OPERATIONAL DIRECTIVE
Enquiries to: Alan Weaire.
Phone number: 6213 5475
Previous Email Management Policy.
Supersedes:
Subject:
OD number:
Date:
File No:
OD: 0470/13
31 October 2013
RSD-00767/02
Email Management Policy.
E-mail is an integral part of WA Health’s communications with healthcare organisations,
government agencies, business and consumers.
The purpose of this policy is to ensure staff are aware that the use of the e-mail facility
imposes responsibilities and obligations on WA Health staff.
E-mail messages, sent and received, are evidence of WA Health’s decisions, business
transactions, and activities and are considered to be official records. These records must be
kept in accordance with the specific Record-Keeping Plan that covers the area responsible
for maintaining the record. This will ensure compliance with the relevant records legislation
including the State Records Act 2000.
The ubiquitous use of e-mail in public, private and social settings requires care by WA Health
staff in ensuring that e-mail content is acceptable and does not breach privacy and
confidentiality.
Professor Bryant Stokes
A/DIRECTOR GENERAL
DEPARTMENT OF HEALTH WA
This information is available in alternative formats on request for a person with a
disability.
1
E-MAIL MANAGEMENT POLICY
1.
PURPOSE
E-mail is an integral part of WA Health’s communications with healthcare
organisations, government agencies, business and consumers.
The purpose of this policy is to ensure staff are aware that the use of the e-mail
facility imposes responsibilities and obligations on WA Health staff.
E-mail messages, sent and received, are evidence of WA Health’s decisions,
business transactions, and activities and are considered to be official records. These
records must be kept in accordance with the specific Record-Keeping Plan that
covers the area responsible for maintaining the record. This will ensure compliance
with the relevant records legislation including the State Records Act 2000.
The ubiquitous use of e-mail in public, private and social settings requires care by
WA Health staff in ensuring that e-mail content is acceptable and does not breach
privacy and confidentiality.
2.
SCOPE
This policy applies to all staff of WA Health (employees, contractors, students,
volunteers and agency personnel) incorporating the following entities:
 Department of Health;
 Metropolitan Health Services;
 WA Country Health Service;
 Peel Health Service.
This policy also applies to external health entities and their personnel who have been
granted access to WA Health’s Information and Communications Technology (ICT)
infrastructure and services.
This policy must be read in conjunction with the Acceptable Use Policy – Information
and Communications Technology, which governs the use of ICT by WA Health staff.
This and other policies and standards associated with information management and
security are available at the HIN Intranet Site.
3.
POLICY
3.1
E-mail is a significant and important means of communication
within WA Health and with external parties and is an integral part of
the business of WA Health. As with other forms of business
communications, use of e-mail must be managed in the contexts of
Version: 3.0
Effective Date: TBD
E-mail Management Policy
privacy, confidentiality, government recordkeeping and acceptable
behaviour.
4.
3.2
Business related electronic communications must be retained in
the appropriate record-keeping system for legal and historical
purposes. The e-mail system or network drives must not be used
for official record-keeping purposes.
3.3
WA Health entities must ensure patient/client person-identifiable,
sensitive and confidential information disseminated via e-mail is
secure.
3.4
Reasonable personal use of WA Health e-mail system is permitted
as long as it conforms to the Acceptable Use Policy and does not
adversely impact on the ICT infrastructure, business activity or
work productivity.
3.5
Personal e-mail should be kept to a minimum and not stored in the
e-mail folders. WA Health e-mail infrastructure must not be used
for storing personal mail or large video or audio files.
3.6
WA Health may monitor or investigate employee e-mail accounts
and usage of the service and disciplinary action may be taken for
breaches of the Acceptable Use Policy.
3.7
Public folders must only be used to store ‘public information’
which contains no confidential or sensitive data.
3.8
All e-mail messages (including ephemeral and personal mail) will
be backed-up and archived for a minimum of 5 years for recovery
or discovery purposes by WA Health ICT Operations.
3.9
Disclaimers must be used with caution, where there is a duty of care
involved legal advice must be sought.
3.10
Inactive mailboxes will be disconnected after 3 months, unless
extensions have been arranged through the Service Desk for reasonable
purposes.
POLICY DETAILS
WA Health uses records, paper and electronic, for institutional memory as well as to
provide service and information to customers, whether the general public,
employees, or government. The following will assist to streamline the workflow and
minimize the risk of information loss in respect to e-mail communications.
Printed Copies are Not Controlled
2/17
E-mail Management Policy
4.1 Use of E-mail
Electronic mail (e-mail) is an integral part of WA Health’s internal and external
communication strategy. While email has become a necessary and very easy-to-use
option for communicating, it may not always be the most appropriate.
Communications theory suggests:
 face-to-face communications, especially with colleagues in a business setting,
is generally preferable and can help to avoid misunderstanding and strengthen
interpersonal relationships.
 Emails can work well for conveying brief, factual information. This information
can be sent to multiple recipients in a single e-mail aiding productivity and
assuring the same information is received by all participants.
 When conveying information that may be subject to misunderstanding or
misinterpretation, it is generally best to use the phone or seek a face-to-face
interaction. Email may later be used to document the discussion.
Generally speaking e-mail should be short messages requesting action or comment,
or passing on information via shortcuts; attachments; or links to websites or a
document store. Significant documents such as policies, procedures, minutes, etc.
should be saved in the appropriate system supporting proper records management
procedures.
Productivity is only one consideration when communicating via e-mail; privacy and
confidentiality issues are major concerns particularly in the WA Health environment.
The WA Health Performance, Activity & Quality Division has developed a number of
data management policies related to patient information including:

