Acceptable Use Policy Mental Health Clinical Information System (PSOLIS)

Similar documents
Information Circular

SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY

Internet Use Policy and Code of Conduct

OPERATIONAL DIRECTIVE. Data Stewardship and Custodianship Policy. Superseded By:

How To Protect Decd Information From Harm

USE OF INFORMATION TECHNOLOGY FACILITIES

POLICY ON USE OF INTERNET AND

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS

Department of Homeland Security Management Directive System MD Number: 4900 INDIVIDUAL USE AND OPERATION OF DHS INFORMATION SYSTEMS/ COMPUTERS

UNIVERSITY OF ROCHESTER INFORMATION TECHNOLOGY POLICY

Communications - Use & Management of Misuse of NSW Health Communications Systems

Information Security Incident Management Policy

Acceptable Use Policy Internet and - Students

1. Owner Manager, Business Operations 2. Compliance is required by Staff, contractors, consultants and volunteers 3. Approved by The Commissioner

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy

Use of Social Networking Websites Policy. Joint Management Trade Union Committee. ENDORSED BY: Consultative Committee DATE: 14 February 2013

How To Ensure Network Security

DATA PROTECTION POLICY

INFORMATION TECHNOLOGY SECURITY STANDARDS

NETWORK SECURITY POLICY

Mike Casey Director of IT

Acceptable Use of ICT Policy. Staff Policy

Caedmon College Whitby

Network Security Policy

Conditions of Use. Communications and IT Facilities

For personal use only

Revelstoke Board of Education Policy Manual

INFORMATION GOVERNANCE POLICY & FRAMEWORK

Regulation 8.3.R2 COMPUTING AND NETWORK FACILITIES RULES. 1. Definitions. In this regulation unless a contrary intention appears.

Electronic business conditions of use

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Social Media Policy. Policies and Procedures. Social Media Policy

LINCOLN UNIVERSITY. Approved by President and Active. 1. Purpose of Policy

The best advice before you decide on what action to take is to seek the advice of one of the specialist Whistleblowing teams.

& Internet Policy

Saint Martin s Catholic Academy

PHI- Protected Health Information

Policy Document Control Page

Information Security Incident Reporting & Investigation

Social Networking Policy

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes

Acceptable Use Policy

Procedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom

Rules for the use of the IT facilities. Effective August 2015 Present

Cellular/Smart Phone Use Procedure

Information Security and Electronic Communications Acceptable Use Policy (AUP)

Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect.

Estate Agents Authority

COUNCIL POLICY R180 RECORDS MANAGEMENT

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction Policy Statement Purpose...

Australian Ethical Investment Limited and Australian Ethical Superannuation Pty Ltd. Code of Conduct

Rotherham CCG Network Security Policy V2.0

STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services

Information & Communications Technology Usage Policy Olive AP Academy - Thurrock

Acceptable Usage Policy

Complaint. Handling. Policy. Guidelines

Information Privacy Policy

Information Systems Acceptable Use Policy for Learners

2014 Whistleblower Policy. Calibre Group Limited ABN Version 1.5

EASTNOR PAROCHIAL PRIMARY SCHOOL STAFF SOCIAL NETWORKING POLICY. Inspire and Achieve

SECURITY POLICY REMOTE WORKING

Other Review Dates: 15 July 2010, 20 October 2011

Bring Your Own Device Program: 2015 User Agreement

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

Authorised Acceptable Use Policy Groby Community College Achieving Excellence Together

Acceptable Use Policy - NBN Services

U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course

COMPUTER USAGE -

Security Incident Management Policy

Human Resources People and Organisational Development. Disciplinary Procedure for Senior Staff

Central Texas College District Human Resource Management Operating Policies and Procedures Manual Policy No. 294: Computer Security Policy

HIPAA. Developed by The University of Texas at Dallas Callier Center for Communication Disorders

Acceptable Use of Computing and Information Technology Resources

PS 172 Protective Monitoring Policy

NOT PROTECTIVELY MARKED. Yes. Disciplinary Policy and Procedures (POLICE STAFF) POLICY REFERENCE NUMBER VERSION 1.0

CODE OF CONDUCT as adopted by the Board of Directors on 20 February 2015

Policy on Public and School Bus Closed Circuit Television Systems (CCTV)

Code of Business Conduct and Ethics THE WOODBRIDGE WAY. integrity honesty respect responsibility

USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY

How To Deal With Social Media At Larks Hill J & I School

MEDICAL TRAINEE DATA FORM (This information is required for all medical students)

INITIAL APPROVAL DATE INITIAL EFFECTIVE DATE

So the security measures you put in place should seek to ensure that:

Version 1.0. Ratified By

Access Control Policy

Social Networking Policy

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.

