Internet, Intranet and Email Acceptable Use Policy 8.0 Derek … · 2019-09-30 · Internet,...
Transcript of Internet, Intranet and Email Acceptable Use Policy 8.0 Derek … · 2019-09-30 · Internet,...
Internet, Intranet and Email Acceptable Use Policy v7
Policy Title
Internet, Intranet and Email Acceptable Use Policy
Policy Number
OP17
Version Number
8.0
Ratified By
Information Governance Assurance Group
Date Ratified
19/03/2019
Effective From
01/09/2019
Author(s) (name and designation)
Derek Prudhoe, IT Directory and Security Manager
Sponsor
Nick Black, Chief Digital Information Officer
Expiry Date
01/03/2020
Withdrawn Date
Unless this copy has been taken directly from Pandora (the Trust’s Sharepoint document management system) there is no assurance that this is the most up to date version This policy supersedes all previous issues
Internet, Intranet and Email Acceptable Use Policy v8 2
Version Control
Version Release Author/Reviewer Ratified by/Authorised by
Date Changes (Please identify page no.)
1.0
Mar 2001
P Dunnigan JCC 21/02/2001
2.0
May 2004
J Tomlinson TPF Apr 2004
3.0
Feb 2009
D Prudhoe BSDC Feb 2009
4.0
Aug 2011
D Prudhoe IG Committee Aug 2010
5.0 03/12/2012 D Prudhoe Health Informatics Assurance Committee
07/11/2012 Sections re-written and added throughout the policy in order to incorporate email into this policy and minor update to email encryption section (6.3.4.1)
6.0 04/08/2015 D Prudhoe Health Informatics Assurance Committee
04/03/2015 Reviewed, no changes.
7.0 07/12/2017 D Prudhoe Health Informatics Assurance Group
21/11/2017 Reviewed, updated for NHSMail, minor corrections in body of policy, removed secure domains as not applicable any more, added data declaration as Appendix C
8.0 01/09/2019 D Prudhoe Information Governance Assurance Group
19/03/2019 6.2.6 – added clause for Smart devices Updated references from DPA to GRPR Updated text in Code of Connection Appendix A2 6.2.5 – updated text as not reasonable for users to check AV
Internet, Intranet and Email Acceptable Use Policy v8 3
CONTENTS
1.0 INTRODUCTION .................................................................................................................................. 4
1.1 Rationale ......................................................................................................4 1.2 Principles ......................................................................................................4
2.0 Policy Scope ........................................................................................................................................ 4
3.0 Aim of Policy ....................................................................................................................................... 5
4.0 Duties (Roles and Responsibilities) .................................................................................................. 5
5.0 Definitions ........................................................................................................................................... 5
6.0 INTRANET, INTERNET and EMAIL ACCEPTABLE USE .................................................................. 6
6.1 Core Principles .............................................................................................6 6.2 Intranet and Internet......................................................................................6
6.2.1 Authorisation ......................................................................................... 6 6.2.2 Permissible access ............................................................................... 7 6.2.3 Non-permissible access ....................................................................... 7 6.2.4 Copyright ............................................................................................... 7 6.2.5 Viruses ................................................................................................... 8 6.2.6 Internet Service Providers .................................................................... 8
6.3 Email ............................................................................................................8 6.3.1 Access .................................................................................................... 8 6.3.2 Best Practice .......................................................................................... 8 6.3.3 Legal Issues ........................................................................................... 9 6.3.4 Email of Personal Identifiable Information ......................................... 10 6.3.4.1 Methods of sending ........................................................................... 10 6.3.4.2 Confidential Information .................................................................... 10 6.3.5 Offsite/Home and Mobile access to NHSMail ..................................... 10 6.3.6 Out of Office ........................................................................................... 10 6.3.7 Monitoring .............................................................................................. 11 6.3.8 Administration of Email Accounts ...................................................... 11 6.3.9 Unused/Obsolete Accounts ................................................................. 11 6.3.10 Confidentiality Disclaimer .................................................................. 12
7.0 Training .............................................................................................................................................. 12
8.0 DIVERSITY AND INCLUSION ........................................................................................................... 12
9.0 Monitoring compliance with the policy .......................................................................................... 12
10.0 Consultation and review .................................................................................................................. 12
11.0 Implementation of policy (including raising awareness).............................................................. 13
12.0 Associated documentation .............................................................................................................. 13
Appendix A ..................................................................................................................................................... 14
A.1 Request for Access to the Gateshead Trust Computer Network ...................14 A.2 Email, Internet, Digital Systems and Services - User Code of Connection ....15
Appendix B - Legal Disclaimer ..................................................................................................................... 18
Appendix C - NHSMail Data Declaration .................................................................................................... 19
Internet, Intranet and Email Acceptable Use Policy v8 4
Internet, Intranet and Email Acceptable Use Policy 1.0 INTRODUCTION 1.1 Rationale
In common with other NHS organisations, the Trust operates an internal and external email facility and access to the Internet through its connection to the N3 network. The N3 network is a virtual private network that operates throughout the NHS and is inaccessible to non-NHS organisations. It provides access to both NHS-specific websites (prefixed nww.) and the world-wide web (www.). The Trust also provides an intranet that is internal to the Trust and provides access to a wide range of Trust-specific information. This policy sets rules and provides guidance for the use of the Trust Intranet, Internet and email facilities.