Operational Directive OD 0304/10 - Information Classification Policy


Operational Directive OD 0371/12 - Information Lifecycle Management Policy
Information Access and Disclosure Policy.
In determining when email is the appropriate choice for communicating, consider the
nature of the message (public, private, restricted), the needs of the receiver and the
value of using an alternative medium.
4.2 E-mail Record-keeping Management
E-mail is considered to be a record. E-mail documents created or received by
officers in connection with WA Health business activities are the property of WA
Health, not the individual. These e-mail records can be classified into the following
categories:
4.2.1
Business e-mail
A business e-mail contains information created or received by an officer, via an
e-mail system, in the course of his/her duties. A business e-mail may have
any or all of the following attributes:
Printed Copies are Not Controlled
3/17
E-mail Management Policy



information which is of evidential and/or historical value and is not
recorded elsewhere on the public record;
formal communications and/or a transaction between officers (for
example a report or submission) or between an officer and another
party; or
communications that document the rationale behind health entity policy,
decisions or directives.
These e-mails are State records and must be captured in the official
recordkeeping system to provide evidence of business activity and meet legal
requirements. Business e-mail must be retained for as long as required by
legislation, giving consideration to the subject matter of the record, and may
only be destroyed in accordance with an approved records disposal authority.
4.2.2
Ephemeral e-mail
An ephemeral e-mail record may or may not be used to facilitate the health
entity’s business and has no continuing value to the health entity and is
generally only needed for a few hours or a few days. Examples of ephemeral
e-mail records include:
 unsolicited advertising material;
 duplicates of circulars;
 duplicates of minutes and other documents where the original record
has already been captured; or
 e-mail notification of routine or trivial telephone messages; or
 duplicate e-mails circulated for information purposes only.
Ephemeral e-mail may not need to be captured in a recordkeeping system and
can be destroyed when reference ceases as authorised in an approved
records disposal authority.
4.2.3
Personal e-mail


4.2.4
Personal e-mail relates to a private or personal matter and has no
relevance to the business of the health entity.
Personal e-mail may be destroyed when no longer required.
Combination e-mail
A combination e-mail incorporates the following e-mail categories combined
together in one e-mail message:
 personal and business related information; or
 ephemeral and business related information; or
 personal, ephemeral and business related information,
Printed Copies are Not Controlled
4/17
E-mail Management Policy
A combination e-mail is to be considered a business e-mail and must be
managed accordingly.
Where a record is considered to be a business e-mail it must be captured in
the WA Health’s record-keeping system.
The acceptable methods for the management of business are to:

capture the business e-mails and appropriate metadata digitally into the
areas electronic document and records management system (EDRMS); or

print and file the business e-mails, attachments, header details and other
appropriate metadata to the paper based recordkeeping system.
It is not appropriate to use e-mail systems or network drives to manage
business e-mails. Backup stores of e-mails and the practice of saving e-mail
messages to directories or folders are merely forms of storing e-mails and are
not a means of managing them.
Digital records may provide the health entity with evidence of its business
activities and must be kept as proof of such activities. To be considered as
evidence, a digital record must possess:

Content – that which conveys information, for example, the text, data,
symbols, numerals, images, sound or vision;