ELECTRONIC MAIL ( ) September Version 3.1

Senior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES

Responsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy

Policy No: 2-B8. Originally Released: Date for Review: 2016

HIPAA COMPLIANCE PLAN. For. CHARLES RETINA INSTITUTE (Practice Name)

Information Security Policy

Networking and Social Media Policy

The potential legal consequences of a personal data breach

Certification Practice Statement (ANZ PKI)

CODE OF ETHICS AND BUSINESS CONDUCT

How To Behave At A School

HORIZON OIL LIMITED (ABN: )

Transcription:

Acceptable Use Policy Mental Health Clinical Information System (PSOLIS) Mental Health Division November 2009

Acknowledgement: This document would not have been possible without the contribution of the PSOLIS Audit Steering Committee members; Theresa Marshall Mark Pestell Patrick Marwick Robert Edey David Ward Michael Kalynuik Mary Blake Sharon Mannion Kirsty Edoo Paul Jowett Donna Slattery Tom Pinder Creswell Surrao Consultant Clinical Governance Reviews, Office of the Chief Psychiatrist Representative Area Manager, South Metropolitan Area Health Service - Mental Health Representative Clinical Director, CAMHS North Metropolitan Area Health Service - Mental Health Representative Senior Program Officer, WA Country Health Service Mental Health Representative Manager Mental Health Information, Women and New Born and Child and Adolescent Health Service Representative Clinical Systems Coordinator, Bentley Health Service Mental Health Representative Systems Administrator, North Metropolitan Area Health Service Mental Health Representative A/Area Coordinator Mental Health Information System, South Metropolitan Area Health Service Mental Health Representative Application Manager PSOLIS, Health Information Network Representative Technical Lead PSOLIS, Health Information Network Representative Application Specialist PSOLIS, Health Information Network Representative Manager Mental Health Information System, Information Management and Reporting Directorate Representative Senior Program Manager, Statewide Mental Health Governance and Performance, Mental Health Division Representative Version Control: Purpose: Stipulate acceptable use of the mental health clinical information system PSOLIS Relevant To: PSOLIS Users Approval Authority: Effective Date: 01 Dec 2009 Review Date: Mental Health Operations Review Committee/PSOLIS Custodians 30 Nov 2014 Responsible Group: PSOLIS Management Group Enquiries Contact: Creswell Surrao, Senior Program Manager Tel: 9222 4099 Source Document: Acceptable Use Standard Computing & Communication Facilities Department of Health, Government of Western Australia

Table of Contents Introduction General Obligations To Whom Does This Policy Apply 1. Purpose 1.1 Policy Scope 2. Policy Statement 2.1 Responsible Use 2.2 General Security 2.3 Ethical Use of the PSOLIS Application 2.4 Record Keeping 2.5 Compliance Monitoring and Controls 2.6 Breaches 3. Background 4. Training 5. Related Legislative and other Documents 6. Appendices a. Operational Directive No: OD 0131/08 Access to the Mental Health Clinical Information System (PSOLIS) by Public Sector Organisations b. Operational Directive No: OD 0132/08 Access to the Mental Health Clinical Information System (PSOLIS) by Non-Public Sector Organisations c. Operational Directive No: 9222 4200 Mandatory Data Collection and Recording Requirements for Specialised Public Mental Health Services d. Operational Circular No: OP1917/05 Programs (Service Units) in the Mental Health Clinical Information System (PSOLIS) e. Operational Circular No: OP1916/05 Ambulatory (Community) Mental Health Data Collection g. Department of Health Western Australia Data Management Policy h. Department of Health Western Australia Data Custodianship Policy and list of assigned Data Custodians and nominated delegates for the PSOLIS Application i. Information Security Policy j. Portable Computer and Storage Devices Policy

