POLICY FOR THE USE OF TEXT MESSAGING (SMS) FACILITIES

Transcription

1 Ymddiriedolaeth GIG Siroedd Conwy a Dinbych Conwy & Denbighshire NHS Trust BLACK 113 POLICY FOR THE USE OF TEXT MESSAGING (SMS) FACILITIES Policy Details: Author(s): Information Governance Manager Dept/Working Group(s): Caldicott Working Group Validating Body: IM&T Strategy Group Date validated: 29 May 2007 Current review changes: This is a new policy Ratifying Body: Executive Management Team Date ratified: 26 June 2007 Date operational: 25 July 2007 Date to be reviewed: July 2008 Refers to the following policies: Review History: First Operational: 25 July 2007 Previously Reviewed: Updated yes/no: Red 24 Policy on the Use of Radio and Mobile Communications Equipment within Trust Premises Red 32 Policy on Lone Working Black 57 Policy for Records Management Black 87 Policy for Claiming Reimbursement of Travel Expenses and Subsistence Allowances, 6.6 Other Expenses Black 14 Freedom from Harassment and Bullying Policy Black 01B Disciplinary Policy and Procedure Black 70 Contract of Care Policy Black /7/07 Page 1 of 7

2 POLICY FOR THE USE OF TEXT MESSAGING (SMS) FACILITIES Contents 1. Introduction 2. Use of SMS 3. Procedures 4. Consent 5. Risks 6. Equality Assessment 7. Records Management 8. Equipment 9. Audit 10. Business Case Appendix A Appendix B Guidance notes for informing text recipients Information Security Management Systems Requirements 1. Introduction The Trust supports the use of Text Messaging (or SMS - Short Message Service) as a means of communication, subject to compliance with this policy. A user in this policy is a Trust employee or any other person working for or on behalf of the Trust. Although the basic principles of SMS have been available for a number of years, it is recognised that it is an ever-growing technology. Accordingly, this policy will be reviewed at least annually and users should ensure they are following the most recent version of the policy, which will be made available on the Trust Intranet (TIS). 2. Use of SMS SMS can be used for a number of purposes - to broadcast messages to a wide-ranging audience, for example, as a health promotion exercise to advise staff of, say, a new meeting arrangement or the next job to be undertaken to support a lone worker (see Red 32 Policy on Lone Working) to send individual clients/patients a reminder in response to a received message (which can be encouraged by making mobile phone numbers available to potential recipients). This is not a definitive or restrictive list of options. Departments may define other uses, but must adhere to principles in this policy. 3. Procedures a) For health-related purposes (see * below), departments must individually agree the need/benefit of using SMS and formally approve and document the implementation of the service. Individual users must not use SMS for health-related purposes without formal documented approval. Black /7/07 Page 2 of 7

3 Note a health-related purpose will usually relate to the care or welfare of a person or persons. It will be acceptable to send text messages without a formal local policy, for example, to simply advise the recipient that you are going to be late. Local/departmental procedures for the use of SMS, which must comply with this policy, must be documented and cover the following topics Identification of the need or justification for the use of SMS Identification of the service * (see * above) or facility to be provided The agreement to the use of the service by its intended beneficiaries/recipients (see also Consent below) Clear identification of the associated risks and of the means by which these risks are managed (see Risks, below) Storage and retention procedures (in particular, patient messages or important Trust messages see also Records Management, below) The need, or otherwise, for password protection of mobile devices Protection of employees personal time. For example, what should be done if messages are received while on leave, at lunch or otherwise absent? (see also Risks below) Before a health-related service is implemented, these procedures must be approved by the Caldicott Guardian and the Caldicott Working Group. (See also Business Case below) These procedures will be published on TIS and incorporated into the Trust Freedom of Information Publication Scheme, along with this policy. Relevant aspects of these procedures must be made available to the intended recipients of the SMS service, whether this is patients, the public or staff. In the case of patients or the public, this can be done by means of leaflets or other suitable communication (See Appendix A Guidance notes for informing text recipients). b) Users must also comply with Red 24 Policy on the Use of Radio and Mobile Communications Equipment within Trust Premises, with particular reference to use of mobile phones in high risk areas. Black /7/07 Page 3 of 7

4 4. Consent Where patients or members of the public are the intended recipients/beneficiaries of a health-related service, they must consent to this. This could be achieved at the time of recording a mobile phone number. Retrospectively, this must be done by making contact with the intended recipient before initiating the service for that person. This consent can be a simple verbal process but a record must be made that the person has agreed to its use. In the case of patients or clients, this record should be held in the casenotes; for other persons, the record should be kept in an appropriate location. Users need to obtain consent in order to comply with the Fair Processing requirements of Data Protection legislation the purpose and means of processing data must be understood by the data subject. Although users must not initiate text messaging for health-related purposes with patients and/or clients without consent, they may respond to received messages, as this will be viewed as implied consent to the use of the service. Where a user has been given a mobile number by the intended recipient, the user may send simple texts such as I am going to be late without specific consent. In this situation, giving the phone number can legitimately be understood to be granting consent to its use for general communication. 5. Risks The risks associated with this technology, which will vary according to the outcome the user is seeking to achieve, must be identified in the procedures documentation. The method of managing these risks must also be documented. In areas where it is felt that risks are unacceptable, the service must not be implemented. The following risks must always be taken into account - i. Confidentiality With particular regard to patients/clients, this must be the primary concern of users. The following points must be addressed Informing the patient/client who, in a team, might also need to see an SMS Informing the patient/client that confidentiality cannot be guaranteed if it becomes necessary to disclose information in accordance with another Trust policy or is a legal requirement (e.g. Child or Vulnerable Adult Protection, Crime and Disorder Information Sharing) Advising patients/clients not to unnecessarily include sensitive information in messages Password protection of phones and systems used to record details of calls Ensuring delivery to the correct recipient (i.e. the safe haven principle; the sender must be sure that the phone number being used is that of the intended recipient being aware that phones are regularly changed, exchanged or sold) Theft of a Trust phone Theft of the recipient s phone See Appendix A Guidance notes for informing text recipients Black /7/07 Page 4 of 7

