Kirklees PCT Email Policy
Policy Version: Issued by: Issue date: Review date:
5.1 (September 2006) – Final version Health Informatics Service, Information Governance Team September 2006 September 2009
Page of 7
1
1.
INTRODUCTION
1.1
This document defines the Email Policy for Kirklees PCT (referred to hereafter as the PCT). The Email Policy applies to all business functions and all information contained within the email system. This document: a. Sets out the PCT’s policy for the protection of the confidentiality of information and the integrity and availability of the email system; b. Establishes PCT and user responsibilities for the email system; c. Provides reference to documentation relevant to this policy.
1.2 The purpose of this policy is to ensure the proper use of the PCT’s email system and to make Users aware of what the PCT deems as acceptable and unacceptable use of its email system. 1.3
If there is evidence that any User is not adhering to this policy, this will be dealt with under the PCT Disciplinary Procedure.
1. OBJECTIVE 2.1
The objective of this policy is to ensure the security of the PCT’s email system. To do this the Director of Performance and Information will manage the Service Level Agreement with The Health Informatics Service to: a. Ensure Availability Ensure that the email system is available for Users; b. Preserve Integrity Protect the email system from unauthorised or accidental modification of the PCT’s information; c. Preserve Confidentiality Protect the PCT’s information against unauthorised disclosure.
3. 3.1
E-MAIL AND THE LAW Email is a business communication tool and Users are obliged to use this tool in a responsible, effective and lawful manner. Although by its nature email seems to be less formal than other written communication, the same laws apply. Therefore, by following this policy, the email User can minimise the legal risks involved in the use of email:d. You must not send emails with any libellous, defamatory, offensive, harassing, racist, homophobic, obscene or pornographic remarks or depictions, you and the PCT can be held liable; e. You must not forward emails with any libellous, defamatory, offensive, harassing, racist, homophobic, obscene or pornographic remarks or depictions, you and the PCT can be held liable. If you receive an email of this nature, you must promptly notify your supervisor; f. You must not unlawfully forward confidential information, you and the PCT can be held liable. Do not forward a confidential message without acquiring permission from the sender first; g. You must not knowingly send an attachment that contains a virus, you and the PCT can be held liable; h. You must not send unsolicited email messages; Page of 7
2
You must not forge or attempt to forge email messages; j. You must not send email messages using another persons email account; k. You must not knowingly breach copyright or licensing laws when composing or forwarding emails and email attachments. See Appendix A for definitions. PCT RESPONSIBILITIES The PCT will ensure that all Users are properly trained before using the email system. i.
4. 4.1 4.2
The PCT will ensure that Users of the email service are aware of policies, protocols, procedures and legal obligations relating to the use of email. This will be done through training and staff communications at departmental and PCT-wide levels.
5. ACCESS TO THE EMAIL SYSTEM 5.1 Authorised access to the email system is obtained by applying to The Health Informatics Service, IT Service Desk (CRH ex 2600, 01422 222600 or 0845 1272600). 5.2
Users will be sent a Code of Connection agreement, and relevant policies, which they must familiarise themselves with.
5.3
Users are responsible for ensuring unauthorised Users do not use their email account.
6. SENSITIVE PERSONAL INFORMATION 6.1 Email is an insecure system. Therefore, sensitive personal information (i.e. that relating to identifiable individuals) or commercially sensitive information MUST NOT be sent by email, unless it is encrypted to NHS standards using software approved by the PCT. Note : your general mail account set up by the PCT is not yet encrypted (meaning of encrypted – the practice of encoding data in order to prevent any but the intended recipient from reading it). 7. BEST PRACTICES 7.1 The PCT considers email as an important means of communication and recognises the importance of proper email content and speedy replies in conveying a professional image and delivering good customer service. Therefore the PCT wishes to encourage Users to adhere to the following guidelines: a. Write well-structured emails; b. Include your name, job title and PCT name; c. Use the spell checker before you send out an email; d. Do not print emails unless you really need to for work purposes. Emails can be saved, if you need to keep them; e. If you need a reply to your email by a particular date let the recipient know this; f. If you forward mails, state clearly what action you expect the recipient to take; g. Only mark emails as important if they really are important; h. Ensure you send your email only to people who need to see it. Sending emails to all in your address book can unnecessarily block the system; Page of 7
3
i.
Emails should be treated like any other correspondence and should be answered as quickly as possible; j. Delete any email messages that you do not need to have a copy of. k. Remember that emails can be requested under the Freedom of Information Act. Store any emails containing information likely to be requested e.g. spending of public money/development of services, in a separate folder to allow easy, efficient retrieval.