Context – the background information which enhances understanding of
technical and business environments to which the records relate, for
example, metadata, application software, logical business models and the
provenance (for example, recipient’s name, address, title link to function or
activity, health entity, program or section); and

Structure – the appearance and arrangement of the content, for example,
the relationships between fields, entities, language, style, fonts, page and
paragraph breaks, links and other editorial devices.
Other important items to consider when managing e-mail records are:
 Classification - It is important that e-mail records captured in the health
entity’s record-keeping system are classified in accordance with the
relevant Business Classification Scheme outlined within your health entity’s
Record-Keeping Plan. That is, e-mails should be arranged so that they are
linked to and kept in context with other documents (paper or electronic) on
the same subject.
Effective classification facilitates a combined retrieval of a complete picture
of events, related to a particular business activity, client or project, with
related records and e-mails captured together. If related e-mails are
scattered across the health entity, it is very difficult to guarantee that all emails relevant to a matter have been found.

Retention and Disposal – Under the State Records Act 2000, state
records may only be destroyed in accordance with an approved Retention
Printed Copies are Not Controlled
5/17
E-mail Management Policy
and Disposal Schedule. Once records are transferred to one of the official
Record Keeping Systems they will be managed in accordance with the
Record Keeping Plan and appropriate disposal will occur. Deletion of an
official e-mail record from an inbox without first saving it to the official
record keeping system could be considered an offence under the State
Records Act 2000. (See Operational Directive OD 0110/08 Disposal of
Records ).

Attachments – documents attached to business e-mails must also be
captured into the health entity’s record-keeping system. These documents
are an important part of the business record and must be captured with the
e-mail message.
The record copy (i.e. the copy to be filed) of a sent e-mail is usually the
creator’s original message. The record copy of a received e-mail is usually the
one received by the primary addressee. In cases when e-mail has been
replied to multiple times, the record copy is usually the last one if all the
previous messages are included.
The State Records Office (SRO) has released an Information Sheet to assist
agencies in identifying State record e-mails. (See E-mail Records ). Further
information is available in the SRO Guideline - Management of E-mail Records
and the SRO Guideline – Management of Digital Records.
4.3 E-mail Use and Privacy
E-mail is not a secure medium for disseminating unencrypted patient/client person
identifiable, private, sensitive or confidential information. Staff and patients must
be advised not to use e-mail unless it is protected by security measures such as
encryption
4.3.1 Microsoft (MS) Outlook Calendar and Client Appointments
The use of the MS Outlook Calendar function is highly recommended as a
corporate productivity tool as it allows individuals to schedule their commitments
thus enabling other authorised staff members to see a person’s availability when
scheduling meetings.
However, the use of MS Outlook Calendar for patient appointments is NOT
supported.
Reasons for not supporting MS Outlook for patient appointments include:

Outlook calendar is not classed as a patient information system and therefore
the security management characteristics do not conform to the standards
required by WA Health for storing private or confidential information.

The archiving features of Outlook can result in patient information being
stored on local or portable drives increasing the potential risk of patient
information being inadvertently exposed.

Outlook calendars can be easily shared and some share settings may be
inadvertently set as a default, whereas patient information systems have a
Printed Copies are Not Controlled
6/17
E-mail Management Policy
security administration function and proper processes for granting access
permissions and revocations.
More information on ICT Security and e-mail encryption can be found on the HIN
intranet.
REMEMBER
E-mail is not secure; patient/confidential information etc. must be encrypted.
Information on E-Mail Security can be found on the HIN intranet.
Remember whilst business e-mails remain in the e-mail system or personal
folders, they cannot be accessed by anyone else and cannot be part of the
official records of WA Health. Therefore they must be saved in the appropriate
record-keeping system.
4.4 WA Health Network Monitoring and E-mail Retention
The WA Health computer network logs all transactions and communications,
whether private or business related. Although pervasive, systematic and ongoing
surveillance of staff e-mails and logs will not occur, WA Health may monitor or
investigate employee e-mail accounts and usage of the service. This will only
occur to confirm compliance with the requirements of the Acceptable Use Policy –
Information and Communications Technology or investigate possible incidents of
hacking, breaches of security or unauthorised access etc.;
All e-mail messages (business, ephemeral and private) will automatically be saved
and retained for a minimum of 5 years for backup purposes. This allows all e-mail
messages to be searched for up to 5 years.
REMEMBER
All e-mails (business, ephemeral and personal) may be monitored. All email content is retrievable through backups for a minimum of 5 years.
4.5 E-mail Public Folders
Public folders in Microsoft Outlook allow a common area where information can
be shared by more than one person. Public folders must therefore only store
‘public information’ which contains no confidential or sensitive data.
Public folders:
 may only be used for shared public communication, such as shared e-mail
messages, contacts, group calendars etc.;
Printed Copies are Not Controlled
7/17
E-mail Management Policy



