Gloucestershire Hospitals

Transcription

1 Gloucestershire Hospitals NHS Foundation Trust TRUST POLICY E-COMMUNICATIONS AND INTERNET USE (including mobile phones and social networking) Any hard copy of this document is only assured to be accurate on the date printed. The most up to date version is available on the Trust Policy Site. All document profile details are recorded on the last page. All documents must be reviewed by the last day of the month shown under review date, or before this if changes occur in the meantime. FAST FIND: To see information on mobile phone usage, go to section 5. To see information on social networking, see section 6. For information on and internet usage, see section 7 and section 8. DOCUMENT OVERVIEW: This document outlines the Trust s policy on electronic communications and the use of the internet. It applies to all employees who use mobile phones or social networking sites, or have /internet user accounts at the Trust. It aims to ensure that employees and users are aware of their responsibilities in relation to the use of these technologies. This document may be made available to the public and persons outside of the Trust as part of the Trust's compliance with the Freedom of Information Act 2000 B0590 E-COMMS AND INTERNET USE POLICY V1.2 PAGE 1 OF 11

2 Gloucestershire Hospitals NHS Foundation Trust E-COMMUNICATIONS AND INTERNET POLICY 1. INTRODUCTION 2. DEFINITIONS 3. PURPOSE 4. ROLES AND RESPONSIBILITIES 5. MOBILE PHONES 6. SOCIAL NETWORKING SITES 7. USAGE 8. INTERNET USAGE 9. TRAINING 10. MONITORING OF COMPLIANCE B0590 E-COMMS AND INTERNET USE POLICY V1.2 PAGE 2 OF 11

3 Gloucestershire Hospitals NHS Foundation Trust E-COMMUNICATIONS AND INTERNET USE POLICY 1. INTRODUCTION The Trust recognises that the use of electronic communications and the internet are widespread, and that many of its staff have access to computers and mobile phones both in and out of the workplace. It is important that all of these technologies are used sensibly. This policy aims to ensure that Trust employees are aware of their responsibilities in relation to the use of these technologies, and to provide a framework of good practice. This policy applies to all websites which are not operated by the Trust and which can be used by staff for communicating information within the public domain. This includes blogs and social networking websites. This policy applies irrespective of location and time, that is, on all Trust premises and elsewhere, during working times and at all other times. Regulatory Position Data Protection Act DEFINITIONS Word/Term Blogging Social networking Encryption User Caldicott Guardian Descriptor Use of dedicated public website to write an on-line diary (known as a blog) sharing thoughts and opinions on various subjects. The word blog is derived from the phrase web LOG. Examples of blogging websites include Twitter.com and Blogging.com. The use of interactive websites that mimic some of the interactions that occur between people in real life. Examples include Facebook.com and Linkedin.com Written communication sent electronically through a dedicated program such as Microsoft Outlook Method of securing s from being viewed by anyone who does not have a special code or password Employee who holds a Trust internet/ account Senior employee appointed by the Trust responsible for protecting the confidentiality of patient and service-user information and enabling appropriate information sharing 3. PURPOSE The purpose of this policy is to ensure that: The Trust is not exposed to legal and governance risks from the use of electronic communications and the internet The reputation of the Trust is not adversely affected This policy covers the use of mobile phones and other similar devices (e.g. Blackberrys), , the internet and social networking websites. It applies to all employees of the Trust, whether permanent, part-time or temporary (including fixed-term contracts). It applies equally to all other staff working for the Trust, including private-sector, voluntarysector, agency, locum, contract, seconded and volunteer staff. B0590 E-COMMS AND INTERNET USE POLICY V1.2 PAGE 3 OF 11

