How To Ensure That The Internet Is Safe For A Health Care Worker

Transcription

1 POLICY Dc. Cde: IS I5 INTERNET - ACCEPTABLE USE Applicable t: MidCentral DHB Including MidCentral Health & Enable NZ Issued by: Infrmatin Systems Cntact: Manager Service Delivery 1. PURPOSE This plicy establishes the acceptable use f the Internet by MidCentral District Health Bard staff using MidCentral District Health Bard systems. The purpse f this plicy is t minimise the csts and risks incurred by MidCentral District Health Bard thrugh the prvisin f clear guidelines and standards fr the use f the Internet. 2. SCOPE All emplyees f MidCentral District Health Bard and its subsidiaries and all cntractrs wh are prvided with a MidCentral accunt fr internet usage. Enable NZ has its wn Infrmatin technlgy department and the fllwing rle translatins apply: Infrmatin Systems Manager - Infrmatin Technlgy (Enable NZ) Security Officer Infrmatin Technlgy Manager (Enable NZ) Infrmatin Systems - IT team (Enable NZ) Servicedesk Trackit Helpdesk (Enable NZ) Dcument N: MDHB-5366 Page 1 f 5 Versin: 3 Prepared by: Manager, Service Delivery, Infrmatin Systems Issue Date: 09/Jun/2015 Authrised by: Manager, Knwledge and Infrmatin - Acceptable Use -Plicy-.dc MidCentral District Health Bard CONTROLLED DOCUMENT. The electrnic versin is the mst up-t-date versin. MDHB will NOT take any respnsibility in case f any utdated paper cpy being used and leading t any undesirable cnsequence. Printed

2 Dc. Cde: IS I5 3. DEFINITIONS MidCentral District Health Bard Business Use User Lgins Plicy fr Internet Acceptable Use Refers t the New Zealand Public Health sectr entity knwn as MidCentral District Health Bard and all f its subsidiary rganisatins e.g. MidCentral Health and Enable NZ. Internet infrmatin sught in cnjunctin with MidCentral District Health Bard business activities. User lgins are the individual lgins assigned t users. These are generally unique t a user, and must nt be shared with ther users. Persnal Use Internet Cmputer system Use fr purpses ther than the business activities f MidCentral District Health Bard e.g. use f the Internet t research tpics nt related t the business activities f MidCentral District Health Bard. Access t and use f the glbal electrnic cmmunicatins netwrk and its supprting framewrk, cmmnly knwn as the Wrld Wide Web which is external t the private netwrks wned and perated by MidCentral District Health Bard. Describes the ttality f a cmputer and including but nt limited t lcal, remte, r remvable strage devices r media. 4. ROLES AND RESPONSIBILITIES Infrmatin Systems Infrmatin Systems will prvide Internet access t all emplyees and cntractrs. All Emplyees All emplyees and cntractrs will be persnally respnsible fr their wn actins in the use f the internet and t ensure that these guidelines are fllwed. 5. POLICY MDHB Encurages the use f Internet access t share apprpriate infrmatin and t imprve cmmunicatin; and Prhibits unauthrised, unacceptable and imprper use f this means f cmmunicatin. Any Internet accunt assciated with MDHB r assigned by MDHB t individuals, grups r particular functins is the prperty f MDHB. MDHB may whlly r partially restrict a users internet access withut prir ntice in the fllwing circumstances: When required by law When breaches f this plicy and/r the law have taken place On the directin f the Chief Executive, Manager Service Delivery r delegate Dcument N.: MDHB-5366 Page 2 f 5 Versin: Acceptable Use -Plicy-.dc Printed

3 Thse wh use the MDHB Internet access are expected t d s respnsibly. They must cmply with all legal requirements, with this plicy, and ther relevant plicies and prcedures. All users must have signed a Declaratin f Cnfidentiality (See MDHB-1943) befre being issued with internet access. It is essential that users accessing the internet are able t be clearly identified as an individual. Accrdingly nly individual internet accunts will be issued and NOT generic grup accunts. Interpretatin as t what is acceptable Internet usage is the respnsibility f the Infrmatin System Manager Service Delivery. Respnsibilities Use f Internet services must nt cmprmise the prfessinal integrity and duties, r the style and quality f the MDHB cmmunicatins. Prhibited The fllwing use f the Internet is prhibited: Obtaining, prducing r distributing material which is cnsidered "ffensive material" harassing threatening r bjectinable under the fllwing Acts: Films, Vides and Publicatins Classificatin Act f Human Rights Act 1993 r the Emplyment Relatins Act Unslicited Electrnic Messages Act 2007 Human Rights Act 1993 r the Emplyment Relatins Act Accessing, sending, receiving r sliciting sexually explicit messages r images. Dwnlading r sending f any cpyright prtected materials in cntraventin f that cpyright. Sending, receiving r dwn-lading any cmputer file which is deemed t be incmpatible with the business f MDHB r which may present a risk in terms f cmputer peratins: Such files include but are nt limited t: Streaming Vide r Audi services Mvies e.g. file extensins avi, mv, mpeg, viv Music e.g. file extensins mp3, wav Executable files e.g. file extensins exe, cm Databases e.g. file extensins mdb VB Script e.g. file extensins vbs Games Sending unslicited junk mail, fr prfit messages r sending r participating in chain letters, pyramid schemes r ther illegal schemes. messages cntaining warnings regarding viruses r ther helpful tips shuld be validated with Infrmatin Systems ServiceDesk befre being frwarded. Interference with emplyment duties, r ther bligatins t the Bard. Illegal, fraudulent r unlawful activity. Incitement t break the law. Dcument N.: MDHB-5366 Page 3 f 5 Versin: Acceptable Use -Plicy-.dc Printed

