Internet and Usage Policy

(1)

Internet and Email Usage Policy

Equality Impact

Great Western Hospitals NHS Foundation Trust (the Trust) strives to ensure equality of opportunity for all service users, local people and the workforce. As an employer and a provider of health care, the Trust aims to ensure that none are placed at a disadvantage as a result of its policies and procedures. This document has therefore been equality impact assessed in line with current legislation to ensure fairness and consistency for all those covered by it regardless of their individuality. This means all our services are accessible, appropriate and sensitive to the needs of the individual. The results are shown in the Equality Impact Assessment Tool at APPENDIX A.

Special Cases

There are no cases where this policy does not apply.

Document No. EDRMS000489NC Version No. 1.0

Approved by Non-clinical PAG Date approved 19/02/2014

Ratified by Information

Governance Steering Group

Date ratified 07/03/2014

Date Implemented 17/03/2014 Next Review Date 07/03/2016

Status Approved

This document applies to: This policy applies to all employees of the

Trust, whether permanent, part-time or temporary (including fixed-term contract). It applies equally to all other staff working for the Trust, including private-sector, voluntary-sector, agency, locum, contract, seconded and volunteer staff who will have access to Trust computing services. For simplicity, they are referred to as ‘employees’ throughout this policy.

Accountable Director Director of Finance and Performance

Policy Author/Originator Head of IT Operations

Implementation Lead Information Governance Manager

If developed in partnership with another agency, ratification details of the relevant agency

(2)

1 Document

Definition

1.1 Introduction

The internet is a collection of worldwide-interconnected computer systems providing access to a variety of information bases known as the World Wide Web (www). The NHS has a national private network (N3), which, as well as having its own private information bases, also acts as a gateway for accessing the internet. For the purposes of this policy, the term “internet” will be used as a generic description of internet and N3 services. The internet is an extremely useful information tool but it is one with inherent security risks and without guarantees of reliability or performance.

Great Western Hospitals NHS Foundation Trust (the Trust) provides access to the vast information resources of the internet to help employees perform their duties more effectively. The facilities to provide that access represent a considerable commitment of resources for telecommunications, networking, software, storage, etc. Unnecessary or unauthorised internet usage causes network and server congestion, and can slow other users and occupy work time without need.

The objectives of this policy are to:

 Identify proper use of the internet and email in support of the organisation’s task;

 Ensure employees are aware of proper conduct when using the internet and email; and,

 Ensure that all employees are responsible, productive internet and email users and that they are protecting the Trust’s public image.

This policy covers the use of services in relation to the internet, Trust email accounts and NHS email accounts. The policy similarly establishes employee responsibility in the use of these. In implementing this policy, the Trust aims to maximise the benefits of internet and email access whilst minimising potential risks.

1.2 Glossary/Definitions

The following terms and acronyms are used within the document:

HSCIC Health and Social Care Information Centre

IGSG Information Governance Steering Group

IM&T Information Management & Technology

IT Information Technology

N3 NHS national private network

NHS National Health Service

NHSmail The NHS web-based mail service (NHSmail)

PC Personal Computer

www World Wide Web

Person-Identifiable Information includes:

 Patient/employee name, date of birth, address, full post code, telephone number;  Pictures, photographs, videos, audio-tapes or other images of patients;

 NHS number and local patient-identifiable codes, National Insurance number;

Anything else that may be used to identify a patient directly or indirectly. For example, rare diseases, drug treatments or statistical analyses which have very small numbers within a small population may allow individuals to be identified.

1.3 Purpose of the Document

This document defines the Internet and Email Usage Policy for the Trust. It aims to ensure the proper use of access to the internet and email by informing staff of what the Trust deems as acceptable and unacceptable use.

(5)

The Trust recognises that the internet is a useful tool to support business activity and the purpose of this policy is to promote reasonable, responsible and well-informed behaviour in the use of Trust provided internet and email services. The primary aim in allowing use of the internet and email is to improve the quality of work and productivity in patient care and research. Access is also encouraged to facilitate and improve health service management activities.

(6)

2 Main

Policy

Content Details

2.1 Access

Access to the internet is through the gateway provided by N3. This gateway allows internal and external email flows, and outbound access only for web browsing, thereby helping to secure all N3 connected sites from probing attacks from other internet users. The services are accessed from the Trust’s network via a dedicated firewall.

Employees are also able to access sites on the N3 network (using nww addresses instead of www), which provides information services similar to those on the internet but within the perimeter of N3. Users are not normally permitted to have stand-alone PC access through a modem or broadband facilities on Trust provided equipment. If there are exceptional circumstances, modem or broadband connections must only be done with the permission of the Network Manager. Users should be aware that modems or broadband connections will not routinely be allowed on PCs which are connected to the Trust network.

