NHS HIGHLAND EMAIL AND INTERNET POLICY



Similar documents
Hull Teaching Primary Care Trust INTERNET USE POLICY

How To Deal With Social Media At Larks Hill J & I School

UNIVERSITY OF ST ANDREWS. POLICY November 2005

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy

Internet Use Policy and Code of Conduct

Information Services. Regulations for the Use of Information Technology (IT) Facilities at the University of Kent

The term Broadway Pet Stores refers we to the owner of the website whose registered office is 6-8 Muswell Hill Broadway, London, N10 3RT.

St. Peter s C.E. Primary School Farnworth , Internet Security and Facsimile Policy

LCC xdsl Usage Policy

Acceptable Use of ICT Policy For Staff

Embedded Network Solutions Australia Pty Ltd (ENSA) INTERNET ACCEPTABLE USE POLICY

Conditions of Use. Communications and IT Facilities

BOBCAT COMPUTING POLICY

INTERNET, AND COMPUTER USE POLICY.

TONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & POLICY AND CODE

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS

The Wellcome Trust Sanger Institute IT Acceptable Use Policy (AUP) Version 1.8

ICT POLICY AND PROCEDURE

DCPS STUDENT SAFETY AND USE POLICY FOR INTERNET AND TECHNOLOGY

2.2 If employees or Board Members wish to use mobile telephones or data devices provided by the Group for personal use they may opt to either:

LINCOLN UNIVERSITY. Approved by President and Active. 1. Purpose of Policy

Information Technology and Communications Policy

Information Systems Acceptable Use Policy for Learners

Acceptable Use Policy

Angard Acceptable Use Policy

Dundalk Institute of Technology. Acceptable Usage Policy. Version 1.0.1

City of Venice Information Technology Usage Policy

GENERAL REGULATIONS Appendix 10 : Guide to Legislation Relevant to Computer Use. Approval for this regulation given by :

Policy No: 2-B8. Originally Released: Date for Review: 2016

Internet, Social Media and Policy

Using Public Computer Services in Somerset Libraries

Policy and Code of Conduct

Advice leaflet Internet and policies

Terms & Conditions. In this section you can find: - Website usage terms and conditions 1, 2, 3. - Website disclaimer

FMGateway by FMWebschool

Human Resources Policy and Procedure Manual

Policy and Procedure for Internet Use Summer Youth Program Johnson County Community College

Acceptable Use Policy

Guidelines Applicability Guidelines Statements Guidelines Administration Management Responsibility... 4

RICH TOWNSHIP HIGH SCHOOL Adopted: 7/10/00 DISTRICT 227 Olympia Fields, Illinois

Internet, Social Networking and Telephone Policy

COLLINS FOODS LIMITED (the COMPANY) CODE OF CONDUCT

Online Communication Services - TAFE NSW Code of Expected User Behaviour

Electronic Communications Guidance for School Staff 2013/2014

Responsible Use of Technology and Information Resources

Information Security and Electronic Communications Acceptable Use Policy (AUP)

CHAPTER 124B COMPUTER MISUSE

COMPUTER USE POLICY. 1.0 Purpose and Summary

Dene Community School of Technology Staff Acceptable Use Policy

WORTHING COLLEGE STUDENT IT SECURITY POLICY. October 2014

Acceptable Use Policy - NBN Services

MEMORANDUM INFORMATION TECHNOLOGY SERVICES DEPARTMENT

North Clackamas School District 12

APPROVED BY: Signatures on File Chief Information Officer APPROVED BY: Chief Financial Officer PURPOSE

Acceptable Use of Information Technology Policy

Internet Acceptable Use Policy A council-wide information management policy. Version 1.5 June 2014

Acceptable Use of Information and Communication Systems Policy

POLICY ON THE USE OF UNIVERSITY INFORMATION AND COMMUNICATION TECHNOLOGY RESOURCES (ICT RESOURCES)

Technology Department 1350 Main Street Cambria, CA 93428

Computer Network & Internet Acceptable Usage Policy. Version 2.0

Information & Communications Technology Usage Policy Olive AP Academy - Thurrock

& Internet Policy

Networking and Social Media Policy

Minor, for the purposes of this policy, is an individual who has not attained the age of 17.