4 4. ROLES AND RESPONSIBILITIES Post/Group Details Resources Review/ Monitoring Director of Human Resources Department/Line Managers Board level responsibility for development, maintenance and review of this document Ensuring the dissemination and implementation of this policy Implementation Records Reporting HR X X X X X X X HR Advisors IT staff Employees Communications Team 5. MOBILE PHONES 5.1 Overview Provision of advice on this policy Ensuring the provision and operation of firewall software Awareness of hazards associated with the use of mobile phones Management of all Trust social media accounts X X X X X X X X X In line with Department of Health Guidance, it is now recognised that the use of modern mobile phones: Has little or no effect on modern clinical equipment unless operated within close proximity (less than 2 metres) Has to balance a patient s welfare and environment against the need for appropriate communication between staff, visitors, patients and their family and friends Could increase the risk to patients of inappropriate photographs/videos which potentially interferes with dignity and privacy and compromises confidentiality Could cause confusion to staff with ring tones and lead to medical device alarm signals being overlooked, thereby having a direct impact on patient safety May impinge on patients rights/needs for a peaceful environment whilst in hospital 5.2 Guidelines for Patients and Staff The Trust requires all users of mobile phones to use them in a courteous, considerate and nonintrusive manner to help maintain a caring environment and effective working environment for staff All mobile phones in wards and departments must be put on silent mode between the hours of p.m. and 6.00 a.m., unless required for work purposes Patients must not use mobile phones whilst staff are treating them. Ensure phones are in silent or vibrate mode Staff in patient treatment areas must not carry mobile phones whilst undertaking clinical duties Staff carrying mobile phones to fulfil on-call commitments or other hospital-related duties are allowed to use them freely in line with this guideline Mobile phones must not be used to photograph staff or facilities without the explicit permission of that individual and the ward/department manager Staff must not use mobile phones to record, store and communicate electronic images involving patients. If photographs are required for clinical reasons, these must be obtained in accordance with the Clinical Photography Policy Patients and staff must seek advice if wanting to use a mobile within two metres of medical monitoring equipment. Otherwise mobile phones may be used freely Specific notes relating to patients use of mobile phones is available in the Patient Folder. 5.3 Use of Mobile Phones by Visitors Visitors must only use mobile phones in identified areas (ward/department managers will advise) B0590 E-COMMS AND INTERNET USE POLICY V1.2 PAGE 4 OF 11

5 Limit use and ensure phones are turned to silent or vibrate mode whilst in wards or departments Where possible, make or respond to calls outside the ward area All mobile phones in wards and departments must be put on silent mode between the hours of p.m. and 6.00 a.m., unless required for work purposes 5.4 Photography with mobile phones patients/visitors Patients may take photos of themselves and/or their relatives for personal reasons, and for their own personal use only Express permission is needed for photographs to be taken of the inside of hospital premises, particularly wards and clinical areas (including Trust staff) Express written permission is needed from patients if photographs of them are to be taken on the wards and clinical areas This permission can only be obtained if the patient has capacity to give it. If the patient does not have capacity to give permission, photographs must not be taken If patients continue to take photographs after this has been explained to them and they have been asked not to, the Trust may take a decision on whether to contact the patient(s) whose photographs have been taken. In such a case, the Trust must make clear that they had no control over the taking of the photos, and inform the individual that they would need to take their own action if they wanted redress. The Trust would assist by providing information in these cases. 5.5 Charging of Mobile Phones The charging of mobile phones and other communication devices is allowed; however, any electrical appliance must be safety checked in accordance with the Electricity at Work Policy. Also, charging of mobile phones must not be at the detriment of essential medical equipment being unplugged. 6. SOCIAL NETWORKING SITES 6.1 Overview The Trust recognises that social networking sites (e.g. Facebook, Bebo, Twitter and blogs) can be a useful and fun way for individuals to keep in touch with friends and colleagues. However, the Trust is concerned about the risks that arise from the use of such sites by its staff. These risks include: A staff member may disclose too much personal information about themselves and risk identity theft. A staff member may disclose person-identifiable information about patients or other members of staff without authorisation and risk breach of confidence. A staff member may make inappropriate or harmful statements about their work or the Trust and risk breach of the relationship of trust and confidence. Staff are reminded that information posted on these websites becomes public and may be viewed by colleagues, patients, members of the public and the press. This policy does not mean that a member of staff can never post comments on these websites about their work for the Trust. However, before posting comments, the staff member should always consider whether they would be happy for their patients, colleagues or managers to read the comments, and consider what their reaction might be. The Trust has several official accounts on social networking sites. The Communications Team has lead responsibility for these pages and encourages all staff to submit ideas and comments for us to share with our followers. These official accounts are currently the only accounts permitted to communicate on behalf of the organisation. You can get in touch or contact comms@glos.nhs.uk for more information. B0590 E-COMMS AND INTERNET USE POLICY V1.2 PAGE 5 OF 11