should be used with discretion and not considered a substitute for creating
a new access rule, for example, where access to personal mail box
information is required for only one additional person a new access rule
should be considered;
must not be used for archiving purposes. Users who have mailbox limits
must use personal folders (.pst) files for storage; and
must be deleted when no longer required. Public folders which have been
inactive for over 12 months will be automatically deleted. Public folders are
subject to the same backup cycle as other e-mails.
4.6 Use of e-mail Disclaimers
Legal precedence indicates that disclaimers do not prevent a duty of care when
providing advice, particular if medical advice is provided via secure e-mail.
Legal advice must be sought where there is doubt over the validity of e-mail
Disclaimers.
The following notice may be used (appended to the signature block) in external
communications in case e-mails are misdirected. Note however that this policy
prohibits the use of electronic messaging for communicating private or
confidential information unless protected by security methods such as
encryption.
"The contents of this e-mail transmission are intended solely for the named
recipient(s), may be confidential, and may be privileged or otherwise protected
from disclosure in the public interest. The use, reproduction, disclosure or
distribution of the contents of this e-mail transmission by any person other than
the named recipient(s) is prohibited. If you are not a named recipient please
notify the sender immediately."
4.7 Inactive/Unattended Mail boxes
The number of e-mail addresses (mailboxes) must be carefully managed by the
e-mail group to avoid them becoming unmanageable.
Staff should notify the e-mail group before going on any extended leave. This
will avoid their mailbox being made inactive after 3 months of non-use.
Prior to taking leave for an extended period, officers should notify e-mail
administration and also consider the following actions.
 Set up an out-of-office notification.
 Set up rules for e-mail management.
 Set up delegates where appropriate to manage their messages.
Note that unattended mail-boxes if continuing to receive e-mails may end up
exceeding allocated capacity.
4.8
E-MAIL Use General Guidance
Printed Copies are Not Controlled
8/17
E-mail Management Policy
4.7.1









4.7.2












Overview
Read your mail every day.
Always send an answer to all e-mails as soon as possible.
Always answer urgent e-mail so that the sender knows that it has been
received and read.
Never answer spam; it only confirms that you exist, or will be fruitless
since the return address is often fictitious.
Make the subject line useful and meaningful.
Summarise your message in the first sentence.
Keep it simple and avoid jargon and cyber speak.
Avoid including documents, and minimise attachments.
Sign off with your name and contact details.
Guidance
Use a closing signature consisting of your name, title, health entity,
address, department/section, telephone number(s), and e-mail address.
Always use the spelling and grammar check feature and proofread for
errors.
When replying to a message, always put your response at the top of the
sender’s e-mail.
Keep messages brief and to the point.
When sending e-mails to a large number of recipients, especially nonWA Health (external) recipients, use the BCC field for privacy reasons.
When replying or forwarding e-mails consideration should be given to
confidentiality and appropriateness of information being disclosed
particularly if the response includes prior e-mails from third parties and
corresponding personal information in relation to them.
Avoid using ‘Reply All’, especially when there are a large number of
recipients or distribution list(s) are used.
Do not transmit or store patient/confidential information in e-mails
unless it has been encrypted.
Where possible avoid providing, subscribing to or publishing WA Health
e-mail address to non-work related mailing lists. Doing so increases the
risk of receiving spam e-mails and may provide an opportunity for
fictitious use of the address on spam mail.
Do not open attachments or click on any web-links provided in e-mails
unless you are certain they are from a trusted source.
Before posting a response, re-read it carefully. Don't send "flame mail",
in the heat of the moment.
Do not alter the content of a message originating from another person if
the result misrepresents the original communication.
Printed Copies are Not Controlled
9/17
E-mail Management Policy
4.7.3







