Internet Use Policy

Internet Use Policy

Document History

Version Date: / 10th January 2014
Version Number: / 1.5
Status: / DRAFT
Next Revision Due: / January 2016
Developed by: / Information Governance Team
Policy Sponsor: / Director of Finance, Performance & Information
EQIA completed - including reference number / Completed
Approved by: / Information Governance Group
Date approved: / 16th January 2014

Revision History

Version / Revision date / Summary of Changes
1.1 / Aug 2011 / Previous PCT policy put in to DCHS format
1.2 / Nov 2011 / EIA Completed
1.3 / Mar 2012 / Update to monitoring section
1.4 / Apr 2012 / Changes made required for approval
1.5 / January 2014 / Trust Accountability/Responsibilities amended to reflect change of Caldicott Guardian. Slight amendment to S.6. IG Officer details changed.

To help ensure that this policy is as accessible as possible, it has been left-aligned and is available in alternative formats and languages. To obtain a copy of the policy in large print, audio, Braille (or other format) or in a different language, please contact The Communications Team, by Tel: 01773 525099 or email

Table of Contents

1. Background 3

2. Aim /Purpose 3

3. Definitions and an Explanation of Terms Used 3

4. Intended Users 3

Table of Intended Users: 3

5. Flow Chart 3

6. Internet Use Policy 3

Internet Access 5

Internet Monitoring and Reporting 5

Process for Dealing with Unacceptable Internet Usage 5

Blocked Sites 5

7. Support and Additional Contacts 6

8. References and Associated Documentsnts 6

9. Trust Accountabiliy / Responsibilities 6

10. Monitoring & Performance management of the Policy 8

11. Equality Impact Statement 9

12. Appendix 1 – example of blocked access 10

13. Equality Impact Assessment 11

Equality & Diversity Impact Assessment : Level I Screening 11

Internet Use Policy

1. Background

The Internet is a valuable tool that many DCHS staff use as part of their work. It is essential that all staff understand their responsibilities when using the internet.

2. Aim /Purpose

It is the purpose of this policy to enable the effective and legal use of DCHS internet systems. This policy refers to all user activity on the NHSnet and wider internet and applies to all employees of the Trust. It also applies to secondees, agency and consultancy staff using the resources of the Trust as well as contractors working on behalf of the Trust.

3. Definitions and an Explanation of Terms Used

4. Intended Users

Table of Intended Users:

DCHS
Chief Executive’s Department / YES
Finance Performance and Information / YES
Quality / YES
Strategy / YES
Service Delivery / YES
Human Resources / YES
Medical Directorate / YES
Leicester Employees / YES

Within this policy where it states “all employees”, please note, that it relates to all the employees who are highlighted in the table above

5. Flow Chart

A flowchart is not currently included in this policy.

6. Internet Use Policy

§  The Trust does not allow its equipment to be used for intentionally accessing information of an unlawful, unethical, and/or degrading nature to any being (eg pornography, paedophilia, terrorism or from organisations engaged in any kind of armed struggle). This information could be found on websites and in newsgroups. Access to such inappropriate information could place employment at risk.

§  Employees may not use the internet for personal commercial purposes e.g. supplying goods and services.

§  Users should only access sites or services that are appropriate to the work they are engaged in. This ruling is not intended to exclude occasional personal use in the employee's own time, but such use should be minimal and should in no way infringe upon work time.

§  NHS web sites on the NHSNet (nww) are deemed secure and therefore documents and files may be downloaded from these sites. The internet (www) is not subject to the same security and therefore staff should be aware of potential risks.

§  Software programs and files must not be downloaded from the World Wide Web unless proven to be secure, but documents may be printed.

