Policy General Policy GP20

Transcription

1 Policy General Policy GP20 Applies to All employees Committee for Approval Quality and Governance Committee Date of Approval September 2012 Review Date June 2014 Name of Lead Manager Head of Technology Version 1

2 CONTENTS Definitions INTRODUCTION SCOPE EXCEPTIONS PERSONAL IDENTIFIABLE INFORMATION USAGE Entitlement to Access Withdrawal of accounts software Personal accounts Personal use of your NHS Wirral account Your address Acceptable content for messages Unacceptable content for messages Keeping your secure Distribution Disclosure Accessing someone else s Signatures, footers and disclaimers Storage and archiving Sending Personal Identifiable Information (PII) Usage Monitoring ADDITIONAL CLAUSES YOUR ACCEPTANCE /10

3 Definitions The Policy The Organisation or WCT or Wirral CT Internet Usage or Internet Use Usage WHIS Service Desk This document (The Internet Usage Policy of Wirral Community NHS Trust). Wirral Community NHS Trust. Access by you to internet and intranet sites, systems and other on-line resources whilst on NHS Wirral premises or whilst using NHS Wirral computer equipment or facilities. Your use of Wirral CT s system, whether that be on NHS Wirral premises or elsewhere. Wirral Health Informatics Service, WCT s I.T. service provider. The I.T. helpdesk operated for Wirral Community NHS Trust by Wirral Health Informatics Service. Tel: (0151) or support@sd.whis.nhs.uk. 1. INTRODUCTION This document is the Usage Policy of Wirral Community NHS Trust and replaces all previous versions. All Wirral CT staff must read, understand and agree to abide by this policy and its rules. By accessing and using the system you are AUTOMATICALLY agreeing to adhere to this policy 2. SCOPE This Policy applies to all of the following: Wirral CT staff working on Wirral CT premises. Wirral CT staff not on Wirral CT premises but using Wirral CT equipment or facilities (e.g. staff working at home on a work laptop). Other individuals and groups using Wirral CT computer equipment or facilities. If you are allowing or facilitating the use of Wirral CT computer systems by non- Wirral CT staff, e.g. you have a contractor temporarily working in your department or a visitor using your equipment, you must ensure that they abide by the rules of this policy. 3/10

4 3. EXCEPTIONS If you are temporarily using the computer systems of another NHS organisation, e.g. another neighbouring Trust, you should abide by that organisation s own usage policy. In certain circumstances, clauses within this policy may temporarily be waived for staff of Wirral CT s I.T. provider, i.e. Wirral Health Informatics Service or its subcontractors, in order that they may carry out investigative or testing activities. If you wish to request any additional exceptions to the rules within this Policy, please contact the WHIS Service Desk: ext tel: (0151) or e- mail support@sd.whis.nhs.uk 4. PERSONAL IDENTIFIABLE INFORMATION Wirral CT operates a Code of Conduct for Handling Personal Identifiable Information. You should become familiar with the Code and keep up to date with any changes that are made. The Code of Conduct for Handling Personal Identifiable Information is available via the policies section of Wirral CT s internet site. Personal Identifiable Information can relate to members of staff as well as patients and can be as simple as including one or more of the following items: Name Address Date of Birth Post Code Sex Occupation NI Number NHS Number Ethnic Group Local identifier (e.g. hospital or GP Practice Number) Clauses later in this Policy refer to how you should deal with Personal Identifiable Information when using . Be sure that you understand those clauses and the Code of Conduct, above. Breaches of the Code may be regarded as gross misconduct and may result in serious disciplinary action being taken, up to and including dismissal. 5. USAGE 5.1 Entitlement to Access As an employee of the Trust and through authorisation by your manager you are entitled to use the facilities of Wirral CT, in some exceptional cases your entitlement may be specifically withdrawn or refused by Wirral CT. 4/10