6 6.2 Social Networking using Trust-owned Equipment It is the Trust s policy that staff are not to access or contribute to social networking websites using Trust-owned equipment. See also section 8 on permitted use of the internet. Internet access from Trust-owned equipment to most social networking websites is blocked, using the Trust s internet filtering tool Websense. Use of these websites during working time may result in disciplinary action. Refer to the Trust s Disciplinary Policy for further information. 6.3 Social Networking using Privately-owned Equipment The Trust recognises that staff may access or contribute to social networking websites in their personal time outside of work, using their own equipment. Employees are responsible for any information they may post on social networking sites or blogs that identifies their workplace, work colleagues or users of the Trust s services. Therefore they are urged to use discretion and must not: post information that is speculative or derogatory, or that could bring the Trust into disrepute cause embarrassment to the Trust, its members, staff, patients or the general public post sensitive or confidential information about the Trust or its employees post information which could potentially identify a patient (e.g. patient s name, address, postcode, ID numbers, rare condition, celebrity status etc.) post comments about patients or colleagues which could cause offence, even if names are not mentioned directly posting comments or images which are discriminatory or could amount to bullying or harassment posting recognisable signs or pictures relating to the Trust, or any pictures of staff or patients without their explicit, fully-informed consent posting information about grievances or disciplinary processes Staff will be held responsible and personally liable for any comments, images and information they may post relating to the Trust in any way, which may result in disciplinary action if comments or material are adjudged to have been posted with intent. Staff are also liable for actions which may be taken by patients or colleagues. 6.4 Guidance on use of social networking websites Staff are offered the following advice if they decide to use social networking websites: Do not reveal personal details such as your date of birth or contact details. Disclosing such information may raise the risk of identity fraud. It has been known for NHS staff occasionally to have to take out restraining orders on obsessive patients employees with concerns relating to this may not wish to use public networking websites Before posting images or joining any campaigns/causes, be aware that patients, colleagues and managers may see this information If, after careful consideration, you decide to post comments relating to your work in any way, you should make it clear that the comments expressed are your own and not those of your employer. 6.5 Use of social media patients We understand that our patients will want to stay in touch with their friends and family while in our care. We also have a duty to protect patient confidentiality and a responsibility to safeguard vulnerable patients in our care. The following guidelines apply to all our patients: You may overhear conversations about other patients while in our wards or departments. Please respect the confidential nature of these conversations by not sharing details about others in our care without their prior consent. If evidence of these posts are discovered we will ask you to remove them. Taking photographs on our site of other patients, staff or visitors without their informed consent is not permitted. Please see section 5.4 Photography with Mobile Phones B0590 E-COMMS AND INTERNET USE POLICY V1.2 PAGE 6 OF 11

