Secure Clinical Email: Terms and Conditions
Healthmail is a private email solution designed for general practitioners (GPs) and other health professionals to transmit and receive clinical patient information in a secure manner. Healthmail is for all primary health care providers other than those with a Health Service Executive (HSE) or voluntary hospital email address. Healthmail is configured to be easy to use and will improve electronic communications to the benefit of patients and clinicians.
The initial implementation of Healthmail is for GPs and their support staff. You will be informed in advance of the addition of other primary health care providers to the service. This is a managed service provided by Three, paid for by the HSE and governed by eHealth Ireland. The HSE and eHealth Ireland have no visibility of the email content on your account in Healthmail. Support to GPs and their staff is provided by the Three support desk accessible by phone and email.
This document constitutes the terms and conditions of Healthmail, the secure clinical email service. In order to sign up for Healthmail you need to read and agree to these terms and conditions. The document is made up of three parts:
1. Terms of Service;
2. Acceptable Use Policy;
3. Data Protection Policy;
1. Terms of Service
Healthmail is funded by the Health Service Executive (HSE). The project sponsor is John Hennessy, Director of Primary Care. Governance of the service is by eHealth Ireland. The general practitioner, as registered with the Office of the Data Protection Commissioner, is the data controller for his or her own secure clinical emails and for those of the employed practice support staff. Only the GP has access to the secure clinical email inbox.
1.2 Description of Service
Secure clinical email is a private bounded service for the exchange of patient identifiable clinical information. The solution will be for all primary care users, other than those with @hse or @voluntaryhospital email addresses, that require the facility in order to be able to communicate more effectively across the Irish health Service continuum for the benefit of all clients and patients.
1.3 Limitation of Liability
Healthmail shall use its best efforts in order to ensure that the service is responsive, reliable and functional. The technical architecture of the service has been designed to a specification to ensure a consistent high quality service. Attention has been paid to system resilience, recovery from fall over and backup of data. However, we do not warrant that the service will be error-free or available at any given time. Healthmail shall not be responsible for the consequences of delayed or missing email, downtime or inaccessibility of the service, or loss or corruption of stored data.
1.4 Inactive Accounts
If you don’t log in to your account for 6 months, your account will be considered inactive and will be temporarily disabled. In order to re-activate your account you will need to authenticate yourself and complete the registration process again.
1.5 Termination of Service
• You may terminate your use of the secure clinical email service at any time. Please contact the support desk to close your account. The support desk, using an authentication process, will validate your request.
• The secure email service as a whole may be terminated by the HSE at any time with 30 days notice to users. You will have the opportunity to download all your emails prior to closure of the service.
• The secure email service for individual users may be terminated immediately, without prior notice, for those who breach the acceptable use policy.
1.6 Changes to Terms of Service
If you have any questions about these terms and conditions, you should contact the secure email support team at 1800 80 00 02. The secure email team reserves the right to update this document as necessary. A copy of the current version can be found at www.healthmail.ie.
2. Acceptable Use Policy
This section aims to help you to understand what you can and can not do with your secure clinical email account. It is your responsibility to ensure that you understand and comply with this policy.
Healthmail allows general practitioners (GPs) to communicate confidential clinical patient information in a secure manner with consultants, hospitals and primary care teams. Governance of Healthmail is by eHealth Ireland.
2.2 Data Ownership
GPs are registered with the Office of the Data Protection Commissioner as Data Controllers for their patient records. Secure emails are part of that clinical record. The GP is the Data Controller for his or her secure emails and those of the practice nurse, practice manager, secretary or generic practice account.
2.3 System Design
Secure Clinical Email is a closed private network. GPs and their support staff can send and receive emails with anyone with a HSE email address or with the email address of an approved agency such as the voluntary hospitals e.g. @mater.ie. Emails can only be sent and received to approved domains. Public email systems such as Google or Hotmail can not interact with the secure email service. Thus, if you send an email to a public health nurse with an @hse.ie address, but send a copy to an @gmail.com address, the copy to the gmail account will not be sent.
Each general practitioner, and one of his or her support staff, can sign up for an @healthmail.ie account. The identity of the Healthmail GP user will be authenticated by the ICGP.