5 Confidentiality risks can be mitigated to a large extent by only sending non-sensitive messages and by never sending sensitive data such as - your next ante-natal appointment is ii. Clinical SMS service providers do NOT guarantee delivery; messages can be delayed or not even delivered. Users must take this issue into account. Note the same principle applies to voice messages left for a mobile phone user delivery is not guaranteed Messages must be clear, and the use of txt abrvtns wud b unacceptable where clinical information is exchanged. iii. Harassment Users should ensure that the content of a message is not seen as harassing. If a recipient (within or outside the Trust) feels that harassment has taken place, an IR1 form should be completed and action appropriate to the circumstances in each case should be taken. Equally, users should not be harassed and are referred to the guidelines in Black 70 Contract of Care Policy. (see also iv below) Further guidance can be found in Black 14 (Freedom from Harassment and Bullying). Users should also follow good practice and communicate in a professional manner. iv. Work-life Balance To protect personal time, users should consider whether or not to use their personal phones for text messaging. Letting others know your mobile number can result in you receiving calls while on leave (possibly overseas see Also Business Case below), putting you in a very difficult position if the sender expects a reply or the message is of an urgent nature. It is recommended that users only send or receive text messages on Trust phones (see also Equipment below). Even when using a Trust phone, work-life balance must be respected. Departments and users must ensure they meet the latest guidance on this subject, which can be found on the Equality and Diversity pages on TIS. NOTE mobile phone numbers cannot be withheld when sending text messages. Users should bear this in mind and may consider that the associated risks indicate that texting is not a suitable option in some circumstances. 6. Equality Assessment Text messaging can undoubtedly be of benefit to recipients, for example, those with hearing impairment or those who would benefit from appointment reminders. However, this policy cannot address every issue that may arise from the use of SMS and local procedures must include an Equality and Diversity Impact Assessment. 7. Records Management Retention and disposal procedures for text messages must be defined in the local procedures, in compliance with the Records Management policy (Black 57). Where such records need to be retained, users must only use Trust mobile phones and transmit/receive messages using the Vodafone Text Centre software. Black /7/07 Page 5 of 7

6 This applies in particular to patient messages (sent or received) that relate to the care of a specific individual, and these MUST ultimately be transferred to the patient s medical records. 8. Equipment Local procedures must also state whether users are only allowed to use Trust equipment or are permitted to use their personal phones. Personal phones must not normally be used to transmit messages that need to be retained. If users are allowed to use their own phones, they must also adhere to Policy xxx and will claim any reimbursement under policy Black Audit Auditing procedures will be established by the Caldicott Working Group, in collaboration with other Working Groups as appropriate, to ensure that the service does not create problems or difficulties for the Trust or for patients risks are identified, regularly re-assessed and adequately addressed the service is providing good value to the Trust and to users confidentiality is not put at risk, and appropriate records are maintained Note - The Trust Counter-Fraud Officer will also undertake financial and usage audits to ensure that claims for re-imbursement of call charges are accurate and that appropriate use is made of Trust equipment. See also - Core Brief 7 th February 2006, 3.2 Personal Telephone Calls 10. Business Case i. Departments must have adequate funding in place for the implementation of text messaging in order to adequately cover the costs of the messages. This should be confirmed in the submission for approval referred to in Procedures, above. ii. Additionally, in order to cover any costs incurred by the Estates Department in supporting this service, departments must obtain the approval of the Estates department before implementing a service. NOTE a) Messages are charged on the basis of content up to 160 characters (including spaces and punctuation) constitutes one message, from 161 to 320 characters constitutes 2 messages, and so on. b) If an SMS is received overseas, there is likely to be a delivery charge applied to the recipient s account by the service provider (e.g. Vodafone ). Users must take account of this for both departments and recipients. References Royal College of Nursing Use of Text Messaging Services Guidance for Nurses working with young people and children March BS ISO/IEC 27001:2005 Information technology Security techniques Information security management systems Requirements. First Edition Black /7/07 Page 6 of 7

7 Title of Working Group: Caldicott Working Group Members of the Working Group: Title Information Governance Manager Deputy Director of Nursing Clinical Governance Facilitator, Clinical Governance Unit Clinical Governance Facilitator, Family Services Clinical Governance Facilitator, NWCTC Clinical Governance Facilitator, Medicine Hospital Manager, Denbigh Therapies Services Deputy General Manager, Mental Health Medical Records Manager Clinical Coding Manager Facilities Business Manager Senior Nurse, Safeguarding Children, Children s Services Lead Nurse, Surgery and Anaesthesia Head of Information Public / Patient Representative Consultation has taken place with: Title Date consulted All Heads of Department and other contributors December 2006 Patient Services 2005/6 Equalities and Diversity September 2006 Estates Dept. Principal Engineer 2006 Finance Dept. Counter Fraud Specialist 2006 Clinical Nurse Specialist, GUM Clinic 2005 Regional Networking Group (for NHS Wales) 2006 Black /7/07 Page 7 of 7