7 Offensive or defamatory comments about members of our staff should not be shared in any public forum. Legal advice will be sought and action taken where necessary. 7. USAGE 7.1 Overview Trust employees with the use of a personal account are expected to ensure that their use of the system is sensible and appropriate. These guidelines also apply to employees who are able to access their s from a remote place (e.g. home) Filtering The IT department is responsible for ensuring that appropriate filtering programs are in place to protect the Trust from malicious, offensive and illegal content passing through the system. 7.3 Virus Checking The IT department is responsible for ensuring that appropriate virus checking programs are in place to protect the Trust from the transmission of electronic viruses. If a virus is detected, the sender/recipient will receive a notification that their message has been blocked. Such s are automatically deleted after 30 days and cannot be retrieved encryption The Trust does not support the use of encryption and any s of this type will be blocked. In these cases, the sender/recipient will receive a notification stating that their message has been blocked. The user has the option to request the IT Service Desk to release the . If no such request is received, the will be deleted automatically after 30 days content checking The IT department is responsible for ensuring that appropriate content checking protocols are in place to prevent inappropriate content being transmitted by . s will be blocked if they contain any of the following: inappropriate file types (MP3 and WAV [music]; MPEG [video], JPEG [images] applications (executable files with.exe suffix) profanity (words or phrases deemed likely to cause offence) Any messages containing the above file types or profanity will be blocked and a notice sent to the sender/recipient advising them that their has been blocked. The user has the option to request the IT Service Desk to release the . If no request is received the will be deleted automatically after 30 days. All SPAM s (unsolicited/junk s) are blocked and automatically deleted after 30 days. The IT department is responsible for ensuring that SPAM filtering is regularly checked for effectiveness. If a request to send on a blocked causes concern, the IT department reserve the right to open the , with the consent of the user. All employees are responsible for ensuring that their work-related use of the systems is responsible and does not contain comments which cause offence, or which may be construed as bullying. 7.6 Mandatory User Rules All users are responsible for not breaching the following rules: do not send messages that contain offensive or harassing statements or language. See the Trust s Dignity At Work Policy for guidance B0590 E-COMMS AND INTERNET USE POLICY V1.2 PAGE 7 OF 11

8 do not send messages that contain untrue statements that may constitute defamation do not use the system to breach copyright use caution when sending s to employees or individuals/organisations outside the Trust which could form or vary a contract do not send s to the global address list. Global s must be sent with the permission of a Trust Director. 7.7 Personal Use The Trust accepts that staff may occasionally wish to use the system for non-work purposes, provided that this does not interfere with the performance of their normal work duties. The Trust reserves the right to monitor usage where it is believed that there is a genuine cause for concern. Disciplinary action may be taken if usage is found to be inappropriate or is being used to breach trust policies (see section 7.5 above). 7.8 Confidentiality sent outside the Trust s own systems is not secure. A disclaimer is attached to all outgoing to limit the Trust s liability in respect of the information being communicated. All employees are responsible for ensuring that they do not send any patient-related confidential information to addresses outside the Trust, except via the nhs.net network. 7.9 Auto-forwarding of s The auto-forwarding of Trust s to private accounts is not permitted. Employees who need to be able to view s outside work must use the remote service. The IT web page Home Computing gives more information on this service. 8. INTERNET USE 8.1 Overview The Trust regards the internet as an important tool in the delivery and management of services and to the operation of the Trust. All employees who have a requirement to use and the internet are issued with their own password-controlled account. 8.2 Internet Filtering The IT department is responsible for ensuring that appropriate filtering programs are in place to prevent access to offensive or inappropriate material. This includes pornography, gambling, sites associated with criminal activities (including discriminatory material) and social networking sites. The IT service desk will unblock websites that are clearly work related following a request from a user. Directors will arbitrate on requests if there is any ambiguity. 8.3 Internet Usage Reporting The IT department does not monitor access to the internet, either routinely or on request. Detailed internet usage reports are available to the HR department, who are able to review usage down to individual user level if problems are identified. 8.4 Personal Use The Trust accepts that staff may occasionally wish to use the internet for non work-related purposes, but this must not interfere with the performance of normal work duties. Some websites (e.g. online shopping, estate agents) are available on a limited-use basis and users are permitted to access these for limited time periods, which is controlled by the filtering program. B0590 E-COMMS AND INTERNET USE POLICY V1.2 PAGE 8 OF 11