Introduction This policy establishes the minimum obligations incumbent upon all staff both government and non-government who have access to the mental health clinical information system PSOLIS and must be read in conjunction with the Department of Health Western Australia Acceptable Use Standard Computing & Communications Facilities and all other policies and guidelines and Operational Directives pertaining to the PSOLIS application. General Obligations Staff must use the PSOLIS application in a responsible manner, taking into account the consequence their actions may have. Staff must not use the PSOLIS application; for any unlawful, illegal, malicious or improper purpose; to access without the relevant permissions any information held within the application; to disclose private or confidential information contained within PSOLIS for any purpose other than those reasons identified within the FOI Act and in keeping with Department of Health policies and guidelines for information disclosure; to enter information into PSOLIS that is offensive, defamatory, abusive or that violates any law or regulation; To Whom Does This Policy Apply? The Acceptable Use Policy applies to all Department of Health WA staff with access to the mental health clinical information system PSOLIS and includes but is not limited to: all staff, contractors, casuals, students and volunteers; operators of any Department of Health WA Services any external organisation or their staff and, organisations offering outsourcing arrangements for the Department of Health WA REMEMBER Staff will be required to provide an acknowledgment (by signing a Declaration Form issued by their respective service that this policy has been provided to them and read and understood by them). The signed Declaration Form will be held on each individual staff member s personal file.

1 Purpose This policy sets out acceptable use of the mental health clinical information system PSOLIS by all authorised users. The provision of this policy is intended as a minimum requirement that must be complied with and is not meant to be exhaustive. The Purpose of this policy is to: ensure users are aware of their role, responsibilities and obligations when using the PSOLIS application; prevent misuse of the application ; ensure users recognise the privilege of and confidential nature of patient information; inform users of Department of Health WA s obligation to routinely monitor for compliance with this policy; identify the consequences of breaching this policy; ensure staff members are not exposed to unethical behaviour such as privacy violations as a consequence of user actions; and avoid conduct that violates any written law whether or not expressly mentioned in this policy (e.g. The Western Australian Criminal Code 440A, which addresses unlawful use of computers); This policy complies with and should be read in conjunction with the Public Sector Code of Ethics and all other Professional Codes of Conduct associated with discipline specific professions. 1.1 Policy Scope Use of the mental health clinical information system PSOLIS includes all electronic transmissions to or through the application.

Policy Statements 2.1 Responsible Use Mental Health Clinical Information System PSOLIS must be used responsibly Unauthorised or inappropriate use of the mental health clinical information system PSOLIS could result in limitations on use, disciplinary actions, criminal penalties and/or staff and other users being held liable for any inappropriate use. Staff should act professionally in the workplace and refrain from using the mental health clinical information system PSOLIS for activities that are inappropriate. Misuse or inappropriate use of the PSOLIS application includes: a) For any personal use. Personal Use is any activity that is conducted for purposes other than accomplishing the official business of the DoHWA e.g. looking up information in PSOLIS regarding a relative or friend or a person associated with a sentinel event for no apparent clinical or administrative reason b) Use of PSOLIS application as a staging ground or platform to gain unauthorised access to other Department of Health computer systems or other illegal computer trespass for example, hacking; c) The intentional unauthorised internal or external transmission of any information subject to the Privacy Act for example, patient information. d) Using another person s digital authentication of logon and password e) Avoiding established security procedures, such activities include but are not limited to accessing all PSOLIS information and PSOLIS-derived sub-sets of information in any form by not complying with established access as per DoH WA policies and protocols. 2.2 General Security The PSOLIS application and any information contained therein must not be placed in jeopardy Staff should be aware that their use / access to the PSOLIS application is made with the understanding that such use may not be private. Use of the PSOLIS application by staff may be disclosed to employees within the Department of Health who have a need to know in the performance of their duties e.g. Operational Data Custodians for the PSOLIS application who are the: Director, Mental Health WACHS and delegate: Senior Program Manager, Mental Health WACHS The PSOLIS application contains monitoring tools and inappropriate use may be reported to authorised staff or the human resource Corporate Governance Directorate who investigate inappropriate use. The privacy rights of any individual staff member with