§  Information and Communications Technology (ICT) resources are not unlimited. Network bandwidth and storage capacity have finite limits and all users connected to the network have a responsibility to conserve these resources. As such, the user must not deliberately perform acts that waste ICT resources or unfairly monopolise resources to the exclusion of others. These acts include, but are not limited to, sending mass mailings or chain letters, spending excessive amounts of time on the internet, playing on-line games, engaging in online chat groups, uploading or downloading large files, accessing streaming audio and/or video files, or otherwise creating unnecessary loads on network traffic associated with non-business-related uses of the internet.

§  Users may not illegally copy material protected under copyright law or make that material available to others for copying. You are responsible for complying with copyright law and applicable licenses that may apply to software, files, graphics, documents, messages, and other material you wish to download or copy. You may not agree to a license or download any material for which a registration fee is charged without first obtaining the express written permission of the Trust.

§  The internet is a major source of computer viruses, the effects of which can range from the minor irritant to the major disaster but all have costs involved in their eradication. Although the IT network has background anti-virus defences it is still essential for users to remain alert when opening files and mail. In the event that a user suspects a virus infestation Derbyshire Health Informatics Service (DHIS) customer services should be contacted immediately.

§  Internet users must be aware that the system is inherently insecure. No patient identifiable information or other organisational confidential information must be transmitted over the internet.

§  All PCs and laptops supported by DHIS have anti-virus protection software enabled and are automatically updated when connected to the network.

§  The content of websites cannot be guaranteed and so users are responsible for vetting and verifying content before use.

Internet Access

Access to the internet should be open to all. Users should be made aware of this policy and familiarise themselves with it and comply with the policy at all times. Pop-up screens will be used periodically to remind users of their responsibilities when using computers and the internet.

Users must not allow other employees to access the internet using their network password and should ensure that the workstation is shut down or locked when leaving it.

Internet Monitoring and Reporting

The Trust has the right to monitor and log any aspects of its ICT system including, but not limited to, monitoring internet sites visited by users, monitoring chat and newsgroups, monitoring file downloads and all communications sent and received by users. These may be available for both Internal and External Audit review.

In order to satisfy legal requirements and Trust policy, DHIS utilise web management and reporting software. This software allows the monitoring and blocking of web traffic between each external gateway and the internet. At the request of the Trust, DHIS will provide to nominated staff internet browsing details and trend reports on internet users. The Trust will decide the frequency and nominate appropriate staff to receive these reports. These reports will be stored in a confidential manner and will be stored within a specific timescale dependent upon the nature of the issue.

Process for Dealing with Unacceptable Internet Usage

In the event the Trust considers an employee’s internet usage to be sufficiently inappropriate they will take steps to inform relevant management. DHIS IG, in conjunction with other departments as appropriate, will be responsible for the collation of information from a technical perspective.

Where there is evidence of an offence or breach of policy, it will be investigated in accordance with the Trust’s Disciplinary Procedures applicable to all Trust employees. In such cases, DHIS IG will act immediately with the priority of preventing any possible continuation of the incident. As a result of such actions accounts may be closed or e-mails may be blocked to prevent further damage or similar occurring.

Blocked Sites

The Trust reserves the right to block certain categories of sites in order to restrict inappropriate use of the internet. However in order for employees to access sites that are relevant to their work the Trust will give formal agreement to DHIS for access rights to be given.

Members of staff who attempt to access a blocked site will receive a “pop up” message where the user is prompted to seek permission from their line manager should they feel there is a genuine work related need to access that particular site (see Appendix 1).

In light of the internet continually evolving the Trust reserves the right to amend the blocked categories on a continual basis. A current list of all blocked sites will be available from the DHIS and an example is shown below:

§  Adult/sexually explicit

§  eBay sites

§  Games

§  Glamour & intimate apparel

§  Hacking

§  Personals & dating

§  Some streaming media

§  Web-based E-mail

§  Chat

§  Criminal Activity

§  Criminal Skills

§  Downloads

§  Cloud Storage and File sharing sites (e.g. Dropbox)

§  Gambling

§  Hate

§  Illegal Drugs – note this site may be required for certain areas of work

§  Intimate Apparel & Swimwear

§  Intolerance and Hate

§  Peer to Peer

§  Phishing & Fraud

§  Ringtones/Mobile Phone Downloads

§  Spam URLs

§  Spyware

§  Tasteless & Offensive

§  Violence

§  Weapons

7. Support and Additional Contacts

Hannah Edwards – Information Development Manager – 01773 525099

Andy Preston – Information Governance Officer – 01773 525099

8. References and Associated Documentsnts

This policy is supported by all Information Governance policies that are available under ‘non-clinical’ on the Policies and Procedures intranet page.