Managing, Organizing, Saving e-mail:
Once no longer required, ephemeral and personal e-mails should be
deleted.
E-mails that are official records must be saved into the health entity’s
Record-keeping system; once saved the e-mail message residing in the
e-mail system can be deleted.
Use file and folder names consistent with the Business Classification
Scheme outlined within your local Record-Keeping Plan.
Regularly move e-mail no longer needed for active projects from the
Inbox to “archive”.
Unless instructed otherwise, save e-mail on network storage that will be
automatically captured in regular server backups.
If you will not be checking your e-mail for longer than one day, set up an
“out of office” automatic reply feature.
Business e-mail and attachments temporarily saved on mobile,
removable devices and offsite computers should be transferred as soon
as possible to a secure designated WA Health e-mail storage that is
regularly backed up. Once transferred the e-mails may then be deleted
from the devices.
4.7.4
E-Mail Auto-forwarding
 The auto-forwarding feature of the e-mail system has been disabled to
prevent automatic e-mailing of electronic messages to external
addresses. The webmail facility is available to staff who require remote
access to WA Health e-mail.
4.7.5
E-mail Account Deactivation
 Prior to de-activation of an e-mail account, officers (or their supervisors
in the case of terminations) must ensure that relevant e-mails are stored
or disposed in accordance with record-keeping requirements.
 In exceptional circumstances the supervisor of the position may
authorise temporary access to the associated e-mail account to a
delegate to enable record keeping requirements.
4.7.6
E-mail Etiquette:
If you include humour or sarcasm, identify it as such. Remember that
one person’s joke may be another’s insult and could cause grievance or
disciplinary action against you or a lawsuit.
Do not forward or quote messages without permission of the author.
Do not send a message written in CAPITAL LETTERS. It is the e-mail
equivalent of shouting.
Avoid Weblish / Cyber speak. There are a lot of abbreviations like LOL,
BTW, IMHO, etc. but the reader may not know what they mean. Do not
abbreviate unless it is for well-known companies like IBM.
Avoid jargon unless you are really sure all your readers are very familiar
with it.