8. PERSONAL USE 8.1 Although the PCT’s email system is meant for business use, the PCT allows the reasonable use of email for personal use if certain guidelines are adhered to: a. Personal use of email should not interfere with work; b. Personal emails must also adhere to this policy; c. Personal emails should be kept in a separate folder, named ‘Private’. The emails in this folder must be deleted regularly so as not to clog up the system. Under appropriate circumstances where the PCT feels that this policy has not been complied with, the PCT may look at this folder; d. The forwarding of chain letters, junk mail and executables is forbidden. The sending of unsolicited mail is considered by many Users as wasteful of user time and can also disrupt the service for other Users; e. The PCT reserves the right to manage a mailbox on behalf of an individual. Please read appendix A (includes definitions). 9. COMPUTER VIRUS INFECTION 9.1 If you suspect that you have received a virus by email - telephone The Health Informatics Service Desk immediately (CRH ex 2600, 01422 222600 or 0845 1272600.) Do not attempt to remove the virus yourself. The IT Service Desk will need to know what virus it isa. Do not switch off your PC unless told to do so by the IT Service Desk. b. Where you suspect the presence of a virus, do not send any further e-mail until the IT Service Desk have confirmed that it is safe to do so. 10. SYSTEM MONITORING 10.1 All emails are automatically monitored for viruses and to maintain the size of accounts. All email traffic (incoming and outgoing) is logged automatically. These logs are audited periodically. 10.2 The content of emails is not routinely monitored. However, the PCT reserves the right to inspect, monitor and retain message content as required to meet legal, statutory and business obligations. 10.3 If there is evidence that you are not adhering to this policy, this will be dealt with under the PCT Disciplinary Procedure. 11 EMAIL ACCOUNTS 11.1 All email accounts maintained on PCT email systems are the property of the PCT. Page of 7
4
12 TRAINING 12.1If you require User training in basic computer skills or the use of e-mail please contact the IMT Education, Training Development department on:Huddersfield 01484 342081; Kirklees 01422 222578. 13 QUESTIONS 13.1 If you have any questions or comments about this Email Policy, please contact the Confidentiality and IM&T Security Officer (THIS) on 01484 466042. 13.2 If you do not have any questions the PCT presumes that you understand and are aware of the rules and guidelines in this Email Policy and will adhere to them. 14 LEGAL REFERENCES Copyright, Designs & Patents Act 1988 Access to Health Records Act 1990 Computer Misuse Act 1990 The Data Protection Act 1998 The Human Rights Act 1998 Electronic Communications Act 2000 Regulation of Investigatory Powers Act 2000 Freedom of Information Act 2000 Environmental Information Regulations 2004 (EIRs) Health & Social Care Act 2001 15 ASSOCIATED DOCUMENTS (Policies, protocols and procedures) Information Security Policy - Kirklees PCT Network Security Policy - Kirklees PCT Remote Access Policy - Kirklees PCT Internet Policy - Kirklees PCT Harassment At Work Policy - Kirklees PCT Disciplinary Procedure - Kirklees PCT Confidentiality Policy Statement and guidance – Kirklees PCT
Page of 7
5
APPENDIX A 1 1.1
DEFINITIONS Defamation & libel What is defamation & libel? A published (spoken or written) statement or series of statements, which affects the reputation of a person or an organisation and exposes them to hatred, contempt, ridicule, being shunned or avoided, discredited in their trade, business, office or profession, or pecuniary loss. If the statement is not true then it is considered slanderous or libellous and the person towards whom it is made has redress in law. What you must not do Make statements about people or organisations in any email that you write without verifying their basis in fact. Note that forwarding an email with a slanderous or libellous statement also makes you liable.
1.2
Harassment What is harassment? Any unwarranted behaviour, which is unreasonable, unwelcome or offensive. This may include physical contact, comments or printed material, which causes the recipient to feel threatened, humiliated or patronised. Harassment takes many forms. It can range from extreme forms such as violence and bullying, to less obvious actions like ignoring someone at work. Whatever the form, it will be unwanted behaviour that is perceived as unwelcome and unpleasant by the recipient. Harassment can be on a variety of grounds, including sex/gender, race, sexual orientation, mental status, age, physical/mental disability. Note that this list is not exhaustive. What you must not do Use email to harass other members of staff by sending messages that they consider offensive or threatening.
1.3
Pornography What is pornography? Pornography can take many forms. For example, textual descriptions, still and moving images, cartoons and sound files. Some pornography is illegal in the UK and some is legal. Pornography that is legal in the UK may be considered illegal elsewhere. Because of the global nature of email these issues must be taken into consideration. Therefore, the PCT defines pornography as the description or depiction of sexual acts or naked people that are designed to be sexually exciting. The PCT will not tolerate its facilities being used for this type of material and considers such behaviour to constitute a serious disciplinary offence. What you must not do • Send, deliberately view or forward emails containing pornography. If you receive an email containing pornography you should report it to the Confidentiality and IM&T Security Officer (THIS) or your supervisor. • Send, deliberately view or forward emails with attachments containing pornography. If you receive an email with an attachment containing pornography you should report it to the Confidentiality and IM&T Security Officer (THIS) or your supervisor. Page of 7
6
• Save pornographic material that has been transmitted to you by email. What are the consequences of not following this policy? • Users and/or the PCT can be prosecuted or held liable for transmitting or downloading pornographic material, in the UK and elsewhere. • The reputation of the PCT will be seriously questioned if its systems have been used to access or transmit pornographic material and this becomes publicly known. • Users found to be in possession of pornographic material, or to have transmitted pornographic material, will be dealt with under the PCT Disciplinary Procedure. 1.4 Copyright What is copyright? Copyright is a term used to describe the rights under law that people have to protect original work they have created. The original work can be a computer program, document, graphic, film or sound recording, for example. Copyright protects the work to ensure no one else can copy, alter or use the work without the express permission of the owner. Copyright is sometimes indicated in a piece of work by this symbol ©. However, it does not have to be displayed under British law. So a lack of the symbol does not indicate a lack of copyright. In the case of PCT standard use computer software, the PCT purchases licences on behalf of its Users. What you must not do • Alter any software programs, graphics etc without the express permission of the owner. • Claim someone else’s work is your own • Send copyrighted material by email without the permission of the owner. This is considered copying. 1.5 Unsolicited Email What is unsolicited email? Electronic mail which is unrequested by the recipient and is of an advertising, promotional or humorous nature.
2
FURTHER INFORMATION If you would like any further information please do not hesitate to contact the Confidentiality and IM&T Security Officer (THIS) on 01484 466042.
Page of 7
7