E-MAIL, INTERNET AND NETWORK
ACCESS POLICY
|
|
|
|
|
|
|
User
name |
|
Job
Title |
|
Department |
The Tavistock & Portman NHS Trust has invested considerable sums of money to ensure that there are suitable IT systems and services to support:
· Research & Development
· Requirements of the Information for Health Strategy
While the Trust wants to adopt a culture of open access for these services, it is extremely important that they are used appropriately.
The IT systems, services and resources provided by the Tavistock & Portman NHS Trust (including but not limited to the network, the computer, and the e-mail system) are Trust property, and may only be used for authorised Trust purposes. The information created by, distributed with or stored on company property is, by definition, also company property. Staff should expect this information to be monitored. Occasional personal use of the e-mail and internet systems is permitted, although this privilege may be revoked at any time.
The Tavistock & Portman NHS Trust is responsible for ensuring high levels of security for its network and computing systems and protecting the network against unauthorised access and fraudulent use. This responsibility includes informing users of expected standards of conduct and the consequences of not adhering to them. Any attempt to violate the provisions of this policy will result in disciplinary action which may lead to barring of services and, where appropriate, dismissal.
The users of the network are responsible for respecting and adhering to local, national and international laws (see appendix for information). Any attempt to break those laws through the use of the network may result in litigation against the offender by the proper authorities. If such an event should occur, the offender will fully comply with the authorities to provide any information necessary for the litigation process. The Trust will not be liable for the actions of individual users of its network, systems, services or resources.
This policy identifies the actions that the Tavistock & Portman NHS Trust considers to be abuse and therefore strictly prohibited. In addition to the other requirements of this policy, employees may only use the Tavistock & Portman NHS Trust’s systems, services and resources in a manner that is consistent with the defined purposes of such systems, services and resources. If you are unsure of whether a contemplated use or action is permitted under the terms of this policy, you should contact the Head of Information Services for official determination. The examples identified in the sections below are non-exclusive and are provided in part for guidance purposes. This policy applies in addition to the standards outlined in the Tavistock & Portman NHS Trust Information Security Policy.
Access to the Tavistock & Portman NHS Trust network is restricted to authorised users who will be given a user name and a confidential password. Once a user receives a user name and password to be used to access the systems, they are solely responsible for all actions taken under that user name. Therefore:
· Applying for a user name under false pretences is a disciplinary offence.
· Disclosing your user name and password with any other person outside the Tavistock & Portman NHS Trust is prohibited.
· Deletion, examination, copying, or modification of files and/or data belonging to other users without their prior consent is prohibited.
· Use of Information Services for commercial purposes for personal gain is prohibited.
· Any unauthorised, deliberate action that damages or disrupts a computing system, alters its normal performance, or causes it to malfunction constitutes a violation of this policy, regardless of system location or time duration.
· Advertising or any other form of promotional activity for non-Tavistock & Portman NHS Trust purposes is forbidden
All
incoming and outgoing e-mails are automatically backed up on the server, and
the Tavistock & Portman NHS Trust reserves the right to check these at
any time. In the event of an investigation which results
from indications of impropriety or where it is necessary to locate substantive
information, the Tavistock & Portman NHS Trust reserves the right to access
and review the contents of all e-mail. In the event of such an investigation, Tavistock
& Portman NHS Trust employees will not attempt to delete e-mail evidence.
Under the Companies Act 1985 and the Business Names Act 1985, the Trust is obliged to attach information regarding its full name and address on all communication. A standard “signature” containing this information is therefore automatically added to the end of all outgoing external e-mails. This also includes the following disclaimer:
This message is sent in confidence for the addressee/s only. The contents
are not to be disclosed to anyone other than the addressees. Unauthorised recipients must preserve this
confidentiality and should please advise the sender immediately of any error
in transmission.
Any opinions
expressed here are those of the sender and should not be taken as representing
the view of the Tavistock & Portman NHS Trust.
Users of the Tavistock & Portman NHS Trust network may not undertake:
· Forgery or attempted forgery of electronic mail messages.
· To read, delete, copy, or modify or attempt to read, delete, copy, or modify the electronic mail of other users.
· To send or attempt to send harassing, obscene, defamatory, abusive and/or other threatening e-mail to another user.
· To send or attempt to send unsolicited “junk” mail, “for-profit” messages or chain letters.
· Harassment of others whether through language, image, frequency or size of messages, chain letters, malicious acts and the forging of mail header information.
· To transmit on or through any of the Tavistock & Portman NHS Trust’s systems, services or resources any material that is, in the Tavistock & Portman NHS Trust’s sole discretion, unlawful, indecent, defamatory, obscene, threatening, abusive, libellous or hateful, or that encourages conduct that may constitute a criminal offence, give rise to civil liability or otherwise violate the law.