Printed Copies are Not Controlled
10/17
E-mail Management Policy

Include your signature block and contact details at the end of messages
to external addressees (see WA Health Style Guide for Electronic
Signature).
4.8 Examples of Unacceptable E-mail Use:
It is unacceptable to use e-mail for illegal or unethical activities such as:
 the dissemination of inappropriate matter, gambling or in furtherance of
acts, which are illegal or in contravention of WA Health or Public Sector
standards.
 the dissemination of commercial or personal advertisements, solicitations or
on-line dating.
 the dissemination of promotions, political or religious material of any kind.
 breaching any intellectual property laws (including, but not limited to, breach
of copyright).
 sending destructive programs (i.e. viruses or self-replicating codes) in such
a way that adversely affects (or might, if known to others, adversely affect)
the reputation of WA Health.
 the dissemination or composition of an e-mail message or other
communication which is or contains material that may offend, humiliate,
embarrass or intimidate another person, or is defamatory in that it makes a
reasonable reader:
o think less of the person who is the subject of the communication;
o exposes the person to ridicule, hatred or contempt;
o injures the person in his or her trade, profession or financial standing; or
o infringes another person's privacy rights in respect of the handling of
personal information.
 e-mailing software programs, audio, or video files from the Internet unless
required for your job and it does not breach intellectual property laws. If the
latter is the case, discuss the issue with the IT Service Desk as such large
attachments could cause problems.
 sending fraudulent e-mail.
 sending chain letters.
 sending work-related information to unauthorised recipients.
 sending or receiving software or other products outside of licensing
agreements.
 taking or accessing WA Health data outside your workplace without your
Department head’s approval.
 revealing confidential business information.
4.8.1
Unsolicited E-mails and Spam
Spam is electronic 'junk mail', unwanted messages sent via e-mail, SMS,
MMS, instant messaging text, image-based mobile phone messaging or
Printed Copies are Not Controlled
11/17
E-mail Management Policy
Internet. Spam messages often promote products or services, request
bank account or credit card details, contain offensive or fraudulent material,
or spread computer viruses.
Spam usually omit authentic sender information or do not contain an
unsubscribe facility (as defined in the SPAM Act 2003 (Cth)).
Spam in high volumes can clog up the internet, disrupt e-mail delivery, and
reduce productivity.
Under the Spam Act 2003 (C’wlth) it is illegal to send, or cause to be sent,
unsolicited
commercial
e-messages
(spam).
The
Australian
Communications and Media Authority (ACMA) is responsible for enforcing
the Spam Act 2003 and provides further information regarding dealing with
and reporting spam
WA Health electronic messaging and communications facilities must not be
used to:
 send spam or inappropriate messages;
 provide WA health health entity and employee e-mail addresses to
third parties/commercial (marketing) health entity’s;
 send messages with forged headers, forged domain names, deceptive
addressing, obscured, deleted or misrepresented source;
 forward messages with altered content to misrepresent the originators;
and
 send high volume of messages to an address to constitute a denial of
service attack.
4.9 E-mail Support and Training
Support and further information on the use of the WA Health e-mail facility is
available on the HIN Service Delivery intranet site, Self Help/ FAQ’s, HIN
Service Desk (e-mail administration) and from your local IT Support services.
Training Courses for commonly used Microsoft Office applications, including email (Outlook), the internet and, other software tools, are available via the WA
Department of Treasury and Finance Common Use Arrangement (CUA)
Information Technology Training Courses.
WA Health Training and Development services provide basic training on
Microsoft Outlook e-mail fundamentals.
4.10 E-mail Archiving
In order to address the ever increasing storage requirements of e-mails and to
ensure that backup copies of e-mail records are maintained for appropriate
periods for recovery and discovery, WA Health will progressively implement an
e-mail archiving system based on Enterprise Vault™ (or EV).
Printed Copies are Not Controlled
12/17
E-mail Management Policy
4.10.1
Enterprise Vault
Enterprise Vault™ has 2 repositories:
1. Journal Content – which will store every e-mail sent and received.
2. User Mailboxes Content– which will store user mailboxes only.
4.10.2 Default Settings for Enterprise Vault E-mail Archiving
There are a number of default global settings within Enterprise Vault™;
regular evaluation of the default values will occur to ensure optimum
performance of the system.
REMEMBER
Enterprise Vault™ is not an electronic document and records
management system (EDRMS) and users must ensure that where a
record is considered to be a business e-mail it is captured in the health
entity’s record-keeping system. (see 4.1)
5.
IMPLEMENTATION
It is the responsibility of all WA Health staff to observe and comply with this Policy
and other associated guidelines, standards and procedures.
WA Health is subject to legal and/or governmental requirements that mandate
retention of certain information. An e-mail can be an official record; therefore, it is
imperative that WA Health establishes compliant e-mail policies. Acceptable use of
WA Health e-mail facility is specified in the Acceptable Use Policy – Computing and
Communication Facilities.
As part of normal employee exit procedures, management should ensure that prior to
de-activation of a person’s e-mail boxes, official information is filed or transferred to
areas that remain accessible to authorised staff.
Information management and security responsibilities must be communicated to all
staff in WA Health in a clear and concise fashion. It must also be made clear that
non-compliance with these responsibilities may result in consequences ranging from
disciplinary action to prosecution.
Printed Copies are Not Controlled
13/17
E-mail Management Policy
WA Health entities must ensure that employees handling personal and confidential
data have signed confidentiality agreements that clearly spell out their information
management and security responsibilities, and the consequences of breaching
confidentiality.
More information on ICT Security in the workplace can be found on the HIN intranet.
6.
BACKGROUND
The use of information and communications technologies has changed the way
health entity’s conduct business and has altered the form and quantity of records that
document business policies and activities.
Lack of, or inadequate procedures for, managing e-mail can cost WA Health in
wasted time, and customer goodwill. These issues will become increasingly
important with the exponential growth in the number of e-mails.
7.
RELEVANT LEGISLATION AND GOVERNMENT POLICIES
(WA Acts are available at the State Law Publisher website, Commonwealth Acts are
available at the Australian Government ComLaw website)

Privacy Act 1988 (Cth) and National Privacy Principles

Public Sector Management Act 1994 (WA)

Western Australian Public Sector Code of Ethics
All WA Government employees are required to be familiar with and have an
understanding of the WA Public Sector Code of Ethics.

Censorship Act 1996 (WA)
Under the Censorship Act “restricted material,” means an article that a
reasonable adult, by reason of the nature of the article, or the nature or extent
of references in the article, to matters of sex, drug misuse or addiction, crime,
cruelty, violence or revolting or abhorrent phenomena, would regard as
unsuitable for a minor to see, read or hear.

State Records Act 2000 (WA)
The State Records Act 2000 came into full operation on 1 December 2001.
This Act was established in response to recommendations of the WA Inc.
Royal Commission, which exposed shortcomings in government
recordkeeping practices. It imposes obligations on government health entity’s
that impacts on the way they manage their records.