1.2 Principles
The Internet is a fast and effective electronic means of gathering information that can enhance the efficiency and effectiveness of staff in the Trust.
The Intranet is a website that is internal to the Trust that provides access to a wide range of Trust-specific information.
The facilities exist primarily for the purpose of conducting Trust business but can also be used for limited permitted personal purposes.
The Internet provides a wide-ranging source of information and knowledge but offers no guarantee of accuracy, reliability or authenticity.
Email and the Internet are fast and effective electronic means of communicating and gathering information that can enhance the efficiency and effectiveness of staff in the Trust.
The Trust will use these facilities to the full (but within available resources and technology) in communicating and cascading information throughout the organisation. Staff are encouraged to familiarise themselves with the facilities and to make use of the Trust’s intranet site.
Email carries the same legal status as other written documents and should be used with the same care.
Email allows electronic records of communications over a period of time to be maintained and systematically managed and referenced.
The internet and email facilities employ complex technology which is not 100% reliable and staff should not rely wholly and solely on them for critical business processes.
2.0 POLICY SCOPE
This policy applies to:
all full-time and part-time employees of the Trust, and to non-executive directors, contracted third parties (including agency staff), locums, students and trainees, secondees and other staff on temporary placements with the Trust, and staff of partner organisations with approved access;
other individuals and agencies who may gain access to data, such as volunteers, visiting professionals or researchers, and companies providing IT services.
Internet, Intranet and Email Acceptable Use Policy v8 5
3.0 AIM OF POLICY
This document defines the Intranet, Internet and email Policy for Gateshead Health NHS Foundation Trust and
Sets out the Trust’s policy for the protection of the confidentiality, integrity and availability of the Intranet, Internet and e-mail system.
Establishes the Trust and user responsibilities for the Intranet, Internet and e-mail system.
Provides reference to documentation relevant to this policy.
The purpose of this policy is to ensure the proper use of the Trust’s Intranet, Internet and email system and make users aware of what the Trust deems as acceptable and unacceptable use of its e-mail system. The objective of this policy is to ensure the security of the Trust’s e-mail system. The Trust will:
Ensure Availability Ensure that the Intranet, Internet and email system is available for users.
Preserve Integrity Protect the Intranet, Internet and email system from unauthorised or accidental modification ensuring the accuracy and completeness of the Trust’s assets.
Preserve Confidentiality Protect assets against unauthorised disclosure.
4.0 DUTIES (ROLES AND RESPONSIBILITIES)
The Trust will take all reasonable steps to ensure that users of the Intranet, Internet and email service are aware of acceptable use policies and legal obligations relating to the use of e-mail. All staff and Non-Executive Directors are obliged to adhere to this policy. It is the responsibility of the individual to ensure that they understand this policy. Managers at all levels are responsible for ensuring that the staff for whom they are responsible are aware of and adhere to this Policy. They are also responsible for ensuring staff are updated in regard to any changes in this Policy. The IT Directory & Security Manager, on behalf of the Chief Executive, will take steps to ensure that all staff adhere to this Policy. A failure to adhere to this Policy may result in disciplinary action.
5.0 DEFINITIONS
Email - A system for sending and receiving messages electronically over a computer network Internet - a vast computer network linking smaller computer networks worldwide. The Internet includes commercial, educational, governmental, and other networks, all of which use the same set of communications protocols.