4 Misrepresentatin f MidCentral District Health Bard r cmmunicatins that bring it int disrepute. Privacy There is n right f privacy with Internet usage fr the user f a MDHB accunt. MDHB is nt bliged t, but reserves the right t mnitr and access all aspects f emplyees internet usage at any time fr any reasn withut prir ntice t the emplyee. Recrding and Mnitring MDHB uses an Internet gateway sentry system in cnjunctin with a filtering list. This recrds a cmplete audit trail by user f all websites visited, bandwidth used, the length f time spent at sites and the amunt f data transferred. Access t sites that are classified under specific tpics deemed unacceptable by MDHB, will be blcked. Internet users will be advised thrugh their brwser sessin when access t a website has been blcked. If a valid business related website has been inadvertently blcked the user shuld cntact the Infrmatin Systems ServiceDesk. Disclsure Internet activity n systems maintained by the MDHB, may be cnsidered t cnstitute a Bard recrd and be subject t disclsure under law, r as a result f litigatin. Persnal Use f the Internet Limited persnal use f the internet is acceptable t the extent that it des nt have a detrimental effect n an emplyee s perfrmance f their duties and des nt interfere with r cmprmise the perfrmance r use f the system fr business related purpses. Ownership All cmputer systems wned by MDHB including but nt limited t the internet access system, PC hard drives, server hard drives, and all data and infrmatin stred n them is the prperty f MDHB. MDHB reserves the right t use all infrmatin n its system fr such purpse as it sees fit at any time fr any reasn withut ntice t the user. Such use is nly restricted by prevailing New Zealand law and statute. Audit Access An examinatin f a randmly selected number f cmputer systems including but nt limited t Internet files, may peridically be carried ut by Infrmatin Systems r in respnse t a request frm the Chief Executive r frm the Manager respnsible fr the cmputer system in questin. MDHB may at any time pen and examine the cntents f any data r ther file held n a internet cnnected cmputer system. Audits f Internet access may include key wrds r phrases, sites visited, the length f time spent at sites and verall and the amunt f data transferred. Audits and investigatins f misused Internet Access will be carried ut with due diligence and respect fr emplyees. This includes adherence t any and all applicable prvisins f the Privacy Act 1993 and the Human Rights Act Dcument N.: MDHB-5366 Page 4 f 5 Versin: Acceptable Use -Plicy-.dc Printed

5 Where audits shw minr breaches f the plicy fr Internet access, the Manager Service Delivery will bring it t the attentin f the individual user. Fr mre serius r repeated breaches f the plicy, the evidence f such breaches will be passed immediately t the emplyee s manager. Access t Internet services by the emplyee may be suspended pending the utcme f subsequent investigatins. The emplyee s manager will advise the user and prvide t them a cpy f the evidence f abuse. The emplyee s manager and the HR manager (r their appinted deputies) will determine any further actin t be taken. Such actin will be in accrdance with the MDHB Disciplinary Cde. Cnsequences Cntraventin r circumventin f this plicy may cnstitute Miscnduct r Serius Miscnduct under the MidCentral District Health Bard Cde f Cnduct and Huse Rules and may result in disciplinary actin which may include dismissal. 6. RELATED MDHB DOCUMENTS MDHB-1943 MDHB-5367 MDHB-5365 Infrmatin Technlgy Systems Security and Access -Plicy- Mbile Cmputing, Prtable Strage Devices and Wireless Acceptable Use -Plicy- -Plicy- 7. KEYWORDS Infrmatin Systems, Internet, Internet acceptable use, Web, WWW Dcument N.: MDHB-5366 Page 5 f 5 Versin: Acceptable Use -Plicy-.dc Printed