9. Trust Accountability / Responsibilities

9.1 The DCHS Way Expectations:

What we can all expect from DCHS:

·  Share and support us in understanding our vision, values and priorities

·  Be clear as to what is expected of us and what our part is to play in the organisation

·  Support us to deliver our job in the best way

·  Manage and support us to maximize our performance

·  Communicate with us in a timely, open and honest way

·  Listen to us and involve us in decision making

·  Respect and value diversity

What DCHS can expect from all of us:

·  Put patients at the heart of what we are doing, promoting their health at every opportunity

·  Go to the extra mile for patients, carers, colleagues and the good of the organisation

·  Continuously improve our performance and our services

·  Eliminate waste and ensure we work as efficiently and flexibly as possible

·  Live the DCHS values and behaviours

·  Fulfil the requirements of our professional standards

·  Take responsibility for promoting the reputation and image of DCHS at every opportunity

9.2 Individuals

9.2.1 Chief Executive

The Chief Executive has responsibility from the DCHS Board for ensuring that there are safe and effective systems in place to deliver high quality services.

9.2.2 Director of Service Delivery

The Director of service Delivery is responsible for the high quality, efficient and effective community services provided by the four Service Delivery divisions within the Trust, ensuring that they meet and exceed performance standards.

9.2.3 Director of Quality / Chief Nurse

The Director of Quality / Chief Nurse is responsible for the professional leadership of non medical clinicians across the Trust and for ensuring the highest possible quality of care for patients and service users. The Chief Nurse is the Trust’s Caldicott Guardian and therefore also has responsibility for acting as the ‘conscience’ of the Trust, and should also actively support work to facilitate and enable information sharing, and advise on options for lawful and ethical processing of information as required.The Director of Quality is also responsible for the development and implementation of effective strategies and systems to improve patient safety and patient experience across the Trust

9.2.4 Director of Strategy

The Director of Strategy is responsible for developing and leading the Trust’s business development function, ensuring business opportunities and challenges are proactively identified and effectively managed to support delivery of the Trust strategy.

9.2.5 Director of People and Organisational Effectiveness

The Director of People and Organisational Effectiveness is responsible for providing visible, credible and effective leadership to the Trust in the development and delivery of a HR, workforce and organisational development strategy to support the delivery of both Trust strategies and objectives.

9.2.6 Director of Finance, Performance & Information

The Director of Finance, Performance & Information is responsible for providing leadership and management to the finance, information and performance functions and takes responsibility for the financial stewardship, probity and governance of the Trust’s resources. The Director of Finance, Performance & Information is also the Senior Information Risk Owner (SIRO) and so leads the Information Governance (IG) risk assessment and management processes within the Organisation and advises the Board on the effectiveness of information risk management across the Organisation.

9.2.7 Medical Director

The Medical Director is responsible for providing medical leadership and direction to the Trust Board to ensure that clinical issues are understood and appropriately drive the Trust’s strategic and operational plans.

9.2.8 Head of Service / Operational Managers

The Heads of Service and Operational Managers have a responsibility to ensure that the policy is implemented within their area and that their teams are aware of the policy and have received the appropriate training.

9.2.9 Employees

Professionally registered employees; all employees are accountable for their professional practice and hold individual responsibility to maintain their knowledge and skills.

All employees have a responsibility to be aware of and read policies appropriate to their roles and others where necessary. They should be aware of, and comply with, their responsibilities within the individual policies of the Trust.