INTERNET, USE AND

Recommendations. That the Cabinet approve the withdrawal of the existing policy and its replacement with the revised document.

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation

COMPUTER USAGE -

PLEASE READ THIS AGREEMENT CAREFULLY, AS IT CONTAINS IMPORTANT INFORMATION REGARDING YOUR LEGAL RIGHTS AND REMEDIES.

Terms and conditions of use

Terms of Use Table of Contents 1. General Information 2. Your Agreement to the Terms 3. Changes to the Terms 4. Provision of the Website

Chicago State University Computer Usage Policy

Acceptable Use Policy ("AUP")

WELB YOUTH SERVICE INTERNET AND ACCEPTABLE COMPUTER USAGE POLICY

TYPE: INFORMATIONAL & INSTRUCTIONAL TECHNOLOGY. POLICY TITLE: Technology Use Policy

Acceptable Use Policy

ELECTRONIC COMMUNICATIONS: / INTERNET POLICY

The City reserves the right to inspect any and all files stored in private areas of the network in order to assure compliance.

Acceptable Use of Information. and Communication Systems Policy

DISCIPLINARY PROCEDURE

ST MARY S COLLEGE, AUCKLAND POLICY ON USE OF INFORMATION & COMMUNICATION TECHNOLOGY (ICT)

ContentPros LLC Web Site and Hosting Service Agreement

Electronic Communications System

E-Safety Policy. Reviewed and Adopted: July Reviewed by: HT/ LTS. Next Review: July 2015 Annual Policy

Terms and conditions of use

ITU Computer Network, Internet Access & policy ( Network Access Policy )

EMPLOYEE COMPUTER USE POLICY

Policy. Version: 1.1. Date ratified: February 2014 Name of originator /author (s): Responsible Committee / individual:

Acceptable Usage Policy

Data Protection Division Guidance Note Number 10/08

Acceptable Use Policy

Acceptable Usage Policy

TERMS & CONDITIONS FOR INTERNET ACCESS. Service Provided by Fast Telecommunication Company W.L.L. (hereinafter referred to as FAST Telco )

CODE OF CONDUCT as adopted by the Board of Directors on 20 February 2015

With the increasing popularity of social media you need a Social Media Policy to protect your company.

Acceptable Use of ICT Policy. Staff Policy

Forrestville Valley School District #221

any Service that involves gambling, betting, adult, sex or over 18 services or information;

ATHLONE INSTITUTE OF TECHNOLOGY. I.T Acceptable Usage Staff Policy

DIOCESE OF DALLAS. Computer Internet Policy

Transcription:

NHS HIGHLAND EMAIL AND INTERNET POLICY ehealth Department Policy Reference: Date of Issue: August 2007 Prepared by: A Fraser Date of Review: August 2009 Lead Reviewer: Version: 2 Area Information Security Manager Authorised by: Date: February 2005 ehealth Steering Group Distribution All staff Method CD Rom E-mail Paper Intranet

Email and Internet Policy Introduction 1. This Policy contains important rules covering email and access to the Internet. Many of the rules apply equally to NHS Highland s other methods of external communications such as letter, fax and telephone. 2 This Policy explains how email and Internet access should be used. It explains what you are allowed to do and what you are not allowed to do. 3 The Policy starts with some general rules covering dos and don ts. Six areas have been identified where legal problems might arise for you and for NHS Highland. These areas are: harassment, defamation, copyright, entering contracts, pornography, and confidential and personal information. Under each section there is an explanation of the potential legal problems and some rules to help avoid those problems. 4. Failure to comply with the rules set out in this Policy: a) may result in legal claims against you and NHS Highland; and b) may lead to disciplinary action being taken against you, including dismissal. 5. When sending external emails the system automatically includes the following disclosure statement: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by.. for the presence of computer viruses. 6. It is very important that you read this Policy/Code of Conduct carefully. If there is anything you don t understand, it is your responsibility to ask your line manager/supervisor or contact the NHS Highland Helpdesk who will log a call and pass it to an appropriate person for advice. Page: 2 Date of review: August 2009