2.2 Becoming an Authorised User

Each employee who wishes to access the internet or email must apply to become an authorised user. Their manager must complete the request form shown at Appendix C which outlines the business need for access and send it to the IT Service Desk. The request must be accompanied by a signed copy of the Employee Undertaking (Appendix D) witnessed by the line manager. On authorisation by the IT Support Service Manager (or deputy) the facilities to enable access will be implemented by IT Department staff.

If the application is refused, the IT Service Desk will contact the line manager on behalf of the IT Support Service Manager in order to communicate the reasons for rejection.

All new users must read this policy and sign the declaration before access is granted. The signed declaration will be stored in the employee’s personnel file and a copy will be held by the Employee Services Department.

2.3 User Names and Passwords

Each user is responsible for maintaining the security of his or her individual login and password. Employees must not share their user name or password with anyone. If a breach of security is recorded under a particular employee’s login name, the burden of proof will be with that employee to demonstrate that he or she was not responsible for the breach.

Further information and guidance about password security can be found in the Trust’s IT Equipment Usage Policy (Ref 1)

2.4 Standards of Conduct

As the Trust provides employees with internet and email access, they must view themselves as Trust representatives on the internet or on email systems. All communications, therefore, must be ethical, lawful and professional. Internet “discussion boards”, newsgroups, etc. may only be used to conduct official Trust business, or to gain technical or analytical advice. Trust employees should be aware that internet “discussion boards”, newsgroups etc. may be indexed and referenced allowing others to search and read these. Therefore employees should regard the use of these as public and consider that their Trust/NHS email address may become public.

The use of personal on-line diaries, sometimes known as ‘Blogs’ is strictly prohibited. Online diaries can be indexed and referenced allowing anyone on the internet to search and read these entries. Employees should also make themselves aware of the Trust’s policy as regards the use of social networking sites. Further information can be found in the Social Networking Policy (Ref 2).

(7)

Sending person-identifiable information by email can only be done securely between NHS email accounts. Further information may be referenced in the Trust’s Data Transfer Policy (Ref. 3). Person-identifiable information should not be sent to external addresses (even if they include the extension .nhs.uk using the Trust’s email system. Each employee who has a legitimate need to send this type of information by email should request an NHS.net email address (in addition to their Trust email account) using the process outlined in Section 2.2 above.

Person-identifiable information should never be submitted or entered onto a web site on the internet unless this is for official Trust/NHS business. In such cases these sites must be approved by the Trust. The Information Governance Team must be informed of the information to be transmitted and purposes to which this information will be used.

The use of the internet or email to access, create or transmit offensive, obscene or indecent material is strictly prohibited. In addition any use of the internet or email which is against the Trust’s interests or can harm the Trust’s reputation is also strictly prohibited.

Employees are responsible for the efficient storage and retrieval of emails. Employees must ensure good housekeeping regarding the retention and organisation of emails within their personal folders. Emails are classed as a record and these may be subject to release under the Data Protection Act 1998 and/or the Freedom of Information Act 2000.

The overriding principle is that security is to be everyone’s first concern, and so an internet or email user can be held personally accountable for any breaches of security or confidentiality. Failure to

comply with this policy will lead to investigation under the Trust’s disciplinary procedure, which may result in dismissal and criminal prosecution.

2.5 Delegate Access

Microsoft Outlook has the option to allow another person, known as a delegate to receive and respond to e-mail messages and meeting requests and responses on their behalf. The person granting delegate permission determines the folders the delegate can access and the changes the delegate can make. Additional permissions may be granted that allow the delegate to read, create, or have more control over items in the mailbox.

In exception circumstances, e.g. unexpected long-term absence, the IT Department may grant permission for a Line Manager to have delegate access to the employees mailbox.

If an employee gives delegate access to another employee, this may allow them to access personal and sensitive information inappropriately. The employee who granted the access will be held responsible for any use of this information.

2.6 Communications

Each employee is responsible for the content of all text, audio or images that they place or send over the internet or send by email either internally or externally. All messages communicated in this way must have the employee’s name attached. No message is to be transmitted anonymously or under an assumed name and users must not attempt to obscure the origin of any message.

Internet email must not be used to relay any message of a confidential nature. Instead NHSmail should be used. The security and confidentiality of messages once they leave the Trust’s own network cannot be guaranteed.

2.7 Downloading Information

Only information for Trust business use may be downloaded from the internet onto Trust equipment. Exisintg virus checking software installed on PCs will offer some protection, but may not always be able to detect new viruses.