Internet, Intranet and Email Acceptable Use Policy v8 6
Intranet - a network operating like the internet but having access restricted to a limited group of authorised users usually within a single organisation. N3 Network - a virtual private network that operates within the NHS which provides access to both NHS-specific websites (prefixed nww) and the internet (www).
6.0 INTRANET, INTERNET AND EMAIL ACCEPTABLE USE
6.1 Core Principles
Staff will have access to the intranet and the Internet and email in accordance with national targets
Recognised staff organisations, including Trade Unions, will have access to the Internet and email
Personal use of the facilities will be limited and within prescribed areas Safeguards will be established to protect the security, integrity and
availability of the Trust’s systems The requirements of relevant Acts of Parliament and mandatory national
policies will be observed at all times Staff awareness of copyright and contractual issues will be raised. Guidance on e-mail etiquette will be observed Guidance on housekeeping to ensure efficiency in the operation of the
network and personal folders will be observed Personal use of e-mail should not interfere with work Personal e-mails must also adhere to the guidelines in this policy The forwarding of chain letters, junk mail, jokes and executable programs is
not allowed
6.2 Intranet and Internet
6.2.1 Authorisation The Head of Service/Head of Department must request an account for a new member of staff by completing a ‘Request for Access to the Gateshead Trust Computer Network’ form. This form should ideally be submitted prior to the commencement date of the member of staff but should be completed for any member of staff who requires a user account and submitted to the IT department. The Head of Service/Head of Department must ensure that the member of staff has read this policy. In addition, all users are required to complete and sign an ‘Email & Internet Services - User Code of Connection’ form. This needs to be submitted to the IT department within 1 week of their starting date. If the IT department has not received the form by this date the account will be disabled and will only be re-enabled on receipt of the Code of Connection form. A copy of both forms can be found at Appendix A.
Internet, Intranet and Email Acceptable Use Policy v8 7
6.2.2 Permissible access Access to the Internet is primarily for Healthcare related purposes. That is for NHS work or for professional development and training. Reasonable personal use is permitted provided this does not interfere with the performance of your duties. Personal access to the Internet can be limited or denied by your manager. Staff must act in accordance with their manager’s local guidelines. The Trust has the final decision on deciding what constitutes excessive use. The use of the Internet for personal transactions only, such as booking reservations or tickets or the purchase of any goods or services for personal use, is permitted. Employees should regard this facility as a privilege that should not be abused and should normally be exercised in their own time and without detriment to the job. Inappropriate or excessive use may result in disciplinary action and/or removal of facilities. Staff should be aware that Internet access will be subject to restrictions and monitoring.
6.2.3 Non-permissible access Access to websites that contain offensive or inappropriate material is strictly forbidden. Offensive or inappropriate material includes hostile text or images relating to gender, ethnicity, race, sex, sexual orientation, instruction on criminal or terrorist skills, promotion of cults, gambling, religious or political convictions, disability or any other material likely to bring the Trust into disrepute. This list is not exhaustive. Downloading of such material is considered a serious breach of Trust security and may result in dismissal or prosecution. Other than instances which demand criminal prosecution, the final arbiter on what is or is not offensive material, or what is or is not permissible access to the Internet will be decided by senior Trust management. However, the Trust notes that access to subjects and sites of a potentially contentious nature may be appropriate in some areas of normal operation and/or in specific circumstances, e.g. sex education, youth advice, counselling on gambling, approved research, etc. The Trust therefore places special responsibilities of care on staff operating in such areas to ensure that such access is necessary and that other users, staff and members of the community are not exposed to any such material without good cause. Staff should not use the Internet to conduct personal transactions in pursuit of their own commercial or business interests nor in such a way as to implicate the Trust in those transactions. If in doubt, staff should consult the IT Directory & Security Manager.
6.2.4 Copyright
Internet, Intranet and Email Acceptable Use Policy v8 8
Files must not be downloaded from the Internet and used in such a way as to violate copyright laws. Even if downloading is permissible under copyright law, there may be restrictions with regard to copying, forwarding, or otherwise distributing files. Software license agreements should be read and adhered to. Staff must not transmit copyright software from their computer via the Internet.