The Western Australian Criminal Code, 440A
Failure to comply with the Acceptable Use Standard could result in criminal
proceedings under the WA Criminal Code.
Anti-discrimination Legislation
 Commonwealth and State laws and WA Health’s Equal Opportunity policy
prohibit sexual harassment and discrimination, vilification or victimisation on
certain grounds such as race, gender, sexual preference, disability, or status
Printed Copies are Not Controlled
14/17
E-mail Management Policy
as a parent or carer. WA Health ICT facilities must not be used to humiliate,
intimidate or offend others on the basis of their race, gender, or any other
attribute prescribed under anti-discrimination legislation.
8.

Equal Opportunity Act 1984 (WA)

Sex Discrimination Act 1984 (Cth)

Disability Services Act 1993 (WA)

Disability Discrimination Act 1992 (Cth)

Racial Discrimination Act 1975 (Cth)

Mental Health Act 1996 (WA)
ASSOCIATED DEPARTMENT OF HEALTH POLICIES, STANDARDS
AND GUIDELINES
WA Health ICT policies are available on the HIN Intranet Site:
 Acceptable Use Policy – Information Communication and Technology
 Information Security Policy
 Encryption Policy
Other related WA Health policies and plans are
9.

Operational Directive OD 0304/10 - Information Classification Policy

Operational Directive OD 0371/12 - Information Lifecycle Management Policy

More information on ICT Security in the workplace can be found on the HIN
intranet.
REFERENCES
United Nations Convention on the Rights of Persons with a Disability.
State Records Commission SRC Standard 8 DIGITAL RECORDKEEPING
10. DEFINITIONS
Term
Digital Record
Definition
Any record of information within the meaning of Section 3 of the
State Records Act 2000 that exists in binary form and that
requires combinations of computer hardware and software to be
read and understood
Government
Record
A record created or received by —
(a) a government organization; or
(b) a government organization employee in the course of
the employee’s work for the organization,
but does not include an exempt record;
Printed Copies are Not Controlled
15/17
E-mail Management Policy
Government
Record
A record created or received by a government organization, a
government employee, or contractor in the course of working for
the organization.
Offline
Digital records are considered offline when they exist on a
system or storage device that is not directly accessible through a
State organization’s network and on media which has to be
inserted manually by an operator to become available near line
or online.
Online
Digital records are considered online when they are available for
immediate access via a storage device that is turned on and
connected to a network either directly or indirectly.
Record
Any record of information however recorded and includes:
a) any thing on which there is writing or Braille;
b) a map, plan, diagram or graph;
c) a drawing, pictorial or graphic work, or photograph;
d) any thing on which there are figures, marks,
perforations, or symbols, having a meaning for persons
qualified to interpret them;
e) any thing from which images, sounds or writings can be
reproduced with or without the aid of anything else; and
f) any thing on which information has been stored or
recorded, either mechanically, magnetically or
electronically.
Recordkeeping
System
A system to capture, maintain and provide access to records
over time that displays features for ensuring authentic, reliable,
complete and usable records that function as evidence of
business transactions.
Recordkeeping systems include:
1. a set of authorized policies, assigned responsibilities,
delegations of authority, procedures and practices; policy
statements, procedures manuals, user guidelines and
other documents which are used to authorize and
promulgate the policies, procedures and practices;
2. the records themselves;
3. specialized information and records systems used to
control the records; and
4. software, hardware and other equipment, and stationery.
Retention Period
In relation to a record, means the period for which the record
must be kept before it may be destroyed;
Printed Copies are Not Controlled
16/17
E-mail Management Policy
11. VERSION CONTROL
Current
Version
Effective Date:
Operational
Directive No:
SHEF ICT Approved
Date:
Next Review Date:
3.0
31 October 2013
OD 0470/13
19 September 2013
July 2015
Responsible Group:
Enquiries Contact
Health Information Network - Strategy
Manager ICT Policy
Version Notes
2008 Original Version
v2.0 July 2009 – General maintenance – shortened Policy Statements to separate Policy and
Guidelines.
Added Disclaimer policy & guidelines.
Added e-mail disconnected after 3 months policy & guidelines.
V3.0 July 2013 – General maintenance.
Updated for changes in records legislation
Included 4.1 Use of Email as requested by SHEF and
4.3.1 Microsoft (MS) Outlook Calendar and Client Appointments
Printed Copies are Not Controlled
17/17