· To subscribe to any newsgroups without prior consent from the Head of Information Services.
· To send or attempt to send any patient identifiable information via e-mail.
· To place any purchase orders or enter into any other contractual arrangements via e-mail without the prior permission of the Head of Supplies and/or their department manager.
Users of the Tavistock & Portman NHS Trust network may not:
·
Access or download any sites which in the opinion
of the Tavistock & Portman NHS Trust are unsuitable, inappropriate or
offensive.
·
Access or download online games
·
Access or download sites which could bring the Trust
into disrepute
·
Access or download Internet Relay Chat sites
·
Access or download Real Audio sites
· Post, transmit, re-transmit or store material on or through any of the Tavistock & Portman NHS Trust 's systems, services or resources, any material that is, in the Tavistock & Portman NHS Trust’s sole discretion, unlawful, obscene, threatening, abusive, libellous or hateful, or that encourages conduct that may constitute a criminal offence, give rise to civil liability or otherwise violate the law.
· Access sites and/or databases which require payment unless this has been agreed by both the respective Head of Department and the Information Systems Manager.
As a user of the network, you may be allowed to access other networks (and/or the computer systems attached to those networks). Therefore:
· Use of systems and/or networks in attempts to gain unauthorised access to remote systems is prohibited.
· Use of systems and/or networks to connects to other systems, in evasion of the physical limitations of the remote system/local, is prohibited.
· Users may only connect to the internet through the official Tavistock & Portman NHS Trust network. Individual connection (via personal modems etc) is prohibited.
· Decryption of system or user passwords is prohibited.
· The copying of system files is prohibited.
· The copying of copyrighted materials, such as third-party software, without the express written permission of the owner or the proper licence, is prohibited.
· Intentional attempts to “crash” network systems or programs are disciplinary offences.
· Any attempts to secure a higher level of privilege on network systems are disciplinary offences.
· The wilful introduction of computer “viruses” or other disruptive/destructive programs into the organisation network or into external networks is prohibited.
· All software installed on the Tavistock & Portman NHS Trust network must be appropriately licensed for use by the Trust.
· Individual users are not able to install their own software on the Trust network, and permission must be sought from Information Services for the installation of additional software.
Declaration:
I the undersigned
have read and understood the code of conduct described above regarding the
use of computer equipment to access the network and I agree to be bound by
this code during the period of my employment.
I understand that on termination of my employment with the Tavistock
& Portman NHS Trust my username and password will be removed from the
Trust network and any attempt to access the network may be reported to the
police.
|
|
|
|
|
|
|
User
name |
|
Signature |
|
Date |
Appendix
All information contained in electronic mail must comply with the normal contract requirement and conform to UK and EU law. These include:
·
The Data Protection Act 1998
Computerised
patient data is confidential and protected by law. The Trust must take appropriate
security measures to protect data from loss, corruption or inappropriate editing
or disclosure. The Tavistock & Portman NHS Trust is registered with the
Office of the Information Commissioner as a whole so that individual systems
do not also need registering. Queries relating to the Data Protection Act should be referred
to the Information Services Manager.
· The Computer Misuse Act 1990
Unauthorised Access: causing a computer to perform any function with intent to secure access to any program or data held in any computer, when the access is unauthorised and s/he knows at the time when causing the computer to perform the function that this is the case, is against the law. Even casual meddling in a live area could be an offence.
Hacking: Seeking to gain access to a computer program or data when the access is unauthorised and when the person knows that his/her attempt is unauthorised is against the law.
Fraud: Seeking to commit an offence (e.g. fraud) on a computer system, whether in one or multiple attempts, is an offence, even if the attempt(s) fail, (for example if the system security withstands the offender.)
Modification, viruses etc.: Any act which causes unauthorised modification of the contents of a computer when the person has intent to impair the operation of any computer, prevent or hinder access to any program or data, or impair the operation or reliability of any data is an offence. Actions need not be directed at any particular program or file, nor is it material whether the intended damage is temporary or permanent.
· Copyright Act
Under Copyright legislation it is illegal to copy software. Every machine must have a purchased licence of the software, though not necessarily an actual set of disks. The only exception to this is that portable PC s which are used by staff who have a licence for the software on their desktop machine, may be covered by the desktop licence. If in doubt, please consult the Information Services Department.
Additionally, the laws on obscenity, libel, sexual and racial harassment apply and individual users are solely responsible for their own actions and the Tavistock & Portman NHS Trust will accept no liability.