6.2.5 Viruses Viruses can damage computer systems, destroy data, cause disruption and incur considerable expense for the Trust. All files downloaded from the Internet must be virus checked before use. Employees must not independently load software onto their PCs (this includes screen-savers). All software installations must be arranged with the IT Department.
6.2.6 Internet Service Providers Internet access must be via the Trust’s network in all instances. The use of alternative methods to connect to the internet is strictly prohibited and individuals must not independently arrange Internet access direct with a commercial Internet Service Provider. Where Trust Portable devices or Smart Devices are used, access to the internet via 4G or wi-fi is permitted. However, use of the internet must comply with all Trust policies. Portable devices and Smart devices will be restricted and monitored when possible.
6.3 Email
6.3.1 Access
NHSMail is provided by NHS Digital and is used as the Trust e-mail system. All NHSMail users are required to accept the NHSMail Acceptable Use Policy which can be found at https://digital.nhs.uk/nhsmail/policies. Acceptance of this policy is built into the NHSMail registration process. Staff who have previously worked for another NHS Trust and have an existing NHSMail account should ensure their previous Trust has marked them as a ‘leaver’. They should advise the IT Department of their existing email address so that their account can be transferred to the Trust. New NHS employees or those without an existing NHSMail account will be provided a NHSMail account after they have completed the procedure in para 6.2.1
6.3.2 Best Practice The Trust considers e-mail as an important means of communication and recognises the importance of proper e-mail content and speedy replies in conveying a professional image and delivering a good service. Therefore the Trust wishes users to adhere to the following guidelines:
Internet, Intranet and Email Acceptable Use Policy v8 9
Before sending an e-mail, consider whether there is a more appropriate way of communicating e.g. a telephone call or face to face contact.
Do not print e-mails unless you really need to for work purposes. E-mails can be saved, if you need them.
Only mark e-mails as important if they really are important.
Ensure you send your e-mail only to people who need to see it. Sending e-mails to all in your address book can unnecessarily block the system.
Ensure your email “Address Book” is set to search Gateshead Health NHS Foundation Trust as a default.
Before sending an email check the email address is correct. If you are uncertain of the email address send a test email before disclosing any information
E-mails should be treated like any other correspondence and should be answered as quickly as possible.
Delete any e-mail messages that you do not need to have a copy of.
If you suspect you received a virus by e-mail, telephone the IT Service Desk immediately (ext 2397).
6.3.3 Legal Issues
The Freedom of Information Act 2000 enables people to have access to much more information held by public bodies than previously. Communications sent via e-mail may relate to decisions made that might have been sent in letters and memos a few years ago. Like their paper counterparts, these e-mail records must be saved, filed and managed in a manner that will allow easy access in future. E-mail is a business communication tool and users are obliged to use this tool in a responsible, effective and lawful manner. Consideration should also be given to the General Data Protection Regulation and Data Protection Act 2018. The following rules are to be strictly adhered to:
Do not send or forward emails with any libellous, defamatory, offensive, harassing, racist or any discriminatory language, homophobic, obscene or pornographic remarks or depictions. If you receive an email of this nature, you must notify your manager
Do not forward confidential information without acquiring permission from the sender first
Do not knowingly send an email that contains a virus
Do not send unsolicited email messages
Do not forge or attempt to forge email messages
Do not send email messages using another person’s email account
Do not knowingly breach copyright or licensing laws when composing or forwarding emails and email attachments.
By following the guidelines in this policy, the e-mail user can minimise the legal risks involved in the use of e-mail. If any user disregards the rules set out in this policy, they may be subject to action by the Trust in accordance with the Trust’s Disciplinary Policy.
Internet, Intranet and Email Acceptable Use Policy v8 10
6.3.4 Email of Personal Identifiable Information
6.3.4.1 Methods of sending
Email is not secure and it should not be treated as the standard method of communicating personal identifiable information. Where email is agreed as the most appropriate method of transfer of personal identifiable information, NHSMail is only secure when sent between two NHSMail accounts. Emails sent from NHSMail to any email address other than a NHSMail account which contains personal identifiable information must be encrypted using the facility within NHSMail. To encrypt an email [secure] should be added to the subject field in the email. Further guidance from NHS Digital can be found at https://s3-eu-west-1.amazonaws.com/comms-mat/Training-Materials/Guidance/encryptionguide.pdf Any e-mail containing person identifiable information held in an e-mail account should be deleted as soon as no longer required.