General Rules: Must, Must Not, Should and General Advice EMAIL General Advice The NHS Highland email system is primarily for business use. Occasional and reasonable personal use is permitted in your own time and provided that this does not interfere with the performance of your duties/other staff s business requirements or have an impact on the performance of the network. Email may be received by individuals or organisations which are not intended recipients. No use or reliance on the contents of the email should be made by any party who is not an intended recipient. All email is stored and the organisation may audit email (including personal email) without notice. Use of email is subject to monitoring for security and/or network management issues. Staff should be aware that they neither own the documents that they or their colleagues create, nor have intellectual property rights thereto. Ask yourself before sending an email, how would you feel if your message was read out in court. Email messages may have to be disclosed in litigation. Email attachments to a large number of staff can cause problems on the NHS Highland network. The correct method of dealing with this type of communication is to publish the document on the Intranet and email all recipients with the relevant link to the file. Should you have any problems accessing this link you should contact Helpdesk. MUST Must keep all passwords secure - do not share with anyone. MUST NOT Must not impersonate any other person when using email or amend messages received. Must not leave your PC logged on and unattended if you have email access. If anyone uses the PC while logged on it will appear that the actions were carried out by you and you will be held accountable for any misdemeanour that they may commit. Must not create email congestion by sending trivial messages or personal messages or by copying emails to those who do not need to see them. Chain Mail, if received, should be deleted. Page: 3 Date of review: August 2009

MUST NOT Must not send any sensitive information, whether business, staff or patient data, to or from a non-nhs email account. A non-nhs email account is defined as an email address that does not end with either nhs.net or nhs.uk. The exception to this is that emails can be securely exchanged between email accounts that end with nhs.net or nhs.uk and those which end in gsx.gov.uk or gsi.gov.uk. SHOULD Should report any email received by you which is regarded as illegal or offensive to your manager, the NHS Helpdesk and the Human Resources Department. It should not be forwarded onto anyone else. Should obtain confirmation of receipt for important emails sent. Should make and keep hard copies of important emails sent and received. Should reply promptly to all email messages requiring a reply. Where a prompt detailed response is not possible, send a short email acknowledging receipt and giving an estimate of when a detailed response will/should be sent. Should enable the Out of Office facility if you are to be away for more than one day. Page: 4 Date of review: August 2009

INTERNET General Advice All Internet sites accessed are stored and monitored and the organisation audits this activity routinely. Use of Internet is subject to monitoring for security and/or network management issues. Access to certain websites is prevented as they are deemed to be inappropriate for business use. The following are examples of the categories which are blocked: Adult/Sexually Specific Gambling Criminal Skills Hate Speech Violence Weapons Glamour & Intimate Apparel Remote Proxies Drugs, Alcohol & Tobacco Hacking Don ts Do not access the Internet (World Wide Web) during working hours for purposes other than those for which you were employed. Outside working hours the web may be accessed for personal purposes but this must be within the requirements and constraints of this policy document. In particular personal use of NHS Highland s Internet facilities must not interfere with the performance of your duties/other staff s business requirements or have an impact on the performance of the network. If you access the Internet remotely, you should not use the Internet for personal purposes without the permission of your Head of Department as this may incur costs. Do not deliberately visit, view or download any material from any web site containing sexual or illegal material or material which is offensive in any way Do not download software onto Trust systems. This includes software and shareware available for free on the Internet. Do not divulge your password to anyone. Do not leave your PC logged on and unattended if you have Internet access. If anyone uses the PC while logged on it will appear that the actions were carried out by you and you will be held accountable for any misdemeanour that they may commit. To log off the Internet you must close down Internet Explorer. Page: 5 Date of review: August 2009

USE OF NEW NHS EMAIL SYSTEM All use of the NHSmail system must be in accordance with this policy and the National Acceptable Use Policy which you agreed to when registering for an NHSmail account. Access to NHSmail services from Non-NHS Highland sites must be in accordance with the relevant policies eg Working From/At home Policy Home Computer policy Mobile Devices Policy Removable Media Policy NHS Scotland Acceptable Use Policy The following sections discuss the legal obligations of NHSiS organisations and their staff, this includes NHS Highland. Note that the sections are not meant to be either exhaustive or definitive and there may be other legislation in addition to that discussed below. Page: 6 Date of review: August 2009

