Call: 01625 532244

Phone lines open from 8.00am to 6.30pm

Network, Internet and Email Policy

Please read the Kenmore Network, Internet and Email Policy below or download a copy.

1. Introduction

Kenmore Medical Centre as an organisation is committed to the use of information technology to improve and develop service provision to all its ‘customers’ and staff. Access to external sources of information, particularly via the Internet is increasingly important in the working environment, where it can enhance quality, speed up access and reduce duplication of effort. The use of information must however be controlled and managed, and inappropriate use of information technology resources must be avoided.

2. Background and Definitions 

1.1      This policy addresses the provision, usage and management of Network, Internet and Email services provided to employees, associated staff and attached staff at Kenmore Medical Centre for use as part of their professional responsibilities.

1.2      ” Network” is the name given to the collection of networking services and facilities that support the data communication requirements of Kenmore Medical Centre.

1.3      “Internet” is the name given to a collection of interlinked computers and services, and also the large computer network linking smaller computer networks worldwide.

1.4      “Email” is the name given to the messages and the transmission of those messages electronically.

  • For further guidance on the acceptable use of Email, see the Email Etiquette guidelines

3. General Principles 

  • The use of electronic communication and information technology is no more than the addition of another medium. The same professional standards are expected of users as with traditional methods such as written, telephone, fax and face-to-face meetings.
  • Internet access is provided to support work related activities only. Access is enabled by the IT Assistant following management approval based on the benefits to the organisation and the user g. access to research and development information, other NHS websites, other professional sites etc.
  • E-mail access is available to all staff either for internal messaging or external communication with other NHS or work related organisations or individuals. It is intended to improve and accelerate information flows in support of work related activities.

4. Acceptable Use

Acceptable uses of the Network, Internet and E-mail are defined as any authorised and legal use that supports the effective and efficient furtherance of work related activities. The following is not an exhaustive list, but sets out broad principles of use that the Practice considers acceptable usage:

  • To provide communication with other Practice users, NHS bodies and agencies and other related organisations
  • To provide information to patients
  • To communicate and obtain information and data in support of activities authorised by the Practice, e.g. research, clerical information, development activities
  • Any other authorised and legal use that directly supports work related functions.

5. Unacceptable Use

As with other methods of communication, the Network, Internet and E-mail are open to abuse. The following list sets out areas of use that the Practice considers to be unacceptable. Unacceptable use will be addressed through the Practice’s disciplinary procedure, and may result in dismissal.

  • The deliberate access to, creation or transmission of any offensive, obscene or indecent images, data or other material, or any data capable of being resolved into obscene or indecent images or material.
  • The creation or transmission of material, which is designed or likely to cause nuisance, annoyance, inconvenience or needless anxiety.
  • Deliberate unauthorised access to facilities or services accessible via the Network, Internet and E-mail, for the establishment, transaction or promotion of private business.
  • Deliberate unauthorised access to facilities or services accessible via the Network, Internet and E-mail for commercial purposes other than in accordance with your duties.
  • Deliberate unauthorised access to facilities or services accessible via the Network, Internet and E-mail for the creation and distribution of personal web sites or pages, or unsolicited commercial or advertising material either to other NHS bodies or to organisations connected to other networks.
  • Deliberate or negligent introduction of “viruses”, malicious code or other software development or hardware device of a malicious or Practice unapproved nature.
  • The unauthorised disclosure of sensitive or confidential data of any kind related to Kenmore Medical Centre, its patients, partners, staff or business activities.
  • Forgery or attempted forgery, interference with, or deliberate falsification of electronic mail.
  • Third party access to the Network, Internet or E-mail services provided by Kenmore Medical Centre. A third party means any individual or a separate organisation that is defined in law as a separate entity to the Practice. A third party may also be another member of the Practice.
  • Where the Network, Internet and Email is being used to access another network, any abuse of the acceptable use policy of that network will be regarded as unacceptable use of the Network, Internet and Email

6. Confidentiality

Users must be aware that the Practice’s policy on Confidentiality applies. The following are breaches of the policy:

6.1 – The disclosure of passwords to others, irrespective of their employment or otherwise by the Practice

6.2 – The use of other peoples’ passwords other than by the system administrator for authorised purposes.

6.3 – The sharing or distribution of Network, Internet or E-mail addresses other than for official purposes.

6.4 – Leaving a computer unattended without logging out.

7. Compliance

7.1 – It is the responsibility of the Practice to ensure that all users with access to the Network, Internet and E-mail are made aware of their obligations in respect of this policy

7.2 – It is the responsibility of the user to ensure they comply with their obligations under this policy

7.3 – Violation of this policy is a disciplinary offence and will be dealt with under the Practice’s Disciplinary Procedure. The viewing or distribution of pornographic material, harassment or discriminatory material resulting from the use of the Network, Internet or Email, constitutes gross misconduct for which an employee may be summarily dismissed

7.4 – The Practice may monitor usage of Network, Internet and Email activity in accordance with the Regulation of Investigatory Powers Act 2000. Users should be aware that the deletion of a file might not remove it completely.

7.5 – The use of anonymous proxy or equivalent sites to disguise Internet usage will be deemed a breach of this policy.

7.6 – Where violation of these conditions is illegal or unlawful, or results in loss or damage to the Network, Internet or Email resources, or to the resources of third parties accessible via Network, Internet and Email, the matter may be referred for legal action

8. Etiquette for E-mail use

All users are expected to observe the following rules of general etiquette when using E-mail.

