Email Guidelines for Psychologists 

Download a PDF copy here

This fact sheet was developed by the Australian Association of Psychologists Inc to provide general advice around the use of email to receive and send health related information with clients, referrers and third parties.

Email is one of the most common and convenient ways that Psychologists use to communicate health related information with referrers and clients. All Psychologists are bound by laws and ethics that mean that they must ensure that their communication of health related information is secure and safe. Important considerations when deciding whether to use email to communicate health information to or regarding clients are;

  • The security of your email provider

  • Informed Consent of your client that is documented

  • Compliance with Privacy Act 1988

Code of Ethics for Psychologists

What are the risks that I need to manage?

With any transfer of information there is always a risk that it will be read by someone other than the intended recipient. This can be due to error, other people accessing clients emails if it is on a shared device, emails being forwarded onto others without the original senders consent, email being intercepted due to lack of encryption or hacking.

Health information is the most sensitive type of personal information under the Privacy Act 1988. Reasonable steps need to be taken to ensure this information is protected including the way it is transmitted. The term reasonable steps can be interpreted many ways depending on what information you are transmitting and what harm could come to the client if the information was intercepted or incorrectly sent. If you do not take these steps to ensure the privacy of your client you may be in breach of the Australian Privacy Principles (APPs). This could result in action against you.

What steps can I take to ensure emails are secure and safe?

  • Avoid using free email platforms. They usually do not have encryption that meets the medical standard for transmitting health information and may sell your information to advertisers.

  • Use passwords to protect sensitive files from being able to be opened by anyone other than the intended recipient. Always send passwords to clients through an alternative method i.e. via text, phone call etc and not to the same email address that the file is being sent to.

  • Use encrypted email. This can be through using encryption software or via a secure website.

  • Check email addresses are correct before sending health information

  • Verify email addresses with blank emails/generic deidentified emails before

    transmitting personal health information

  • Obtain written consent from clients that outlines the risks in receiving email


  • Develop email policies for staff to refer to when using email to transmit health


  • The safest option is not to use email to send client data. If you are at all

    concerned then choose this option.

  • Use Secure Electronic Communication alternatives

    Alternatives to emailing that provide more secure transfer of health information (Secure Electronic Communications);

  • Medical-Objects

  • HealthLink

  • CorePlus

  • Argus

  • ReferralNet Agent

  • MMEx

  • MDExchange

Download a PDF copy here