9 The Trust reserves the right to monitor internet usage where it is believed that there is a genuine cause for concern. Disciplinary action may be taken if usage is found to be inappropriate, excessive or is being used to breach trust policies (see section 7.5 above). 8.5 Mandatory User Rules All users are responsible for not breaching the following rules: do not disclose passwords to others. If a password must be disclosed in an emergency situation, arrange for a new password as soon as possible with the IT Service Desk do not attempt to access inappropriate content or bypass the filtering program. If inappropriate site content is found accidentally, navigate away from the site and inform the IT Service Desk immediately do not download software, licensed or otherwise; all downloads must be carried out by members of the IT team do not upload information to the internet which is not work-related. Confidential work-related content may only be uploaded with permission from the Caldicott Guardian do not gain, or attempt to gain access to unauthorised systems, data or facilities do not knowingly carry out any process which results in the corruption or destruction of other users data, violates other users privacy, or disrupts their work do not download any files from the internet which may violate copyright laws do not arrange independent access to the internet through a commercial Internet Service Provider (ISP) 9. TRAINING All information is recorded on the Training Needs Analysis, which is produced in conjunction with the Trust Mandatory Training Policy. 10. MONITORING OF COMPLIANCE Objective Frequency/timescale Methodology Monitoring of internet and usage As required Carried out on an as needed basis Review of related incidents As required Review by HR and IT B0590 E-COMMS AND INTERNET USE POLICY V1.2 PAGE 9 OF 11

10 E-COMMUNICATIONS AND INTERNET USE POLICY DOCUMENT PROFILE DOCUMENT PROFILE REFERENCE NUMBER B0590 CATEGORY Non-Clinical VERSION 1.2 SPONSOR Mike Seeley AUTHOR Kym Ypres-Smith ISSUE DATE October 2011 REVIEW DETAILS October 2014 review by Deputy Director of Human Resources ASSURING GROUP HR Executive, Staff Side Committee APPROVING GROUP Trust Policy Group APPROVAL DETAILS TPAG 14/10/2011 (e-approval) COMPLIANCE INFORMATION Data Protection Act 1998 CONSULTEES HR Executive, IT Department, Staff Side Committee DISSEMINATION DETAILS Review and consultation with all stakeholders/division; upload to Policy Site; global ; via team briefs of departmental/divisional meetings/cascaded through line management EQUALITY IMPACT ASSESSMENT KEYWORDS Mobile phone, internet, , Facebook, social networking RELATED TRUST DOCUMENTS OTHER RELEVANT DOCUMENTS ASSOCIATED LEGISLATION AND Data Protection Act 1998 CODES OF PRACTICE B0590 E-COMMS AND INTERNET USE POLICY V1.2 PAGE 10 OF 11

11 Gloucestershire Hospitals NHS Foundation Trust EQUALITY IMPACT ASSESSMENT INITIAL SCREENING 1. Lead Name : Dr Mike Seeley Job Title : Associate HR Director 2. Is this a new or existing policy, service strategy, procedure or function? New Existing 3. Who is the policy/service strategy, procedure or function aimed at? Patients Carers Staff Visitors Any other Please specify: 4. Are any of the following groups adversely affected by this policy: If yes is this high, medium or low impact (see attached notes): Disabled people: No Yes Race, ethnicity & nationality: No Yes Male/Female/transgender: No Yes Age, young or older people: No Yes Sexual orientation: No Yes Religion, belief & faith: No Yes If the answer is yes to any of these proceed to full assessment. If the answer is no to all categories, the assessment is now complete. Date of assessment: October 2011 Completed by: Dr Mike Seeley Signature: Director: Job title: Associate HR Director Signature: This EIA will be published on the Trust website. A completed EIA must accompany a new policy or a reviewed policy when it is confirmed by the relevant Trust Committee, Divisional Board, Trust Director or Trust Board. Executive Directors are responsible for ensuring that EIAs are completed in accordance with this procedure. B0590 E-COMMS AND INTERNET USE POLICY V1.2 PAGE 11 OF 11