Secure Clinical Email: Terms and Conditions
Healthmail is a private email solution designed for healthcare practitioners in Primary Care and other health professionals to transmit and receive clinical patient information in a secure manner. Healthmail is for all primary health care providers other than those with a Health Service Executive (HSE) or voluntary hospital email address. Healthmail is configured to be easy to use and will improve electronic communications to the benefit of patients and clinicians.
Healthmail is a managed service provided by Three, paid for by the HSE and governed by eHealth Ireland. The HSE and eHealth Ireland have no visibility of the email content on your account in Healthmail. User support is provided by the Three support desk accessible by phone and email.
This document constitutes the terms and conditions of Healthmail, the secure clinical email service. In order to sign up for Healthmail you need to read and agree to these terms and conditions. The document is made up of three parts:
1. Terms of Service;
2. Acceptable Use Policy;
3. Data Protection Policy;
1. Terms of Service
Healthmail is funded by the Health Service Executive (HSE). The project sponsor is John Hennessy, Director of Primary Care. Governance of the service is by eHealth Ireland. The pharmacy owner / supervising pharmacist, as registered with the Office of the Data Protection Commissioner, is the data controller for his or her own secure clinical emails and for those of the employed pharmacy support staff. Only the pharmacist, or agreed staff members, has access to the secure clinical email inbox.
1.2 Description of Service
Secure clinical email is a private bounded service for the exchange of patient identifiable clinical information. The solution will be for all primary care users, other than those with @hse or @voluntaryhospital email addresses, that require the facility in order to be able to communicate more effectively across the Irish Health Service continuum for the benefit of all clients and patients.
1.3 Limitation of Liability
Healthmail shall use its best efforts in order to ensure that the service is responsive, reliable and functional. The technical architecture of the service has been designed to a specification to ensure a consistent high quality service. Attention has been paid to system resilience, recovery from fall over and backup of data. However, we do not warrant that the service will be error-free or available at any given time. Healthmail shall not be responsible for the consequences of delayed or missing email, downtime or inaccessibility of the service, or loss or corruption of stored data.
1.4 Inactive Accounts
If you don’t log in to your account for 6 months, your account will be considered inactive and will be temporarily disabled. In order to re-activate your account you will need to authenticate yourself and complete the registration process again.
1.5 Termination of Service
• You may terminate your use of the secure clinical email service at any time. Please contact the support desk to close your account. The support desk, using an authentication process, will validate your request.
• The secure email service as a whole may be terminated by the HSE at any time with 30 days’ notice to users. You will have the opportunity to download all your emails prior to closure of the service.
• The secure email service for individual users may be terminated immediately, without prior notice, for those who breach the acceptable use policy.
1.6 Changes to Terms of Service
If you have any questions about these terms and conditions, you should contact the secure email support team at 1800 800 002 . The secure email team reserves the right to update this document as necessary. A copy of the current version can be found at www.healthmail.ie
2. Acceptable Use Policy
This section aims to help you to understand what you can and cannot do with your secure clinical email account. It is your responsibility to ensure that you understand and comply with this policy.
Healthmail allows pharmacists to communicate confidential clinical patient information in a secure manner
2.2 Data Ownership
The pharmacy owner/supervising pharmacist is the Data Controller for his or her secure emails and those of the pharmacy staff
2.3 System Design
Healthmail is a closed private network. Users can exchange emails with anyone with a Healthmail address, a HSE email address or with the email address of an approved agency such as the voluntary hospitals e.g. @mater.ie. Emails can only be sent and received to approved domains. Public email systems such as Google or Hotmail cannot interact with Healthmail. Thus, if you send an email to a public health nurse with an @hse.ie address, but send a copy to an @gmail.com address, the copy to the gmail account will not be sent
A supervising pharmacist can sign up for an @healthmail.ie account. The identity of the Healthmail pharmacist user will be authenticated by the IPU or eHealth Ireland.
You are encouraged to use secure clinical email to send patient identifiable clinical information to health care staff who have a duty of care to your patient. This could be a GP or hospital consultant who is sharing the care of your patient, a public health nurse, a primary care team, a community intervention team or a palliative care team. Where an existing method of electronic referral via Healthlink is in place you must utilise this in preference to secure email. Structured referrals, such as electronic cancer referrals or electronic general referrals are the required or mandatory method of sending referrals to secondary care and take priority over secure email.
It is your responsibility to ensure that there is someone at the end of the email address that you are sending to and that the recipient is willing to accept whatever request is contained in the email. You need to establish a relationship with the recipient. You cannot just send and forget.
In particular, please be aware that:
• Healthmail is not suitable for emergency communications or urgent patient care requests. If you need to make urgent contact with a healthcare provider or facility you should do so by phone or in person.
• You should always be sure you have the correct contact details for the person you are sending information to.
• You should request an acknowledgement that your email has been received.
• Your account should be checked frequently.
• The contact details of users of Healthmail are confidential. They must not be copied, forwarded or otherwise distributed outside of the Healthmail system.