5 5.2 Withdrawal of accounts If a member of staff is to leave the organisation permanently, they or their manager must inform the WHIS Service Desk (ext 8899 or tel: (0151) or support@sd.whis.nhs.uk) in advance. Upon agreement, the person s account will be closed and deleted. If a member of staff is to leave the organisation temporarily, e.g. for a period of maternity leave, they or their manager must inform the WHIS Service Desk (ext or tel: (0151) or support@sd.whis.nhs.uk) in advance. Upon agreement, the person s account will be temporarily suspended. In the case of misuse, Wirral CT may at its discretion withdraw the facility from a member of staff software Wirral CT uses either Microsoft Outlook or Microsoft Outlook Web Access as its client software. You should not install or use any other client software unless you have been given permission to do so by the Service Desk. Wirral CT may in future make other client software available to staff, in which case you will be informed in advance that it is to be deployed. 5.4 Personal accounts You must not access any personal (non NHS) accounts while using Wirral CT computers. 5.5 Personal use of your NHS Wirral account You are allowed to use your Wirral CT account for a limited amount of personal use if it is necessary for you to send or receive a personal while you are in work. On occasions when you use your Wirral CT account for personal use you must, as far as possible, continue to adhere to all the requirements of this policy. This means that you should ensure that s you send and s you receive do not contravene any rule in this policy. If you receive a personal which contravenes the rules in this policy, e.g. one which contains unacceptable material, you should delete it immediately. 5/10

6 5.6 Your address Your Wirral CT address will be in the format this will be set up and maintained for you by the WHIS Service Desk. You should not make any alteration to any software such that a different address is presented. 5.7 Acceptable content for messages Wirral CT provides you with access to facilitate your work for the organisation. It is expected that you may use your account to exchange messages which contain information about NHS activities, health information, or other professional sphere of activity such as Finance, HR and others. You may send s which contain personal identifiable information (defined in Section 4, above), but only if you adhere to the rules on ing personal identifiable information laid out in section 5.15, below. 5.8 Unacceptable content for messages s you send should not contain material which may be considered offensive. Offensive material includes text and/or images of a pornographic or non-medical sexual nature and hostile text and/or images relating to gender, ethnicity, race, sex, sexual orientation, religious or political convictions and disability. You should not send any s which are in furtherance of any business or commercial concern other than Wirral CT. You should not send s which contain frivolous material such as jokes or cartoons. You should not send bulk s, i.e. to a large number of colleagues, any such messages must be submitted to and distributed by Wirral CT communications team. You should not use to distribute any material in breach of intellectual property rights, e.g. distributing a publication in contravention of copyright law. 5.9 Keeping your secure Do not tell your password to any other person, nor make it available to be found by any other person. If you need another person to access your e- mails, please see Accessing someone else s , below. If you are leaving your computer for even a short period of time, you should ensure that your account is not left open and accessible. You can do this by locking your workstation (in Windows XP, press Ctrl-Alt-Del and choose Lock Workstation ). 6/10

7 If you see someone else s software left open on a computer, you must not read or view their s in their absence. Nor should you make any attempt to open someone else s account without their prior permission. You should not give out a colleague s address to anyone outside the NHS unless you know for sure that your colleague will be happy for you to do so. For example, it may be inappropriate to pass your colleague s address to a patient Distribution If you have to send an to a group of people, you should use the pre-set groups which are available within your software. If no pre-set group exists for the selection of people you wish to contact, you may create a list yourself and use that. The largest groups such as All Staff should only be used through the communications or corporate affairs departments. If you receive an message which was sent to a large number of other people as well as yourself, you should only use Reply to All if it is strictly necessary that your reply is seen by all those people. If you receive a non-work related message which tells you to Pass this on to all your contacts or similar, you should not do so. If a message worded that way genuinely appears to be alerting of danger or other matter of importance to the organisation you should verbally alert a senior member of staff Disclosure You should be aware that the information contained in your s may be subject to public disclosure under the Freedom of Information Act Unless the information is legally exempt from disclosure, the confidentiality of any s you send and any replies you receive cannot be guaranteed Accessing someone else s Under normal circumstances it should not be necessary for you to access a Wirral CT colleague s account. If there is an ongoing need for you and colleagues to view s jointly, you should approach the WHIS Service Desk (ext or tel: (0151) or support@sd.whis.nhs.uk) who, if appropriate, will set up a shared address for you. If you are going to need access to a colleague s account while they are on holiday, for example, then before they go away you should ask that person to set up a rule within their software such that their incoming messages are automatically forwarded to you. 7/10

