Sending Bulk Emails
via Cliniko
Privacy policy update and step-by-step guide for all team members
Why this matters
Sending bulk emails from a standard clinic email address creates serious privacy risks — recipients can see each other's addresses and personal details. Cliniko's built-in group email feature handles this securely and keeps us compliant.
How to send group emails
Direct, one-to-one replies to individual patients or doctors are fine from the clinic email. The policy only applies to bulk or group sends.
Contractor Invoice
Review Process
How Jho verifies and approves fortnightly invoices from the contracted dietitian
Overview
While Stacey is on maternity leave, a contracted dietitian will be seeing patients through the business. She is subcontracted at 50% of the consultation fee and invoices fortnightly. Jho is responsible for cross-checking those invoices before they're approved for payment.
Verification steps
Fee schedule
The contractor receives 50% of the consultation fee. Use this table when verifying each line item.
| Consultation type | Fee charged | Contractor share |
|---|---|---|
| Initial Consultation (60 mins) | $250.00 | $125.00 |
| Review Consultation (30 mins) | $160.00 | $80.00 |
| Service type | Current fee | Contractor share |
|---|---|---|
| Initial Consultation (60 mins) | $178.99 | $84.50 |
| Review Consultation (45 mins) | $134.24 | $67.12 |
| Clinical Notes/Admin (15 mins) | $44.75 | $22.37 |
Sending the approval
Once you've verified the invoice and all amounts match, send it to Stacey at:
In your email, include:
- Invoice number and date range covered
- Confirmation that all appointments have been cross-checked in Cliniko
- Confirmation that all amounts match the agreed fee schedule
- Your approval to process payment
If anything on the invoice doesn't match — an appointment you can't find in Cliniko, or an amount that doesn't match the fee schedule — clarify directly with the contractor before sending approval to Stacey.
Confidentiality
& Privacy
Protecting patient information and preventing privacy breaches across the team
Purpose
Following a recent privacy breach, this SOP is in place to ensure all team members — including contractors and temporary staff — handle patient and business information with care and comply with privacy obligations.
All personal health information, contact details, and medical history must be treated as confidential and accessed only when necessary for patient care.
General requirements for all staff
- Access only what you need. Only view patient records or business information relevant to your role.
- Keep passwords private. Never share your Cliniko or system login. Change passwords regularly.
- Always log out. Especially on shared or clinic devices — log out every time.
- Keep patient conversations private. Never discuss patient cases, health conditions, or personal details outside of work or with anyone not authorised.
- Use secure channels. Avoid SMS or personal email for patient information. Use Cliniko or approved tools.
- Dispose securely. Shred or securely delete any physical or digital documents containing patient information when no longer needed.
- Report anything suspicious. If you suspect a breach has occurred, tell Stacey immediately — do not delay.
Handling patient information
Digital security basics
- Use strong passwords — at least 12 characters with a mix of letters, numbers, and symbols
- Enable two-factor authentication wherever it's available
- Keep your computer and phone updated with the latest security patches
- Avoid public Wi-Fi when accessing patient data or clinic systems
- Lock your screen whenever you step away from your device
If a privacy breach occurs
If you accidentally access unauthorised information or suspect a breach has happened:
- Stop accessing the information immediately
- Contact Stacey as soon as possible with details of what happened
- Do not discuss it with other team members — keep it between you and Stacey
- Follow Stacey's guidance on next steps
New team members
All new staff and contractors must receive confidentiality and privacy training before handling patient information. If tools or policies change, Stacey will provide updated guidance. If you have any questions at all, ask Stacey directly.