• The person you wish to take action on the email should be in the 'To:' section. Being copied or 'Cc:' on an email does not imply action will be taken.
• The email subject line is not encrypted. Never include patient names or identifiers in the subject line.
• You should ensure that relevant data contained in emails is immediately downloaded to the patient record in your patient management system.
• The system should not be used as a storage or backup solution for clinical documents.
• During holiday periods, activate an ‘Out of Office” message to indicate how long you are on leave and who in the practice is available to receive secure clinical emails
You can send attachments using secure email. These can be documents, spreadsheets and images. Allowed file formats include Word, Text, Excel, PDF and JPG. The size limit for Healthmail to Healthmail attachments is 60MB and for Healthmail to Connected Agency it's 10MB. If you send an attachment in an unusual file format, then the receiver may not be able to open the attachment. The preferred format is PDF (Portable Document Format).
2.6 What’s Acceptable
The following describes the acceptable use of Healthmail:
• Used to transmit confidential clinical patient identifiable information within the Irish health services, for example providing updated clinical information on a patient attending a hospital diabetic clinic.
• Can be used for both public and private patients;
• Can include attachments such as documents and images;
2.7 What’s Not Acceptable
The following describes unacceptable use of Healthmail:
• Use for personal email;
• Use for illegal activity, please see the prohibited use section below;
2.8 Prohibited Use
The following list is not exhaustive, but provided as an indication of prohibited use of secure clinical email, including creating, sending and forwarding email messages which pertain to any of the following contents or activities:
• Any pornographic, obscene, indecent or sexually explicit material;
• Any illegal material;
• Any offensive, harassing, sexist, racist, homophobic, hateful or otherwise offensive/discriminatory material;
• Chain messages and jokes;
• To perpetrate any form of fraud or criminal activity;
• Any form of defamation, discrimination, harassment or bullying;
• For the introduction of viruses, spyware or malware;
• To bring an organisation or a colleague into disrepute;
• For illicitly distributing any person identifiable or business confidential material;
• Sending personal emails to large number of recipients e.g. ‘concert tickets for sale’;
• ‘Spamming’ or sending bulk unsolicited emails;
• Infringement of copyrights;
• Unsolicited marketing, advertising and selling goods and services;
2.9 Managing Unacceptable Use
If your use of a secure email account is considered unacceptable, your account will be suspended. This decision will be made by the operations manager for secure email in consultation with the service provider support desk. The suspension will be notified to eHealth Ireland, the governance group for secure email. The user of a suspended account has a right of appeal to eHealth Ireland.
Access to a secure clinical email account is via username and password. It is important to have a policy of strong passwords. Healthmail will enforce minimum password requirements. Passwords must be at least 8 characters in length and must include at least one uppercase letter, one lowercase letter, one number and one non alpha numeric character e.g. < ! + ? & ) $ *
Examples of strong passwords:
If a password is lost, it should be reset through the Healthmail support desk. It is your responsibility to keep your password confidential. If you believe there is unauthorised use of your account, please contact the Healthmail support desk immediately.
2.11 Contact Details
It is important that you keep your account contact details up to date. Please inform us if you change address or change practice. The secure email service will endeavor to provide you with the contact details of clinicians in the primary and secondary care services in your area. The contact lists of HSE and voluntary hospital clinicians are confidential. They must not be copied, forwarded or otherwise distributed.
In a quid pro quo, the primary and secondary care services, and health agencies securely connected to Healthmail, will be provided with the @healthmail.ie addresses of users in their catchment area. The contact details of all holders of a Healthmail account will be available in a directory of users. This will allow efficient exchange of clinical information. The contact list of Healthmail users is confidential. It must not be copied, forwarded or otherwise distributed.
In order to facilitate the adoption of Healthmail across GP and Pharmacy systems, Healthmail addresses are available to IT vendors. Such vendors have no visibility of the email content or activity on your account in Healthmail.
As part of your secure email account you will receive notifications. These will be of two types:
• Technical notifications to inform you of service updates, planned maintenance and new features;
• Clinical notifications to inform you of clinical information and alerts of importance to patient care, for example an epidemic of an infectious disease;
2.13 Mass Mailings
Secure email is a medium for transmitting patient identifiable clinical information within the health services. It should not be used as a medium for broadcasts, announcements, notifications, marketing or publicity by any party. To do so will degrade the quality of the service and reduce the uptake. Communication related to public health emergencies or urgent patient safety issues would be appropriate for the service. A subgroup of the governance body will review requests for mass mailings. The criteria for sending mass mailings will include:
• The information relates to clinical management of patients;
• The information is urgent;
• The information is of importance to the receiving party;
• Communicating the information is in the interests of patient safety;
Mass mailings to the entire Healthmail user directory or to significant subsets of same (> 50 addresses) must be approved by the governance body subgroup. Agencies that wish to send mass mailings to Healthmail users within the criteria described above, must include an unsubscribe link for recipients and must have in place a system for managing respondents who do not wish to receive their notifications.