6.3.4.2 Confidential Information Where possible, personal identifiable information (including digital images) should not be forwarded by e-mail unless it has been anonymised, or the personal identifiers have been removed. These can be provided to the recipient by separate communication. The safe standards of confidentiality should also be applied to staff related personal details.
6.3.5 Offsite/Home and Mobile access to NHSMail
NHSmail may be accessed using non Trust PCs via a web browser on an internet connected PC/other device, or on personal phones that are permitted to be used on NHS Mail (e.g Android 4.0 and above or iPhone 4 and above). To maintain security of NHSmail these devices must be protected by an up-to-date anti-virus programme where applicable and a personal firewall is also advised. Personal and sensitive information must not be accessed using a non-Trust device. If it is necessary to work with personal and sensitive information from a location other than Trust premises, an encrypted Trust laptop should be used. Staff should note that NHSMail on non-Trust devices is outside of the scope of support provided by the IT Department.
6.3.6 Out of Office
Internet, Intranet and Email Acceptable Use Policy v8 11
An “out of office” message must be set up when absent from the Trust for one day or more. If away for a significant period of time (e.g. maternity leave or long-term sick leave) you should contact the IT Service Desk so that your account can be temporarily suspended. Suspended email accounts must be re-enabled within 18 months otherwise they will be deleted. If absence is expected to extend longer than 18 months the IT Department should be advised so they are able to prevent the account being deleted. Where appropriate, with your manager’s approval, access to your e-mail account can be granted to whoever is covering your role. The IT Service Desk can offer assistance with this facility.
6.3.7 Monitoring The content of emails is not routinely monitored. The Trust reserves the right to inspect, monitor and retain message content as required to meet legal, statutory and business obligations.
6.3.8 Administration of Email Accounts Although email accounts are provided by NHSMail, the Trust maintains ownership of all email sent and received including its contents. E-mail should not be considered private and confidential to the individual. All employees should be aware that to allow the business of the Trust to continue unhindered, or as part of an internal investigation, the Trust may require access to an individual’s mailbox, for example where an individual is away for a period and access is required to correspondence urgently. Any such access would be in exceptional circumstances and must be authorised by the Associate Director/Deputy Director of the relevant business unit. If access is required by an Associate Director/Deputy Director access must be authorised by a relevant Director. During the course of an official investigation access to an account may be required by 3rd parties e.g. Law Enforcement agencies, court orders etc. Guidance is provided by NHS Digital in their policy - https://s3-eu-west-1.amazonaws.com/comms-mat/Comms-Archive/Access+to+Data+Policy+2017.pdf Prior to leaving the Trust, staff must ensure that they do not leave any patient identifiable information or commercially sensitive information in their NHSMail account. Likewise, staff migrating their NHSMail account into the Trust must ensure that they do not bring any patient identifiable information or commercially sensitive information from their previous NHS Trust. Staff must complete the declaration at Appendix C to confirm they are aware of this.
6.3.9 Unused/Obsolete Accounts
Internet, Intranet and Email Acceptable Use Policy v8 12
Information held in email may be of vital importance to the organisation and its availability and integrity must be safeguarded. The possibility of important messages being directed to unused accounts and left unread may pose a risk to the organisation. All unused email accounts will be removed from the system. For staff moving to another NHS organisation, their account will be marked as a ‘Leaver’. The owner of the account must ask their new organisation to ‘join’ their NHSMail account within 30 days otherwise it will be deleted. Inactive accounts will be deleted 30 days after being identified. Inactive accounts are classed as those which have not been active for a period of 12 months.
6.3.10 Confidentiality Disclaimer All emails should contain a confidentiality disclaimer asking to be informed if the incorrect person receives the e-mail. This may be set up as an AutoSignature. A standard disclaimer is provided at Appendix B
7.0 TRAINING Training for using Internet Explorer and Microsoft Outlook is available through the Trust Workforce team.
8.0 DIVERSITY AND INCLUSION
The Trust is committed to ensuring that, as far as is reasonably practicable, the way we provide services to the public and the way we treat staff reflects their individual needs and does not unlawfully discriminate against individuals or groups on the grounds of any protected characteristic (Equality Act 2010). This policy aims to uphold the right of all staff to be treated fairly and consistently and adopts a human rights approach. This policy has been appropriately assessed.