(8)

2.8 Software

Trust staff are not authorised to load any software onto any Trust computer system without the permission of the IT Department and any attempt to install software is strictly prohibited. If there is a particular one-off requirement to do this, employees should liaise with the IT Service Desk, who will assist with any further precautions, which may be necessary. Normally, only software from known, reputable sources (e.g. NHS Executive) will be permitted, and this must only be used within the terms of the software licence. If this advice is not followed, employees will be personally responsible for any loss of data on their own systems.

2.9 Browser and Email Software

The Trust’s standard internet browser is Microsoft Internet Explorer. The standard email software is Microsoft Office Outlook. Any version changes will be implemented by the IT Department.

2.10 Copyright Issues

Copyrighted materials belonging to organisations or individuals other than the Trust may not be transmitted by employees on the internet or by email. One copy of copyrighted material may be downloaded for an individual’s use in research. Users are not permitted to copy, transfer, rename, add or delete information or programs belonging to other users unless given express permission to do so by the owner. In addition to possible disciplinary action, employees may face legal action by the copyright owner. The Trust will accept no responsibility for any legal action arising from an employee’s infringement of Copyright or Intellectual Property Rights.

2.11 Security & Monitoring

Monitoring and periodic auditing of usage of the internet and email are performed in order to ensure the integrity of the Trust’s systems and compliance with the Health & Social Care Information Centre (HSCIC) Security requirements.

Use of the Trust’s internet and email access facilities is primarily for business-related purposes (see also Section 2.15 below). Employees must be aware that the Trust’s monitoring systems are capable of recording, for every user, each World Wide Web or NHS web site visited, each chat, newsgroup or email message, and each file transfer into and out of the Trust’s internal networks, and that the Trust reserves the right to do so at any time.

The Trust has implemented email-filtering software to reduce the volume of “spam” emails that Trust employees receive within their email inbox. Email filtering requires monitoring and in some cases may require intervention by members of the IT Department (e.g. where a user may require an email to be retrieved from the filter). This level of access will be restricted only to those employees deemed necessary to perform this role.

An employee should not have any expectation of privacy as to his or her internet or email usage. Senior Managers will review internet access and email activity and analyse usage patterns, and they may choose to publicise this data to assure that the Trust’s technical resources are devoted to maintaining the highest levels of professionalism.

In summary, all internet access and email messages are logged and monitored. Monitoring reports will be provided to relevant Managers on a periodic basis or on request. Internet and email logs may be examined where inappropriate or excessive usage is suspected or alleged.

The Trust has installed a variety of mechanisms (e.g. firewalls) to assure the safety and security of its networks. Any employee who attempts to disable, defeat or circumvent any Trust security facility will be subject to immediate suspension pending disciplinary action.

(9)

2.12 Inappropriate Sites

The Trust will make use of its monitoring software and third-party data to identify inappropriate or sexually explicit internet sites. The monitoring systems may block access to all such sites that the Trust becomes aware of.

If an employee finds that they have accidentally connected to a site that contains sexually explicit, pornographic or offensive material, they must make a note of the site address and then disconnect from that site immediately, regardless of whether that site had been previously deemed acceptable by any screening or rating program. The user must then contact the IT Service Desk on 01793 605858 (ext 5858) to report the site, so that it can be blocked from further access and make their line manager aware that this has happened.

Offensive material may include hostile text or images relating to gender, ethnicity, race, sex, sexual orientation, religious or political convictions and disability. This list is not exhaustive. Other than instances, which demand criminal prosecution, the Executive Committee will be the final arbiter on what is or is not offensive material and what is or is not permissible access to the internet.

It must not be assumed that, just because a site is not blocked, it is regarded as an appropriate site.

2.13 Malicious Intent

The Trust’s internet or email facilities must not be used to deliberately propagate any virus, worm, Trojan, or other software intended to cause damage or modification to other systems or data. No employee may use the facilities knowingly to disable or overload any computer system or network, or to circumvent any system intended to protect the privacy or security of another user. Staff must not use Trust internet or email facilities to propagate chain emails.

2.14 Spyware, Ad-ware and Malware

Spyware falls into several categories. At its most basic, spyware consists of programs that track online and offline activities, which are shared with third parties without a user’s consent. Spyware can include system-monitoring tools that record everything from visited sites to chat sessions, while also including key logger programs that capture keystroke information such as usernames and passwords used for online banking.

Adware or advertising-supported software are software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used. It is not uncommon for people to confuse adware with spyware especially since these concepts overlap. For example, if one user installs "adware" on a computer, and consents to a tracking feature, the "adware" becomes "spyware" when another user visits that computer, and interacts with and is tracked by the "adware" without their consent.

