Privacy Policy

Healthmail: Privacy and Cookie Policy

1. Privacy
This statement relates to the Healthmail user account registration privacy practices.

1.1 General statement
Healthmail fully respects your right to privacy and will not collect any user account information without your clear permission. Any user registration information that you provide to the Healthmail service will be treated with high standards of security and confidentiality, strictly in accordance with Irish Data Protection Acts, the EU General Data Protection Regulation and any guidance issued by the Data Protection Commission.

1.2 Information Collected
When you register for a Healthmail account you provide detailed personal and professional information. For the first phase of implementation, we need to ensure you are a general practitioner working in a practice in order to set you up with a Healthmail account. The information you provide will be authenticated by the Irish College of General Practitioners and/or eHealth Ireland. Here is the information requested when you register for a Healthmail account:

Information Requested



Account set up and authentication of user as working GP

First name

Account set up and authentication of user as working GP

Middle initial

Account set up and authentication of user as working GP


Account set up and authentication of user as working GP

Mobile phone number

Used to send account password by SMS text for security reasons, authentication of user against ICGP records, authentication of user by support help desk

ICGP membership number

Optional data, used to speed up authentication if available

Role in practice

Account set up

Medical Council Registration number

Authentication of user

Practice Name

Account set up and provision of user directory

Practice Address

Account set up and provision of user directory

Practice Phone number

Account set up and provision of user directory, authentication of user

Normal email address

To communicate username for new Healthmail account, to resend security code from support help desk

Hospitals you work with

To supply contact lists of hospital consultants

We need your existing personal email account and mobile phone number so that we can send you a username for your new Healthmail account by email and a password by text message. You will be provided with a security code so that we can authenticate you if you phone up the support desk with a problem. We are only capturing the minimum data necessary for service provision. The information is collected through one standard registration process. 

1.3 Accurate information
It is important that you keep your user account contact details up to date. Please inform the Healthmail support desk if you change address or change practice. The GP is the data controller for their practice support staff account, so if your staff member leaves your employment it is your responsibility to inform us. 

1.4 How We Use Your Information
We use your information to provision you with a Healthmail inbox in Outlook Web App. The secure email service will endeavor to provide you with the contact details of clinicians in the primary and secondary care services in your area. In a quid pro quo, the primary and secondary care services, and health agencies securely connected to Healthmail, will be provided with the addresses of the GPs and practice staff in their catchment area. The contact details of all holders of a secure email account will be available in the Healthmail directory of users. This will allow efficient exchange of confidential clinical information. We may also use your mobile phone number to send a reminder message to users who haven’t logged in to Healthmail in more than 90 days.

1.5 Retention
We will retain your user registration data for the duration of time that you maintain a Healthmail account and for an additional period of 8 years after you close your account. Secure clinical emails are considered to be fragments of the electronic patient record. In line with the data retention policy for medical records, secure email messages are stored for 8 years. The user registration data needs to be retained for a similar period. 

1.6 Access
On request, we can supply copies of the personal data that you supplied to Healthmail. If you wish to obtain such information, you should contact the Healthmail support desk. The support desk, using an authentication process, will validate your request.

If you discover that we hold inaccurate information about you, we will correct that information. In certain circumstances you may also request that user registration data that you have supplied to Healthmail be deleted. If you have any questions or concerns about how your user registration data is retained or processed, please contact the Healthmail support desk. 

1.7 Notifications
As part of your secure clinical email account you will receive notifications. These will be of two types:
•    Technical notifications to inform you of service updates, planned maintenance and new features;
•    Clinical notifications to inform you of clinical information and alerts of importance to patient care, for example an epidemic of an infectious disease;

You will not be SPAMMED by the secure email service. 

1.8 Changes to the Privacy Policy
If the privacy policy changes we will notify you by email. 

2. Cookie Policy
A cookie is a piece of information that some websites place on your computer or mobile device. The Healthmail portal at does not use tracking cookies. 

When using FBA (Forms Based Authentication) authentication in Outlook Web App (OWA), a cookie is stored in the browser cache with the user’s encrypted session information. This cookie is used to determine the idle time allowed for the OWA session before the session is automatically terminated. For public computers, the default time-out value set is between 15 and 22 minutes; for private computers, the default session time-out value is between 8 and 12 hours. This timeout is used to ensure that users that fail to log out of their active OWA sessions will eventually have their sessions ended. The caveat is that user’s OWA sessions remain authenticated and accessible until the cookie timeout expires.

3. Healthmail Support Desk
You can contact the Healthmail support desk as follows:
•    Phone: 1800 800 002 and select option 2
•    Web: complete the online support form at 

Last updated 20/02/2018