9.0 MONITORING COMPLIANCE WITH THE POLICY
Standard / process / issue
Monitoring and audit
Method By Committee Frequency
Internet misuse
Check for excessive or inappropriate browsing via standard reports
Directory Security Team
Weekly
10.0 CONSULTATION AND REVIEW
Confidentiality & Data Protection Group Health Informatics Assurance Group
Internet, Intranet and Email Acceptable Use Policy v8 13
11.0 IMPLEMENTATION OF POLICY (INCLUDING RAISING AWARENESS)
This Policy will be published as per normal policies and circulated as per standard. This Policy will be available at all the Trust’s designated locations.
12.0 ASSOCIATED DOCUMENTATION
OP6 – IT and Information Security Policy OP50 Telecommunications Policy OP58 – Anti Virus Policy
Internet, Intranet and Email Acceptable Use Policy v8 14
APPENDIX A A.1 Request for Access to the Gateshead Trust Computer Network Request for Access to the Gateshead Trust Computer Network This form must be completed for all new staff by their Line Manager so that their user accounts and email accounts can be set up. Please return the form to the IT Department, Queen Elizabeth Hospital. All new staff must sign the Gateshead Health ‘User Code of Connection – Email and Internet Services’ prior to any computer usage. Please complete the following details for the USER, please print clearly. Name:
Department:
Location:
Start Date: (DD/MM/YYYY)
/ /
Other access required e.g. Shared network areas, shared mailboxes etc. - ***If access to shares is required please give full details of share name either in the format \\server\share or as “share on server (X:)“ where X is a drive letter. For help on identifying a share name please call the Service Desk.*** ................................................................................................................................ ................................................................................................................................ ................................................................................................................................ ................................................................................................................................ Authorised by Line Manager. Name:
Job Title:
Date:
/ /
Signature …………..………………………………………………………………..... All users must change their password when they first log onto the network. All Accounts will be set to enforce password changes every 60 days.
Internet, Intranet and Email Acceptable Use Policy v8 15
A.2 Email, Internet, Digital Systems and Services - User Code of Connection
Access to Gateshead Health NHS Foundation Trust Internet, email services, and all Digital Systems and
Services, is permitted only to those who accept this Code of Connection.
1 Introduction
All staff at Gateshead Health NHS Foundation Trust use one or more IT systems as part of their job. All
users of these systems must understand, and accept, the legal rules applying to use of NHS email, and all
our IT systems, including the Internet. Relevant legislation includes The Data Protection Act 2018, The
Computer Misuse Act 1990, Freedom of Information Act 2000, Regulation of Investigatory Powers Act
2000, The Sex Discrimination Act, The Race Relations Act, and the laws of libel.
2 Code of Connection
You must protect confidentiality
Much of the information stored and shared within healthcare is sensitive and confidential. You have a legal
duty to protect confidentiality and you must take care to prevent unauthorised access to your email and
other messages. You must keep your access passwords secret at all times. You must take care when
forwarding or replying to email to check that you do not pass on earlier messages in a string of emails
which contain information you do not intend to share. All trust emails and digital files can be subject to
legal disclosure under Freedom of Information and Data Protection laws. Trust emails and digital files can
be subjected to automated searching for specific key words as part of a legitimate request which has been
approved when necessary. Individuals may not necessarily be notified of any search being carried out. For
sensitive messages, senders should check with the intended recipient that the information will go directly
to the recipient and will not be passed to anyone else. Emails should contain a confidentiality notice asking
to be informed if the incorrect person receives an e-mail. This may be set up as an AutoSignature such as:
“This email, and files transmitted with it, is confidential and intended solely for the use of the individual or
entity to whom it is addressed. If you have received this email in error please destroy it and notify the
sender.”
You must use Digital Systems and Services in a reasonable manner, consistent with your role.
Internet and email services are provided for purposes related to your work, areas of legitimate research,
and for operational services. Personal use of email and internet should be kept to a minimum, and you
should obtain management consent for such usage. Use of email for personal messages is a privilege which
must not be abused. You must never send, view, or download illegal or inappropriate material from the
Internet or via email. (If in doubt seek advice from the IT Security Manager).
No personal material should be stored on Trust equipment, for example music files, holiday documents and
photographs.
You must use email in a professional manner.