You are encouraged to use secure clinical email to send patient identifiable clinical information to health care staff who have a duty of care to your patient. This could be a hospital consultant who is sharing the care of your patient, a public health nurse, a primary care team, a community intervention team or a palliative care team. Where an existing method of electronic referral via Healthlink is in place you must utilise this in preference to secure email. Structured referrals, such as electronic cancer referrals or electronic general referrals are the required or mandatory method of sending referrals to secondary care and take priority over secure email.
It is the GP’s responsibility to ensure that there is someone at the end of the email address they are sending to, and that the recipient is willing to accept whatever request is contained in the secure email. You need to establish a relationship with the recipient. You can't just send and forget. Rather than relying on a directory that may be out of date it is best to confirm email addresses directly from colleagues who are willing to communicate with you by Healthmail.
Please be aware that:
• You should always be sure you have the correct contact details for the person you are sending information to.
• Contact email addresses provided at service launch by the Healthmail service are a snapshot of contact details at a point in time. They are not maintained or updated and will lose accuracy over time.
• The contact lists of users of Healthmail, HSE and Voluntary Hospital staff are confidential. They must not be copied, forwarded or otherwise distributed outside of the Healthmail system.
• The person you wish to take action on the email should be in the ‘To:” section. Being copied or ‘Cc:’ on an email does not imply action will be taken.
• You should request an acknowledgement that your email has been received.
• The email subject line is not encrypted. So it is best to keep the subject line simple, such as “Healthmail from Dr Joe Bloggs”. Never include patient names or identifiers in the subject line.
• Doctors are required to keep accurate and complete medical records. It is important that emails do not hinder this. You should ensure that relevant data contained in emails is immediately attached to the patient record.
• The system should not be used as a storage or backup solution for clinical documents.
• Secure email is not suitable for emergency or urgent communications. If you need to make urgent contact with a healthcare provider or facility you should make contact with them by phone or in person.
• During holiday periods, activate an ‘Out of Office” message to indicate how long you are on leave and who in the practice is available to receive secure clinical emails.
You can send attachments using secure email. These can be documents, spreadsheets and images. Allowed file formats include Word, Text, Excel, PDF and JPG. The size limit for Healthmail to Healthmail attachments is 60MB and for Healthmail to Connected Agency it's 10MB. If you send an attachment in an unusual file format, then the receiver may not be able to open the attachment. The preferred format is PDF (Portable Document Format).
2.6 What’s Acceptable
The following describes the acceptable use of Healthmail:
• Used to transmit confidential clinical patient identifiable information within the Irish health services, for example providing updated clinical information on a patient attending a hospital diabetic clinic.
• Can be used for both public and private patients;
• Can include attachments such as documents and images;
2.7 What’s Not Acceptable
The following describes unacceptable use of Healthmail:
• Use for personal email;
• Use for illegal activity, please see the prohibited use section below;
2.8 Prohibited Use
The following list is not exhaustive, but provided as an indication of prohibited use of secure clinical email, including creating, sending and forwarding email messages which pertain to any of the following contents or activities:
• Any pornographic, obscene, indecent or sexually explicit material;
• Any illegal material;
• Any offensive, harassing, sexist, racist, homophobic, hateful or otherwise offensive/discriminatory material;
• Chain messages and jokes;
• To perpetrate any form of fraud or criminal activity;
• Any form of defamation, discrimination, harassment or bullying;
• For the introduction of viruses, spyware or malware;
• To bring an organisation or a colleague into disrepute;
• For illicitly distributing any person identifiable or business confidential material;
• Sending personal emails to large number of recipients e.g. ‘concert tickets for sale’;
• ‘Spamming’ or sending bulk unsolicited emails;
• Infringement of copyrights;
• Unsolicted marketing, advertising and selling goods and services;
2.9 Managing Unacceptable Use
If your use of a secure email account is considered unacceptable, your account will be suspended. This decision will be made by the project manager for secure email in consultation with the service provider support desk. The suspension will be notified to eHealth Ireland, the governance group for secure email. The user of a suspended account has a right of appeal to eHealth Ireland.
Access to a secure clinical email account is via username and password. It is important to have a policy of strong passwords. Healthmail will enforce minimum password requirements. Passwords must be at least 8 characters in length and must include at least one uppercase letter, one lowercase letter, one number and one non alpha numeric character e.g. < ! + ? & ) $ *
Examples of strong passwords:
A user’s individual secure clinical email account password should not be shared with colleagues and should not be used for other accounts or online services. Generic practice accounts may use a shared password within a trusted group of practice staff. If a password is lost, it should be reset through the Healthmail support desk. It is your responsibility to keep your password confidential. If you believe there is unauthorised use of your account, please contact the Healthmail support desk immediately.
