Secure email to send invoices and letter from cliniko


Hi, please can we have secure email so that invoices etc are sent securely? This is needed to ensure GDPR compliancy as insurers request patient identifiable info on invoices. Currently, we have to raise invoice on cliniko and then download and print out and scan in to send via egress secure email. This is far too time consuming and if not resolved we’ll have to look for another pms that has this function. there must be lots of cliniko users in the same boat!
looking forward to hearing your response. thanks


Below are not my words, but from a very reputable business in the UK health sector, who has spent a vast amount of money ticking the GDRP boxes.

" Security issues and email

There is some considerable confusion with regard to security of sending information by email.

In discussing this with GDPR trainers/experts, we have been advised that email service providers, such as Gmail, Hotmail, btinternet etc, are GDPR compliant which means that the content of emails is encrypted from user to user i.e. from Our Service to you and from you back to us. Therefore, there is no requirement for emails to be password protected or ‘psuedominised’. This is the same for attachments to emails.

There is also some question regarding the inclusion of personal details in the subject heading of emails, i.e. the client’s name rather than simply a reference number. There is no clear guidance available on this, with many companies taking a different stance. Whilst we have been advised that there are benefits in removing the client’s name from an email subject heading, this is simply to provide ‘evidence’ to others that we are taking steps with regard to accountability and not a required policy by GDPR.

We have discussed this together in some detail, as well as seeking professional advice, and have decided that we will continue to send emails with our client’s name and reference number as we consider the dangers of not doing so outweigh the benefits of anonymising emails. We are greatly concerned that sending anonymised emails may result in accidental errors in client identification, which in turn could result in inaccurate information being forwarded or errors in instruction, which we consider would be highly distressing for clients."

Hope this helps.


Being able to interface with Medical Objects et al would be super useful for communicating with other practitioners from within the One platform. The whole email debate has caused a lot of communications difficulties.