Services Policy

Transcription

1 Services Policy

2 CONTENTS Page 1 Introduction 3 2 Scope 3 3 Review and Evaluation 3 4 General Principles 4 5 Responsibilities 4 6 Business Use and Continuity 4 7 Personal Use 6 8 Managing Messages 7 9 Security Abuse 8 11 Monitoring 8 12 Training 9

3 INTRODUCTION 1.1 This Policy defines the manner in which Neath Port Talbot Local Health Board (LHB) will manage and facilitate the use of Electronic ( ) Services in an effective and corporate manner. 1.2 It defines standards for acceptable use, including requirements of the Data Protection, Freedom of Information Acts and Caldicott Report. 1.3 This policy will be supplemented, where necessary, by local procedures and best practice guidance. 2 SCOPE 2.1 The policy applies to all LHB staff, contracted third parties (including agency staff), students / trainees, secondees, non-lhb staff on placement and staff of other organisations accessing services from LHB sites. 2.2 This policy should not be read in isolation but should be read in conjunction with the other LHB IM&T policies, which should be adhered to at all times. Where an individual is uncertain of any aspects of either this or other policies then they should contact either their IT Security Officer within the LHB or the BSC Regional Information Governance Manager for clarification. 2.3 Other IM&T Policies include: Data Protection Policy Corporate IM&T Security Policy Corporate Internet Policy Freedom of Information/Environmental Information Regulations Policy Corporate Policy on Records Management Access to Health Records Policy 1.4 This policy applies to the body of all messages, including personal s, and any files attached to them. 3 REVIEW AND EVALUATION 3.1 A policy review will usually take place every three years or sooner if any of the following occur:- Major policy breach; Identification of new threats or vulnerabilities; Significant organisational restructuring;

4 Significant change in organisational infrastructure; Change in legislation. 4 GENERAL PRINCIPLES 4.1 messages are corporate records and must be treated with the same level of attention given to drafting and managing of other forms of written communication. 4.1 The LHB will allow limited personal use of services, and will define in the appropriate section below how members of staff are expected to manage this concession. 5 RESPONSIBILITIES 5.1 Line managers must ensure that they complete an authorised user form for each new member of their staff to use the system. 5.2 Members of staff must sign a declaration that they have read, understood and will adhere to this policy before they are given access to the system. 5.3 Line Managers must notify the BSC Service Desk of changes, particularly leaving dates, to ensure the User Directory is always up to date. 6 BUSINESS USE AND CONTINUITY 6.1 Members of staff must only use the System if it is the best means of communicating information messages that form part of the business process are business records and must be captured into the corporate records management system in electronic and/or paper format. 6.3 Members of staff must identify and manage their s in accordance with the records management retention and destruction schedules and procedures. 6.4 Contractual commitments must only be made via by those so authorised and the s and any attachments must be filed securely along with other documents for later access.

5 6.5 Members of staff must ensure inboxes are normally checked at least daily, that messages are dealt with promptly and that they have made arrangements are in place to deal with their mail in their absence. 6.6 Out of office messages must be used for periods of planned leave with an alternative contact being named. 6.7 Other than in exceptional circumstances, such as extended unplanned leave, the use of auto-forward is not permitted and will not be made available to users. Special requests should be made to the BSC Service Desk and authorised by one of the LHB s Executive Directors. 6.8 When appropriate, particularly for external contact, generic addresses such as Personnel@ should be utilised to ensure all messages are processed. 6.9 There may be a legal or business need to access an individual s mailbox when they are unavailable or absent for an extended period. Where it is not possible to ask the permission of the member of staff the access must be authorised in writing by an LHB Executive Director Access must only be made following a request by an Executive Director and a record must be kept of the reason for the access, the persons present, and the use made of the s. Members of staff should be informed when this type of management action has taken place On receipt of a staff resignation line managers must discuss with the staff member which parts of their account should be retained for business continuity purposes and arrange with the BSC Service Desk for them to be assigned accordingly There will be limits set on the size of attachments to sent and received messages. The maximum size allowed for external communication is 10Mb. Staff required to transfer larger documents should contact the BSC Service Desk for advice Mass groups (where these exist) should only be used to circulate reasonable, business related material. If in doubt, users should seek advice from their line manager A corporate disclaimer will be attached automatically on send and staff should not attach their own Anti-virus software is in place on the service.