2.11 Generic Practice Accounts
A GP may decide to nominate his or her additional account as a generic practice email. The same information as for a person is needed to establish a generic practice account. Such a generic practice account could be used by locum GPs working in the practice. If a generic practice account exists it is important that there is clarity around:
• Who is the owner of the account e.g. GP or practice manager;
• Who is responsible for checking the account on a regular basis;
• Arrangements for when the owner of the account is on leave or absent from the practice;
Where a generic practice account is used, it is important that each user who sends an email from this account identifies themselves with their name and registration number. For GPs this would be their Medical Council registration number.
2.12 Contact Details
It is important that you keep your account contact details up to date. Please inform us if you change address or change practice. The GP is the data controller for their practice support staff account, so if your staff member leaves your employment, we need to know. The secure email service will endeavor to provide you with the contact details of clinicians in the primary and secondary care services in your area. The contact lists of HSE and voluntary hospital clinicians are confidential. They must not be copied, forwarded or otherwise distributed outside of the secure email system.
In a quid pro quo, the primary and secondary care services, and health agencies securely connected to Healthmail, will be provided with the @healthmail.ie addresses of the GPs and practice staff in their catchment area. The contact details of all holders of a secure email account will be available in a directory of users. This will allow efficient exchange of clinical information. The contact list of users of secure clinical email is confidential. It must not be copied, forwarded or otherwise distributed outside of the secure email system.
As part of your secure email account you will receive notifications. These will be of two types:
• Technical notifications to inform you of service updates, planned maintenance and new features;
• Clinical notifications to inform you of clinical information and alerts of importance to patient care, for example an epidemic of an infectious disease;
You will not be SPAMMED by the secure email service.
2.14 Mass Mailings
Secure email is a medium for transmitting patient identifiable clinical information within the health services. It should not be used as a medium for broadcasts, announcements, notifications, marketing or publicity by any party. To do so will degrade the quality of the service and reduce the uptake. Communication related to public health emergencies or urgent patient safety issues would be appropriate for the service. A subgroup of the governance body will review requests for mass mailings. The criteria for sending mass mailings will include:
• The information relates to clinical management of patients;
• The information is urgent;
• The information is of importance to the receiving party;
• Communicating the information is in the interests of patient safety;
Mass mailings to the entire Healthmail user directory or to significant subsets of same (> 50 addresses) must be approved by the governance body subgroup. Agencies that wish to send mass mailings to GPs, within the criteria described above, must include an unsubscribe link for recipients and must have in place a system for managing respondents who do not wish to receive their notifications.
We are keen to prevent the distribution of SPAM within Healthmail. To prevent potential misuse of accounts to send SPAM, there is a limit on the number of emails a user can send. A Healthmail user can send an email to only 50 recipients at one time and in total they can only send up to 250 messages per day from their secure email account. A message to 10 recipients counts as 10 messages.
2.15 Retirement or Emigration
If you no longer work as a GP in Ireland, then it is your responsibility to give up your secure email account. Please contact the support team. If you wish, you can download all your email messages before you close your account.
2.16 Storage and Archive
Secure clinical emails are considered to be fragments of the electronic patient record. In line with the data retention policy for medical records, secure email messages are stored for 8 years. Individual user mailboxes have a storage limit of 2GB of data.
2.17 Protecting the Data
If you access your secure email account over a Web Browser then all the emails and attachments are held securely on the Healthmail servers. If you download individual emails or attached files, or if you download all your email using an email programme on your computer, tablet or smart phone, then you are responsible for the security of the emails and files, in the same way as you are responsible for the security of your electronic patient records. Healthmail uses antivirus software and firewalls to maintain the security of the service. It is important that your practice also has up to date antivirus software and that you have the appropiate security measures in place in line with protecting the electronic data. This will vary depending on whether you are using a computer, laptop, tablet or smartphone to access your emails.
Your practice needs to be registered with the Office of the Data Protection Commissioner.