Harassment What is harassment? The Institute of Personnel and Development define harassment as, unwanted behaviour, which a person finds intimidating, upsetting, embarrassing, humiliating or offensive. It can take many forms and may be directed at one person or a group of people. The intention of the perpetrator is irrelevant: it is the impact on the individual, which determines whether harassment has taken place. (Ref PIN Guidelines - Dignity at Work 2.2.1) What you must not do You should not download from the Internet or include in your emails any material which contains text and/or images which can be construed as causing fear, stress or anxiety to any individual or group of individuals in the organisation. What are the consequences of not following this Policy? Unless the organisation can show that it has taken action necessary to discourage harassment, it can be held liable for the conduct of its staff and may be subject to court action leading to a substantial penalty. Individuals responsible for harassment may be subjected to appropriate disciplinary action. Further detail can be found in the PIN Guideline - Dignity at Work. Page: 7 Date of review: August 2009

Defamation What is defamation? Any false or malicious representation, written, printed or spoken, which hurts the reputation of a person; exposes that person to hatred, ridicule or contempt; injures that person in his or her occupation; or damages the organisation he or she works for eg financially, reputation. What you must not do As a general rule you must not include in emails any statement about a person or organisation which is untrue ie cannot be proved. There are, however, certain defences to allegations of defamation. One such defence is that of qualified privilege. This applies to certain situations such as where, in the discharge of a duty, a statement would be protected if honestly made by a person in the discharge of a public or private duty of some kind or in his own affairs in a matter where his interest is concerned. In such a situation a person against whom an allegation of defamation has been made will have a defence unless it can be shown that the statement was motivated by express or actual malice. There are however some circumstances in which even if a statement is true if a person is maliciously abused or held up to public ridicule or contempt causing him loss or hurt to his feelings damages may be recoverable. What are the consequences of not following this Policy? Under the law of defamation you and/or NHS Highland could be taken to court and sued by the subject of the defamatory statement. Page: 8 Date of review: August 2009

Copyright What is copyright? A number of laws relating to publication are pertinent to the provision of information via the Internet. These include the Copyright, Designs and Patents Act 1988 which protects the intellectual property of individuals. In general, this Act requires that the permission of the owner of the intellectual property must be sought before any use is made of it whatsoever. This includes storage and display on a website or other electronic information service. The law of copyright still has to be clarified in relation to use of the Internet. Given the nature of the Internet, it seems highly probable that a person who puts material on a website is consenting to its being accessed by users of the system thereby nullifying the infringement by reproduction which would otherwise arise under UK law. If, however, the website contains a notice expressly prohibiting copying, contravention of the notice may constitute a copyright infringement. Copyright is infringed by any person who copies, or who authorises for copy, copyrighted material without the owner s consent. What you must not do Unless you have requested and received formal approval from the owner, you must not attempt to copy, print or download any material from the Internet where there is an explicit notification that the material is protected by copyright. What are the consequences of not following this Policy/Code of conduct? The penalty on summary conviction under the Law is a maximum of six months imprisonment and/or a fine not exceeding 5,000. The penalty on conviction on indictment is a fine or imprisonment for a term not exceeding two years or both. Page: 9 Date of review: August 2009

Entering Contracts What is a contract? A contract is a legally enforceable agreement in which two or more people or organisations commit to certain obligations in return for certain rights. Contracts may consist of no more than a single page, an exchange of faxes or even an oral agreement. The words contract and agreement have the same meaning and tend to be used interchangeably. The most important element required for a valid contract is the need for agreement to have been reached on all the essential conditions of the contract. With the exception of certain types of contract which have to be in a certain form, agreements are usually valid as long as the essential elements for creating a contract are met. Rules for contracting by email The contract must be agreed to by someone in the organisation who is lawfully capable of agreeing to contracts (sometimes called the capacity to contract ). An exchange of faxes or email will normally be valid provided there is agreement on the essential conditions, and intention and authority to create a contract. There could, however, be difficulties in proving the terms of an agreement. Where a contract is of any significance it is wise to back up electronic exchanges (eg fax, email) with a formal agreement or letter. What are the consequences of not following this Policy/Code of Conduct? If as an employee of NHS Highland you enter into a contract you must have the correct authority to do so. Where no such authority exists the contract may be invalid or you as the individual may be held personally liable for that contract. Should NHS Highland appear to have given an individual the authority to enter into a contract it may find itself bound into that contract. It is therefore essential that NHS Highland has control and supervision of staff with access to email. Users of email need to be aware that exchange of emails may be interpreted by suppliers as a contract. Email users must therefore ensure that the wording and content of their email does not mislead the supplier. Page: 10 Date of review: August 2009