access to the PSOLIS application will not be violated unless proven that such rights have been misused / violated. To assist with general security staff should; Not share their PSOLIS access logon and password; Change their password if anyone else may know it; Activate the screen saver or lock the workstation if they are away from their desk; and; Always log out when finished using the system; REMEMBER Users are responsible for the use of their PSOLIS logon and password. If you believe it has been compromised in any way, you must report it immediately to your supervisor / manager. 2.3 Ethical Use of the PSOLIS application The PSOLIS application will only be used in an ethical manner in accordance with the Department of Health Western Australia Acceptable Use Standard Computing & Communications Facilities and all other Information Technology policies, guidelines and Operational Directives pertaining to the PSOLIS application. PSOLIS users should respect the privacy and confidentiality of client information and observe the provisions of the Commonwealth Privacy Act 1988 and comply with the Public Sector Code of Ethics when using the application. 2.4 Record Keeping Electronic records are part of the business records of the Department of Health WA Any records created within the PSOLIS application should form part of the health record of an individual consumer and should be accorded the same standards of professional documentation and printed, signed and retained in the same way. This is especially so as documents held electronically in the PSOLIS application are part of the business records of the Department of Health WA and are essential to the preservation of a proper audit trail.

2.5 Compliance Monitoring and Controls The Department of Health WA has a legal obligation to monitor access to the PSOLIS application. Individual area mental health services will routinely monitor and investigate staff access and usage of the PSOLIS application. This will occur to confirm compliance with the requirements of this policy initiative and to investigate possible incidents of breaches and unauthorised access. A breach for the purposes of this policy may include but not be limited to the following; Access to a client record in PSOLIS that is outside a PSOLIS user s usual permissions / primary access stream without a relevant clinical or administrative need. Monitoring process; A random selection of staff will be routinely selected for audit Where a record outside of their stream has been accessed it will be crossed checked to establish there is a corresponding service event of clinical / administrative relevance The period of audit will be the preceding two weeks access to the PSOLIS application PSOLIS Audit Reports; PSOLIS Local Administrators and Report Administrators are able to produce three different Audit reports for the purpose of monitoring access to client records at their Mental Health Service(s). Audit: User of Interest: Report Parameters; Date From Date To User Report Format PDF, Word or Excel. Report results display the designated user s access to all client and non-client records, including both in-stream and out-of-stream access, for specified date range. An Access Without Role column indicates any out-of-stream access 1 Access to clients that are blocked to the user running the report will appear in the results but shall be marked as non-client. 1 When Current Only Users selected Global Read Only Users are not listed unless they also have stream specific access

Audit: Out of Stream Access: Report Parameters; Date From Date To Stream Report Format PDF, Word or Excel Report results display All User access regardless of Stream permission to all client records that have been accessed within the specified stream, regardless of having stream roles or not at time of access 3 Audit: Client of Interest: Report Parameters; Date From Date To Client Report Format PDF, Word or Excel. Report results display user access to the designated client record. Includes all users who have accessed designated client record within the specified stream who do not have a role in any of the client streams at the time 2 Flowchart for accessing audit reports in PSOLIS; Access PSOLIS Administrative Reports Audit - Client of Interest Report regarding user access to a desiganated client record Audit - Out of Stream Access Report regarding All Users access to All client records for designated stream Audit - User of Interest Report regarding a designated user's access to all client records Review report information if apparant user access breach identify; user date/time of breach client cmhi/umrn follow protocol requirements contact user's MHS Manager seeking clarification for user access to client record Follow protocol if breach has occurred 2 Users that access client records via their Global Read Only privilege will still be indicated as an out-of streamaccess.

2.6 Breaches Disciplinary action may occur for any breaches associated with the PSOLIS application. Breaches to the PSOLIS application will be regarded as a serious matter and disciplinary or other action may be initiated at the discretion of the Operational Data Custodian for the employing Area Mental Health Service. The Operational Data Custodians or their delegates will not automatically assume an allegation of inappropriate use / access has occurred until all the facts have been assessed and a requirement for action is warranted. Where a breach has been identified staff will be required to provide a reason for the breach. Staff may then be informed that their access to the PSOLIS application will be routinely monitored for a period to be determined by the Operational Data Custodian or their delegate. At its absolute discretion, Area Mental Health Services reserve the right to suspend or terminate staff access to the mental health clinical information system PSOLIS if breaches have occurred. At the discretion of the Area Mental Health Service all instances of inappropriate access / use of the mental health clinical information system PSOLIS especially with regard to repeat offenders, will be reported to the Corporate Governance Directorate who may then report the incident to the Corruption and Crime Commission. REMEMBER The Acceptable Use Policy contains the following: Responsible Use General Security Ethical Use Record Keeping Compliance Monitoring and Controls Breaches