Support for the secure email service is limited to support for a web browser interface. No support is provided for apps on mobile devices or for POP, IMAP and SMTP interfaces.
3. Data Protection Policy
This section describes the data protection roles and responsibilities of all the parties involved in Healthmail. It also discusses information security, access and retention of data. Healthmail will allow health care professionals to exchange patient identifiable clinical information in a secure and confidential manner. It will reduce the use of faxes and obviate the use of normal email for clinical information.
3.1 Roles & Responsibilities
There are multiple people and agencies in play and they all have different roles and responsibilities.
Person or Agency
Health Service Executive (HSE)
Funds secure email service
Provides the hardware
Data Controller of user accounts
User of secure email
Data Controller of secure emails
Irish College of General Practitioners (ICGP)
Authenticates GP users
Managed service provider
Health Service Executive
The HSE has multiple roles. It is the data controller for the user account information that is managed by Three to establish and run the service. This is demographic information on the user e.g. name, email, mobile number, practice address, professional body registration number. Funding for the secure clinical email service comes from the HSE. The HSE owns the computer hardware that runs the secure clinical email service and because of this is considered a data processor. By agreeing the Terms and Conditions, the Healthmail user accepts the role of the HSE as a data processor. The hardware is located in the Mater Hospital data centre. Only the GP has access to the secure clinical email mailbox.
A secure clinical email that contains patient identifiable clinical information is a fragment of the patient record, for example, a referral from the GP to a community physiotherapist. The GP is the data controller for his or her own secure clinical emails and for those of the employed practice nurse or practice manager. The GP has access to his or her secure clinical emails and those of their employed staff.
Irish College of General Practitioners
The ICGP authenticates GP users of the secure email service, with their consent. This is to ensure they are bone fide general practitioners. In this role of authentication the ICGP is a data processor of the GP’s demographic data. The ICGP does not have access to the secure emails.
Three is the managed service provider. For the secure clinical email service Three is a data processor. Three manages the secure clinical email service, including security, data backup and archiving. The data is encrypted in transit and held encrypted at rest. There is rigorous control over access rights and encryption keys to ensure Three staff do not have access to the secure emails.
3.2 Private Bounded Network
Healthmail is a private bounded service for the exchange of patient identifiable clinical information. The solution will be for all primary care users, other than those with @hse or @voluntaryhospital email addresses, that require the facility in order to be able to communicate more effectively across the Irish Health Service continuum for the benefit of all clients and patients. Healthmail is bounded. Emails can only flow between the secure email service and identified white listed domains, such as @hse.ie, @stjames.ie, and @health.gov.ie. Using a secure email account, a primary care provider cannot send an email to a family member in Australia and cannot receive an email from Hotmail or Gmail or Eircom. Only emails from approved domains can be sent and received. Thus the secure email account is only suitable for communicating with health professionals in Ireland.
The initial implementation of secure clinical email will be for general practitioners and their support staff. GPs will be provided with an email address with the domain @healthmail.ie. A Transport Layer Security (TLS) connection will be established between this domain and health agencies, including the HSE and Voluntary Hospitals. TLS will be mandated, so that no email can flow unless TLS is enabled. Digital IDs will be used for authentication of the mail servers.
3.3 Archive and Discovery
Because secure emails form part of the patient’s medical record, they need to be archived and searchable. The secure email service will ensure that all emails are safely archived. In cases where a GP requests access to their email archive, or where a court order requires such access, the relevant subset of the archive will be made available. eHealth Ireland will administer this function and will work with Three to identify the search criteria and provide the emails subsequently discovered to the GP or the party identified in the court order. A search capability for users is also present within the secure email user interface.
3.4 Information Security
GPs log on to a secure web portal to create secure emails. The GP’s browser uses HTTPS, to make a secure connection to the web portal. The secure email servers are based in the Mater Hospital data centre in Ireland and utilise firewalls and anti malware services. The disks are encrypted using Microsoft BitLocker. Connections between the secure email service and health agencies are secured using Transport Layer Security (TLS). There is built in redundancy in the Mater Hospital data centre and a fall over to a second Disaster Recovery data centre in a separate site in the Mater Hospital if required. In line with medical records data retention policy the service will store secure clinical email messages for 8 years.
I confirm I have read the Terms of Service, Acceptable Use Policy and Data Protection Policy. I accept these terms and conditions.