Emails have the same legal standing as letters. An email using the NHS email address is similar to writing on
company headed notepaper. You must:
· take care to avoid inadvertently entering into contracts through email
· ensure you do not commit libel
Internet, Intranet and Email Acceptable Use Policy v8 16
· take care not to use language or graphics which may be construed as sexual harassment or an
offence under the Race Relations Act.
· take care not to breach copyright by “publication” of original material by forwarding to another
individual.
· ensure that your files and emails are stored on network storage in order to prevent loss.
You must use Internet Services in a professional manner.
When using Internet Services you must not:
· take part in personal commercial activity.
· undertake any form of share-dealing.
· take part in any gambling.
· take part in petitions, campaigns, politics or similar activity.
· access inappropriate material.
You must help to prevent spread of computer viruses.
Email is a common route of spreading of computer viruses. Computer viruses can be carried within any
attached documents or links to internet sites. Computer viruses can cause catastrophic failures within
hospitals, and across the NHS, with the potential to close down entire hospitals. The Trust IT security team
work to protect the hospital from viruses and to ensure that anti-virus software on individual computers
receives updates during restart cycles. Everyone using email must have up to date anti-virus software on
their computer and must keep their computer anti-virus software up to date by restarting the computer
every day.
In addition, you must protect PCs from unlicensed or unauthorised software, and you must not install any
software without approval.
Failure to Adhere to the Code may result in withdrawal of access, and disciplinary proceedings.
Breaches of security, abuse of services, or non-compliance with the Trust’s Information Security Policy or
the Code of Connection, may result in withdrawal of email and Internet services. Abuse of email services, or
non-compliance with the Code of Connection, will lead to invoking the Trust’s disciplinary procedures.
Users of the Trust IT systems, and email, must be aware of these security considerations, understand the implications of non-compliance, and must agree to abide by the terms of this Code of Connection and the Trust’s Internet, Intranet and E-mail Acceptable Use Policy.
The Trust reserves the right to monitor Internet access and emails sent or received by staff on Trust PCs, in order to ensure that the Code of Connection is not breached
Internet, Intranet and Email Acceptable Use Policy v8 17
USER ACCEPTANCE I confirm that my Line Manager has completed and signed a Request for Access form. I have read and understand the Email, Internet, Digital Systems and Services Code of Connection and agree to abide by both it and the Trust’s Internet, Intranet and E-mail Acceptable Use Policies *Please Print Clearly
Forename:
Surname:
Telephone/Bleep No:
Date: (DD/MM/YYYY)
/ /
Department/Directorate:
Have you previously worked at the Trust? If yes, which Department/Directorate:
Have you previously worked for the NHS at another Trust? If yes, which Trust/Organisation:
Do you have an existing NHSMail account? If yes, what is the email address:
User Signature: ……………………………………………………………………… Original to be sent to: IT Department Queen Elizabeth Hospital Gateshead NE9 6SX Copy to be retained by user
Internet, Intranet and Email Acceptable Use Policy v8 18
APPENDIX B - LEGAL DISCLAIMER
‘Unless expressly stated otherwise, the information contained in this e-mail and any files transmitted with it is confidential and is intended solely for the use of the individual or entity to whom it is addressed. If you are not the intended recipient you must not copy, distribute, or take any action or reliance upon it. If you have received this e-mail in error, please destroy it and notify the sender. Any unauthorised disclosure of the information contained in this e-mail is strictly prohibited.’
Internet, Intranet and Email Acceptable Use Policy v8 19
APPENDIX C - NHSMAIL DATA DECLARATION
Staff members who are coming into Gateshead Health NHS Foundation Trust from a different
Trust
Employees should note that it is their responsibility to ensure that they do not migrate any patient
identifiable information or commercially sensitive information from another NHS organisation
when transferring their NHS net account when commencing employment with Gateshead Health
NHS Foundation Trust. To do so, may constitute an Information Governance breach which may
require the Trust to notify the Information Commissioner. No organisational data should be left in
the NHS.net email account when staff are transferring to another NHS organisation.
Your Name:……………………………………………………………………………………………………………………………..
Your Dept:……………………………………………………………………………………………………………………………….
Signature:……………………………………………………………………………………………………………………………..
Date:……………………………………………………………………………………………………………………………….
Please return this sheet to Workforce Information when you have completed this form. Thank
you.