8 If you need to access a colleague s account but they are not available (e.g. they are already on holiday) then you should approach that person s manager and discuss the matter with them. Your colleague s manager should then contact the WHIS Service Desk (ext or tel: (0151) or e- mail support@sd.whis.nhs.uk) for instructions Signatures, footers and disclaimers There is a standard signature which you must include at the end of any you send. Wirral CT communications Team can supply the most recent standard. Wirral CT includes a disclaimer at the end of all outgoing messages you send. You should not alter, move or remove that wording in any way Storage and archiving Your software will be set up by WHIS to automatically archive your older messages to a safe place on the system, so that you can view them later if you wish. There is a limit on how much you can store in your Inbox and its sub-folders. If you exceed that limit you should delete unnecessary messages or perform a manual archive. If you do not take your Inbox back underneath the size limit, you may not be able to send or receive s properly. If you need to, please contact the WHIS Service Desk for assistance (ext or tel: (0151) or e- mail support@sd.whis.nhs.uk) Sending Personal Identifiable Information (PII) and confidential information You must familiarise yourself with what Personal Identifiable Information means. See section 4 of this policy. You can Personal Identifiable Information and confidential information although any information sent to a non Wirral CT address MUST be encrypted (see table below). To encrypt the , type the word ENCRYPT into the subject line of the to enable this, if you need advice regarding the encryption process please contact the WHIS Service Desk (ext.8899 or tel: (0151) or support@sd.whis.nhs.uk). Remember; The issue of sending Personal Identifiable Information and other confidential information within s is very important, only send only the minimum required and only to those people who need to know, if you are in any doubt regarding what can and cannot be sent, please contact either the Governance Team (Helen Partington, Deputy Caldicott Guardian, Helen.partington@wirralct.nhs.uk) or the WHIS Service Desk (ext 8899 or tel: (0151) or support@sd.whis.nhs.uk). 8/10

9 You are sending an containing confidential information Is this NO You must from your department or account. To any other e NO Insert ENCRYPT into the subject line. This will ensure that the is sent securely Usage Monitoring To any other e mail account NO, seek advice from Governance / WHIS Service desk. Wirral CT s system automatically retains a list of all messages sent and received by staff over a preceding period of time. The list of all s sent and received will only be examined if required, and will only be examined by senior management of Wirral CT and/or WHIS technicians acting on Wirral CT management s instruction. In exceptional circumstances which warrant formal investigation, the list may be examined by NHS Connecting for Health or by the Police or other legal authority. Wirral CT and/or WHIS may at any time inspect the usage of an individual member of staff. This may be in order to resolve a technical 9/10

10 problem or may be as part of an investigation into possible misuse. This may take place without you being given prior notice. In exceptional circumstances such as investigation of misuse, Wirral CT may inspect the contents of any message but will only do so in accordance with the Regulation of Investigatory Powers Act (2000). 6. ADDITIONAL CLAUSES In addition to the definitions of what is and is not acceptable laid out in sections 5.7 and 5.8, Wirral CT and Wirral Health Informatics Service jointly reserve the right to consider other types of material and activity as unacceptable at their discretion. When necessary, staff will be advised of changes to the types of material which are acceptable and unacceptable. Wirral CT is the arbiter of matters relating to this policy. Decisions and interpretations by Wirral CT as regards unacceptable use of are final, other than in instances which demand criminal prosecution. Wilful contravention of the rules within this policy will in most cases lead to the immediate withdrawal of the relevant facility and may lead to disciplinary action being taken against the individual. As a participant in the NHS network, Wirral CT will fulfil its obligation to report any breaches of security and any serious misuse of to NHS Connecting for Health. Neither Wirral CT nor Wirral Health Informatics Service will accept any responsibility for loss or damage to any user resulting from use of Wirral CT e- mail services if that loss or damage is the result of that user having contravened the rules in this policy. Any personal use of those Internet or e- mail facilities carried out by a member of staff is carried out at his or her own risk. 7. YOUR ACCEPTANCE By accessing and using the system you are AUTOMATICALLY agreeing to adhere to this policy If you have read this policy and there are parts of it which you do not understand, please contact the WHIS Service Desk for advice: tel: Ext or Tel: (0151) or support@sd.whis.nhs.uk. 10/10