reasonable IT security measures in place
- you follow workplace protocols
- consent and privacy issues are managed.
Sending from your personal email address is not recommended.
Emails should be saved in the patient record.Email and texts to patients, MDA National
Using email in general practice, The Royal Australian College of General Practitioners
Can I use email to communicate with colleagues about patients?
Yes, if:
- patients consent to it and understand what information is being sent and that email is not necessarily secure
- you follow workplace protocols
- you manage consent and privacy issues
- there are reasonable IT security measures in place.
Secure messaging and cyber security for healthcare providers, Australian Digital Health Agency
Using email in general practice, The Royal Australian College of General Practitioners
Can I use my mobile phone to take clinical photos of patients?
Yes, if the patient consents to it and understands:
- the purpose of taking the photo/s
- who will see the photo/s
- what will be in the photo/s and whether the patient will be identifiable
- how photos will be stored and kept secure, and for how long.
Images where the patient can be identified are subject to the Privacy Act 1988. It's important to:
- keep your phone as secure as possible via settings and strong passwords
- upload the image to the medical record
- securely delete the image from your phone when it's no longer needed
- not post images to social media.
Using personal mobile devices for clinical photos in general practice, The Royal Australian College of General Practitioners
Taking photos of patients, Office of the Australian Information Commissioner
Clinical images and the use of personal mobile devices, Australian Medical Association & Medical Indemnity Industry Association of Australia
Legal considerations of consent and privacy in the context of clinical photography in Australian medical practice, Med J AustCan a consultation be recorded?
Yes, if the patient consents to it and the recording is kept secure. The consent should be written or oral as part of the recording, and the patient should understand:
- what will be recorded and whether they’ll be identifiable
- who will hear the recording
- how it will be stored and for how long
- how they can withdraw their consent.
Recording a consultation at a patient's request is a complex area. We recommend you contact your medical indemnity insurer for advice.
Recording of consults is complex – GPs should proceed with caution, Medical Council of New South Wales
Making and using visual and audio recordings of patients, General Medical Council (UK)What do I do if a patient asks to record the consultation?
The laws on getting consent for audio and video recordings vary across states and territories. In the Northern Territory, Queensland and Victoria a patient could legally record and share the recording, including telehealth consultations, without asking you.
- Ask the patient why.
- If it's for a good reason and you're comfortable with being recorded, you can agree to it.
- If you don't feel comfortable or don't think it's a good idea (e.g. the patient's condition is sensitive) you can decline. If you decline, you should explain why and offer alternatives such as giving them a written summary or having a family member present during the consultation.
- You may:
- choose to make a recording yourself and keep a copy
- express that you don't want the recording posted on the internet (including social media) and you could get agreement on this in writing.
- Consider having a practice-wide policy on this issue.
Hey doc, I’m recording this consultation, MDA National
Need more specific advice?
- Call 1800 011 255 – available 24 hours a day in an emergency
- Complete our Contact us form
- Don't hesitate to ask us a question, we're here to support Members
The information on this page is a guide only. Members are encouraged to contact us directly for specific advice. If you are not an MDA National Member, contact your medical indemnity insurer for advice specific to your situation.