We are keen to prevent the distribution of SPAM within Healthmail. To prevent potential misuse of accounts to send SPAM, there is a limit on the number of emails a user can send. A Healthmail user can send an email to only 50 recipients at one time and in total they can only send up to 250 messages per day from their secure email account. A message to 10 recipients counts as 10 messages.
2.14 Termination of Employment
If you no longer work as a pharmacist in Ireland, then it is your responsibility to give up your Healthmail account. Please contact the support team who will advise on the necessary steps.
2.15 Storage and Archive
Secure clinical emails are considered to be fragments of the electronic patient record. In line with the data retention policy for medical records, secure email messages are stored for 8 years. Individual user mailboxes have a storage limit of 2GB of data.
2.16 Protecting the Data
If you access your secure email account over a Web Browser then all the emails and attachments are held securely on the Healthmail servers. If you download individual emails or attached files, or if you download all your email using an email program on your computer, tablet or smart phone, then you are responsible for the security of the emails and files, in the same way as you are responsible for the security of your electronic patient records. Healthmail uses antivirus software and firewalls to maintain the security of the service. It is important that your pharmacy also has up to date antivirus software and that you have the appropriate security measures in place in line with protecting the electronic data. This will vary depending on whether you are using a computer, laptop, tablet or smartphone to access your emails.
Your pharmacy needs to be registered with the Office of the Data Protection Commissioner. Individual user mailboxes have a storage limit of 2GB of data.
Support for the secure email service is limited to support for a web browser interface. No support is provided for apps on mobile devices or for POP, IMAP and SMTP interfaces.
3. Data Protection Policy
This section describes the data protection roles and responsibilities of all the parties involved in Healthmail. It also discusses information security, access and retention of data. By agreeing the Terms and Conditions, the Healthmail users accepts the roles of each person/agency as outlined below.
3.1 Roles & Responsibilities
There are multiple people and agencies in play and they all have different roles and responsibilities.
Person or Agency
Health Service Executive (HSE)
Funds secure email service
Provides the hardware
Data Controller of user accounts
User of secure email
Data Controller of secure emails
Irish Pharmacy Union (IPU)
|Authenticates Pharmacy users||Data Processor|
Managed service provider
Health Service Executive
The HSE has multiple roles. It is the data controller for the user account information that is managed by Three to establish and run the service. This is demographic information on the user e.g. name, email, mobile number, pharmacy address, professional body registration number. Funding for the secure clinical email service comes from the HSE. The HSE owns the computer hardware that runs the secure clinical email service and because of this is considered a data processor.
A secure clinical email that contains patient identifiable patient information is a fragment of the patient record, for example, a prescription query from a pharmacist to a GP. The pharmacy owner/supervising pharmacist is the data controller of their secure clinical emails.
Irish Pharmacy Union
The IPU authenticates pharmacy users of the secure email service, with their consent. This is to ensure they are bone fide supervising pharmacist. In this role of authentication, the IPU is a data processor of the pharmacist’s demographic data. The IPU does not have access to the secure emails.
Three is the managed service provider. For the secure clinical email service Three is a data processor. Three manages the secure clinical email service, including security, data backup and archiving. The data is encrypted in transit and held encrypted at rest. There is rigorous control over access rights and encryption keys to ensure Three staff do not have access to the secure emails.
3.2 Private Bounded Network
Healthmail is a bounded service. Emails can only flow between the secure email service and identified whitelisted domains, such as @hse.ie, @stjames.ie, and @health.gov.ie. Healthmail cannot exchange email with Hotmail or Gmail or any public email system. Only emails from approved domains can be sent and received. Thus the secure email account is only suitable for communicating with health professionals in Ireland.
A Transport Layer Security (TLS) connection is established between Healthmail and all whitelisted domains. TLS is mandatory, meaning no email can flow unless it is enabled
3.3 Archive and Discovery
Because secure emails form part of the patient’s medical record, they need to be archived and searchable. The secure email service will ensure that all emails are safely archived. In cases where a pharmacists requests access to their email archive, or where a court order requires such access, the relevant subset of the archive will be made available. eHealth Ireland will administer this function and will work with Three to identify the search criteria and provide the emails subsequently discovered to the pharmacist or the party identified in the court order. A search capability for users is also present within the secure email user interface.
3.4 Information Security
Users log on to a secure web portal to create secure emails. The browser uses HTTPS, to make a secure connection to the web portal. The secure email servers are based in the Mater Hospital data centre and utilise firewalls and anti malware services. The disks are encrypted using Microsoft BitLocker. Connections between the secure email service and health agencies are secured using Transport Layer Security (TLS). There is built in redundancy in the Mater Hospital data centre and a fall over to a second Disaster Recovery data centre in a separate site in the Mater Hospital. In line with medical records data retention policy the service will store secure clinical email messages for 8 years.
I confirm I have read the Terms of Service, Acceptable Use Policy and Data Protection Policy. I accept these terms and conditions.