3 Background Staff who require access to the mental health clinical information system PSOLIS must do so in accordance with relevant State and Commonwealth legislation governing Information Technology. When using the mental health information system PSOLIS, Area Mental Health Services expect users to have a basic working knowledge of how the PSOLIS application works its functions and its type of uses relevant to their level of access and permissions. Area Mental Health Services will routinely assess users need for training and refresher training in the PSOLIS application. 3.1 Out-of-Hours / Remote Access Access to the PSOLIS application is routinely required outside of normal business hours and whilst providing mental health care to consumers in rural and remote services. Current practice involves phoning or visiting Hospital/Health Service sites to obtain information from the PSOLIS application. No information other than anecdotal evidence on the number of times this occurs is currently available. Where Area Mental Health Services consider providing remote access to health professionals to the PSOLIS application via a range of secure methods including but not limited to access from the Internet\Health Remote; via SecureClient and Secure Portal, the following should apply; Determine criteria and processes for approval Assess the appropriateness of individual applications for approval Request a regular audit report for the Remote Access User Group for individual Area Mental Health Services The confidentiality and security requirements remain similar to requirements for in-house / health service site access to the PSOLIS application. 4 Training Area Mental Health Services will ensure that all staff who are provided with access to the mental health clinical information system PSOLIS will have the requisite training in the application, its functions and uses relevant to their level of permissions. It is also an expectation that regular refresher training in the PSOLIS application will be provided by Area Mental Health Services. 5 Related Legislative and other Documents Department of Health Western Australia Operational Directives / Circulars and Policy initiatives; 1. Operational Directive No: OD 0131/08 Access to the Mental Health Clinical Information System (PSOLIS) by Public Sector Organisations

2. Operational Directive No: OD 0132/08 Access to the Mental Health Clinical Information System (PSOLIS) by Non-Public Sector Organisations 3. Operational Directive No: 9222 4200 Mandatory Data Collection and Recording Requirements for Specialised Public Mental Health Services 4. Operational Circular No: OP 1917/05 Programs (Service Units) in the Mental Health Clinical Information System (PSOLIS) 5. Operational Circular No: OP 1916/05 Ambulatory (Community) Mental Health Data Collection 6. Department of Health Western Australia Data Management Policy 7. Department of Health Western Australia Data Custodianship Policy Public Sector Standards / Legislation 1. Western Australian Public Sector Code of Ethics 2. Public Sector Management Act 1994 (WA) State and Commonwealth Legislation 1. Commonwealth of Australia Privacy Act 1988 2. Western Australian State Records Act 2000 3. Western Australian Mental Health Act 1996 Appendices: (Please click on the hyperlink for intranet please print and provide copies for Non-Public Sector Organisations with access to POSLIS) a. Operational Directive No: OD 0131/08 Access to the Mental Health Clinical Information System (PSOLIS) by Public Sector Organisations http://intranet.health.wa.gov.au/circularsnew/pdfs/12401.pdf b. Operational Directive No: OD 0132/08 Access to the Mental Health Clinical Information System (PSOLIS) by Non-Public Sector Organisations http://intranet.health.wa.gov.au/circularsnew/pdfs/12402.pdf c. Operational Directive No: 9222 4200 Mandatory Data Collection and Recording Requirements for Specialised Public Mental Health Services http://intranet.health.wa.gov.au/circularsnew/pdfs/12509.pdf d. Operational Circular No: OP1917/05 Programs (Service Units) in the Mental Health Clinical Information System (PSOLIS) http://intranet.health.wa.gov.au/circulars/pdfs/11905.pdf e. Operational Circular No: OP1916/05 Ambulatory (Community) Mental Health Data Collection g. Department of Health Western Australia Data Management Policy http://intranet.health.wa.gov.au/corpdocs/policy/data_management_policy.d oc h. Department of Health Western Australia Data Custodianship Policy and list of assigned Data Custodians and nominated delegates for the PSOLIS Application

i. Information Security Policy http://intranet.health.wa.gov.au/corpdocs/policy/information_security_policy. doc j. Portable Computer and Storage Devices Policy http://intranet.health.wa.gov.au/circularsnew/attachments/397.pdf

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information