Good manners cost nothing.  In today’s high-speed electronic world it is all too easy to forget that we are communicating with fellow human beings and not the faceless screen in front of us.

The following points should be borne in mind when using e-mail.

8.1 – Always start your message with the recipient’s name to personalise the message and show courtesy.

8.2 – Likewise end your message with your name and the name of the Practice. The above points are of particular value if you are replying to, or forwarding, a message as the auto-signature function won’t do this for you.

8.3 – Keep attachments as small as possible. The recipient may only have a slow modem and may have to pay connection charges.

8.4 – Consider sending attachments in the lowest common format. The recipient may not have the latest version of Word etc.

8.5 – Try to check your e-mail at least twice a day as someone may be waiting for a reply.

8.6 – When composing e-mails always remember … using bold is OK BUT USING CAPS is the equivalent of shouting….

8.7 – The use of exclamation marks (!) in e-mail subject headings is also considered discourteous.

8.8 – Use the ‘high importance’ signal sparingly so as not to devalue its relevance.

8.9 – Sending emails:

a. When sending emails you must use the encryption feature that allows users to exchange information securely with users of non-accredited or non-secure email services (i.e gmail, Hotmail etc).

b. When sending sensitive information outside of NHSmail the encryption feature must be used. Please see the guidance below:

https://s3-eu-west-1.amazonaws.com/comms-mat/Training-Materials/Guidance/encryptionguide.pdf

c. To send an encrypted mail you login into your NHS mail account, create a new message, ensure the correct email address is entered for the recipient. In the subject field of the email, enter the text [secure] in the subject message. Type the message and send. An unencrypted message will be saved in your sent items.

d. Ensure that you have sent information to a patient regarding the guidance on ‘Accessing Encypted Emails guide for non NHS users).

https://s3-eu-west-1.amazonaws.com/comms-mat/Comms-Archive/Accessing+Encrypted+Emails+Guide.pdf

https://support.nhs.net/knowledge-base/egress-encryption-tutorial-videos/

e. Please ensure you have read the documents in full above and are familiar with how to use encryption when sending emails.

Purpose of email

  1. Purpose of Email: Emails should primarily be used for official business purposes, including patient communication, scheduling appointments, internal communication, and other work-related matters. Personal use should be limited to breaks or outside work hours, and personal emails should not interfere with your work responsibilities.
  2. Confidentiality and Data Security: a. Treat all patient and sensitive information with utmost confidentiality. Do not share patient details, medical records, or any personal information through email unless using a secure, encrypted system approved by the organization. b. Do not forward or share emails with sensitive information to unauthorized individuals or external parties. c. Report any suspected data breaches or email security incidents to the IT department or management immediately.
  3. Professionalism: a. Use professional language and tone in all email communications. b. Do not engage in inappropriate, offensive, or discriminatory content in emails. c. Avoid using abbreviations, jargon, or slang that may be unclear to recipients.
  4. Email Signatures: All employees must have a standard email signature, which includes their full name, title, contact information, and the general practice’s name and address.
  5. File Attachments: a. Only attach files that are relevant and necessary for the recipient’s understanding of the message. b. Comply with any file size limitations set by the email system to avoid overloading email servers.
  6. Email Response Time: a. Strive to respond to work-related emails promptly and within a reasonable timeframe. b. If an email requires more time or in-depth analysis, acknowledge the receipt of the email and provide an estimated time of response.
  7. Proper Use of Distribution Lists: Ensure that distribution lists are used appropriately and only for relevant recipients. Avoid forwarding irrelevant or unnecessary information to the entire team.
  8. Avoiding Spam and Phishing: a. Do not open attachments or click on links in emails from unknown sources. b. Report any suspicious emails, spam, or phishing attempts to the IT department immediately.
  9. Email Storage and Archiving: a. Regularly clean up your email inbox and archive old emails as per the organization’s policy. b. Follow the email retention policy to ensure compliance with legal and regulatory requirements.
  10. Mobile Devices: If accessing work email from personal mobile devices, ensure devices have appropriate security measures, such as password protection and remote wipe capabilities in case of loss or theft.
  11. Monitoring and Compliance: Understand that email communication within the organization may be subject to monitoring for security, compliance, and business purposes.

Failure to comply with this email policy may result in disciplinary action, up to and including termination.

9. Virus Warning

Most viruses reach networks and personal computers (PCs) via e-mail.  Individual users can take some simple precautions to reduce the risk of allowing a virus into the network.

9.1 – Before opening an e-mail check whether you know (and trust!) the sender.

9.2 – If you don’t know the sender set your e-mail to ‘preview’ (click ‘view’ on your toolbar and select ‘preview pane’).  This should give you enough information to determine whether the e-mail is likely to be work related or possibly malicious.  If in doubt delete the e-mail without opening it, by highlighting it and clicking on the delete button on the toolbar.

9.3 – E-mails sent on legitimate health service business can sometimes carry viruses. A sensible precaution is always to ‘save’ any attachments rather than opening them straight away, because saving activates the virus checker

9.4 – If you have any reason to suspect that you may have received an infected e-mail NOTIFY THE IT Manager/General Manager IMMEDIATELY.

10. Personal Use

Under normal circumstances access to the Internet or E-mail facilities for personal or non-work related use is not permitted. However, it is recognised that on occasion it can provide useful sources of information/communication for individuals without detriment to the Practice and its functions. Such usage must be strictly limited.

 

 

Date published: 20th September, 2023
Date last updated: 20th September, 2023