Pornography What is pornography? Pornography relates to the use of sexually explicit material ie in writings, films or images. Laws on pornography are embodied in the following legislation: The Protection of Children Act 1978, Criminal Justice Act 1988 and Obscene Publications Act 1959 and 1964 have either limited application or do not extend to Scotland. Relevant legislation in Scotland is embodied in the Civic Government (Scotland) Act 1982, Sections 51 and 52. Section 52 of the 1982 Act relates to indecent photographs of children. Photograph is said to include: Data stored on a computer disk, or by electronic means which is capable of conversion into a photograph. Under Section 52, a person commits an offence if he or she: distributes or shows an indecent photograph or pseudo-photograph; has in his/her possession such an indecent photograph or pseudophotograph with a view to its being distributed or shown by him/her or others. A person is said to be regarded as distributing an indecent photograph or pseudophotograph if he/she parts with possession of it to, or exposes or offers it for acquisition by, another person. A defence to the above is provided by stating: Where a person is charged with an offence under sub section (1)(b) or (c) above, it shall be a defence for him/her to prove - that he/she had a legitimate reason for distributing or showing the photograph or pseudo-photograph or (as the case may be) having it in his/her possession; or that he/she had not him/herself seen the photograph or pseudophotograph and did not know, nor had any reason to suspect, it to be indecent. The Telecommunications Act 1984 provides that it is an offence to send by means of a public telecommunications system, a message or other matter that is grossly offensive or of an indecent, obscene or menacing character. What you must not do You must not include in any email, or download from the Internet, information in the form of text or images which could be regarded as indecent or obscene. You must not ignore any incident where pornographic material is discovered in your organisation. If you or your staff happen upon a website which contains pornographic material or receive an email which contains indecent or obscene text, audio or graphic images, the proper reporting procedures should be followed to allow Page: 11 Date of review: August 2009

appropriate investigation and resolution to take place. Reporting should initially be to your Head of Department and the Head of Information Services. What are the consequences of not following this Policy/Code of Conduct? Possession/storage and distribution/transmission of child pornography is a criminal offence which carries a prison sentence. Any staff found storing or distributing pornographic material will be subject to disciplinary proceedings and may be dismissed. Page: 12 Date of review: August 2009

Confidential /Personal Information What is confidential information? Confidential information includes (a) data relating to identifiable individuals eg patients, staff or practitioners and (b) commercially sensitive data eg financial, contractual. Confidential information can be held on a document, microfiche, CD or other magnetic or optical medium such as disk or tape and can be in hand-written, typewritten or in machine readable form. Individuals may be identified by name, address, postcode, unique reference number eg CHI number. Other, less obvious, data items may also identify individuals eg date of birth, rare diagnosis. The primary legislation relating to confidentiality of information is the Data Protection Act 1998 which deals specifically with the treatment and use of personal data held both in computer and in manual form. Detailed guidance on the Act is to be made available in the NHSiS Data Protection Manual. What you must do and what you must not do All systems containing data from which individuals can be identified should be registered with the Data Protection Registrar/Commissioner. If you are responsible for processing personal information, you must ensure that you are aware of the requirements of the Act(s) and of any additional local confidentiality rules covering disclosure. Any staff who deliberately disclose personal or confidential information to unauthorised individuals or organisations will be subject to disciplinary action. If in doubt, seek advice from your line manager or contact the NHS Highland Helpdesk who will log a call and pass it to an appropriate person for advice. What are the consequences of not following this Policy? Organisations/individuals who contravene the terms of the 1998 Data Protection Act can be prosecuted by the Data Protection Registrar/Commissioner or an offended party. Any staff who knowingly disclose personal or confidential information to unauthorised individuals or organisations will be subject to disciplinary action and my be subject to prosecution that could lead to a fine of up to 5000 and/or up to 6 m onths imprisonment Amendments NHS Highland may amend this Policy at any time. Page: 13 Date of review: August 2009

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information