6 7 PERSONAL USE 7.1 The LHB will allow members of staff to use the system for limited personal use and will endeavour to respect the privacy of personal s. However there may be some instances where this cannot be guaranteed. 7.2 The subject line must identify the status of personal messages (internal and outgoing) e.g. private-union related or personal non-work related. 7.3 All users will have a folder named PERSONAL where non-work related s can be kept. The content of the PERSONAL folder will not transfer to the corporate archive (see Section 8). The folder must not be used to keep any corporate material. Users will be required to keep the size of their PERSONAL folder to the bare minimum, deleting personal s as soon as possible. 7.4 The system must not be used for advertising, personal financial gain or operation of personal commercial enterprises. 7.5 Users must not forward chain letters of any sort either internally or externally under any circumstances. Any such mail claiming to be Virus warnings must be referred unopened to the IT Department at the BSC. 7.6 Members of staff must obtain written authority from their Director to use the System to undertake work on behalf of another organisation. 7.7 Designated folders must be created that clearly identify the information as being owned by the other organisation and outside Neath Port Talbot LHB s responsibility. Content of non-lhb folders will not be transferred to the corporate archive. 7.8 The user will be responsible for providing details of a nominated person in the third party organisation who is authorised to gain access in their absence. 7.9 Examples of acceptable personnel use would be: Mailing home/partner to notify them you are working late Mailing colleagues about work related social events Brief s to colleagues arranging weekend/evening activities Brief keeping in touch s 7.10 Examples of personnel use that would not be acceptable: s circulating a joke, whether to individuals or LHB wide Sending or storing personal photographs to colleagues Any personal that could cause harm or embarrassment to the LHB or individual staff members Any that takes the employee away from their work for more than a few minutes

7 8 MANAGING MESSAGES 8.1 Software is in place to provide a corporate archive, and search facility. 8.2 With the exception of s filed in the Personal, Non-LHB and Deleted folders all incoming and outgoing messages and their attachments will be automatically transferred to the corporate archive after a period of 60 days. Archived messages will be retained for six years. 8.3 Prior to the 60 day trigger point users are required to consider the value of each message, and either delete it, move it to an appropriate folder within the structure or transfer it to the corporate electronic or manual record keeping system. 8.4 Users will not be able to delete messages once they have transferred to the corporate archive. They will only be able to search the archive for their own inbound or outbound messages. 8.5 Searches of the corporate archive and backup facility for the purpose of retrieving information under Freedom of Information and other legislation will be limited to designated users for documented, authorised reasons. 9 SECURITY 9.1 is not a secure method of communication and must not be used if the content is personal, sensitive or critical such that, if it were received, disclosed or modified by an unauthorised person, could cause damage, distress, embarrassment or financial loss. 9.2 Patient identifiable data should only be sent using internal where the sole patient identifier is the hospital or NHS Number; internal mail includes addresses containing.nhs.uk. 9.3 Patient based or other personal data should only be sent using internal mail where the sole identifier is the hospital, NHS Number or staff number. If it is unavoidable that named personal data is included the information must be transmitted in an attached file that is password protected. For security the password should be communicated verbally to the recipient of the . Internal mail includes addresses containing.nhs.uk (the NHSnet). 9.4 No sensitive or confidential patient data, personal/staff data or business information should be sent via external To protect the confidentiality and integrity of the system user activity will be logged against individual user accounts. Each user is responsible for ensuring that computer terminals are not left open for use by unauthorised persons and those passwords are not shared or compromised.

8 10 ABUSE 10.1 No member of staff will send or forward s that in any way may be interpreted as insulting, disruptive or offensive by any other person or which may be disruptive to staff morale Misuse of the system will be treated as a disciplinary offence under the LHB s disciplinary procedure If the misuse is unlawful e.g. under Sex Discrimination Act 1975, Race Relations Act 1976, Data Protection Act 1998, the Board will take the necessary action Misuse includes:- Sending abusive, rude, obscene, pornographic, illegal or defamatory messages or material; Sending a message that could constitute bullying or harassment; Compiling or distributing chain letters either internally or externally; Sending confidential information without authorisation; Misuse of or the computer system which results in a claim being made against the LHB; Unauthorised copying or modifying of copyright material; Excessive personal use of MONITORING 11.1 The LHB reserves the right to take reasonable actions to ensure the system is functioning properly, to trace lost messages or retrieve messages lost due to a computer failure, and to monitor whether usage of the system is legitimate The LHB may need to allow access to the system to assist in the investigation of wrongful acts, or to comply with legal obligations or to defend any legal action brought against it Other forms of monitoring will not be carried out without prior notice 11.4 The LHB, in conjunction with the BSC, will agree a set of procedures identifying the respective roles and responsibilities of managers and IT staff in monitoring the use of the service.

9 12 TRAINING 12.1 This policy and associated responsibilities must be brought to the attention of new members of staff in the Induction Programme Directors must identify training needs and ensure appropriate training is received as soon as possible, particularly for new starters who are unfamiliar with the corporate system.

10 Please sign below and return to Melanie Jones, Office Manager, Neath Port Talbot LHB I have read and understood Neath Port Talbot Local Health Board s policy and I agree to abide by the stated guidelines. Full Name (print) Signature. Directorate... Date././200