Malware (short for Malicious Software) is any program or file that is harmful to a computer user and will damage the computer without the user’s informed consent. Malware usually comprises a mixture of viruses, worms or Trojans plus spyware.

A user should not knowingly or intentionally infect Trust’s PCs with spyware, adware or malware. Trust PCs that have been infected by spyware, adware or malware may have the default home page changed from Trust standard intranet page or have third party search toolbars installed in Internet Explorer. If a user suspects that a PC has been infected with spyware, adware or malware, they should contact the IT Service Desk.

2.15 Spam/Suspicious Email

"Spam" mail is the practice of sending massive amounts of e-mail promotions or advertisements (and scams) to people that have not asked for it. Many times, spam e-mail lists are created by "harvesting" e-mail addresses from discussion boards, newsgroups, online diaries, chat rooms and web pages.

(10)

Therefore employees are advised to consider carefully how they use their Trust/NHSmail email address and whom they release it to as they may find they start to receive spam.

Although the Trust uses a robust email filtering system, it must not be assumed that this will ensure that all non-acceptable material is filtered out.

If a user suspects that an email may contain unacceptable material or appears to be “spam”, they must not open the email, but should contact the IT Service Desk for further advice.

2.16 Non-work Activities

The Trust does not object to non work related enquiries on the internet or private use of email provided that consideration is given to decency, impact on the work of other colleagues and that this usage does not interfere with workload or network performance. Personal, non-business use of the internet or email must not be excessive in terms of frequency, duration, bandwidth or capacity. Employees may use their internet and email facilities for non-business research or browsing during mealtime or other breaks, or outside of work hours, provided that all parts of this usage policy are adhered to.

Employees must be aware that the monitoring of usage referred to in Section 2.10 above records all types of access/traffic, and is unable to distinguish between “work” and “private” use. Employees who are concerned that such monitoring could infringe their personal rights should not make private use of the Trust’s internet or email facilities.

Private access to the internet or email service can be limited or denied by the relevant manager or head of department, and employees must act in accordance with their manager’s local guidelines. The Director of Workforce & Education has the final decision on deciding what constitutes excessive use.

2.17 Internet Radio

Whilst the Trust does not block the use of internet radio, the practice is discouraged because of the high bandwidth required to support such services. The Trust retains the right to deny use of these services if it impacts on legitimate Trust business services.

2.18 Violations

As stated in Section 2.4, violations of any guideline listed will be subject to investigation and may result in action under the Trust’s disciplinary procedure.

2.19 Undertaking

Should an employee have questions regarding the above guidelines or use of the internet and email, they should discuss these with their line manager in the first instance.

All employees granted internet or email access via Trust facilities will be provided with a written copy of this policy. All internet and email users must sign the employee undertaking at Appendix D.

3 Duties and Responsibilities of Individuals and Groups

3.1 Management of Security

The overall responsibility for maintaining and implementing the Trust’s IM&T security policy lies with the Trust’s Director of IM&T. Different elements of this responsibility are delegated to the Head of IT Operations, the IT Support Service Manager and the Information Governance team.

Each director or head of department has the responsibility for the protection of IT assets within the department for which they are the director or head of department.

(11)

Similarly the director or head of department also has the responsibility for the performance of specific security processes or activities, which relate to the system for which they have responsibility. It is recognised that in many cases this responsibility is delegated to line managers within the department.

3.2 Responsibilities of the User

It is the responsibility of all employees within the Trust to ensure that computer systems and the data which is accessed through them are safe and secure. Employees who are authorised to access the internet and email have additional responsibilities relating to security, confidentiality and appropriate use.

3.3 Responsibilities of the IT Department 3.3.1 NHS Requirements

IT Department staff, acting as the delegated agents of the Chief Executive, are responsible for maintaining a safe and secure computing environment in the Trust. More specifically they are responsible for ensuring that the Trust conforms to the NHS information governance and security requirements.

3.3.2 Monitoring Access

The IT Department is responsible for monitoring email traffic and access to internet sites from the Trust. Monitoring of internet access is achieved by the use of audit tools which log, by user name, the sites accessed, the time of day the sites were accessed and for how long, and if a file transfer took place. Similar monitoring facilities are also applied to email.

If usage is considered to be excessive or inappropriate, the Director of IM&T or delegated IT Manager will pass the information to his or her manager for appropriate action. If the logging mechanisms reveal that an employee has been accessing a site identified as offensive, or if it becomes evident that inappropriate email has been communicated, the Director of IM&T or delegated IT Manager must pass the information to his or her manager for appropriate action. It is the responsibility of the Director of IM&T or delegated IT Manager to inform the NHS Information Authority’s Security Co-ordinator of any security breach. Breaches of policy/security will then be subject to investigation under the Trust’s disciplinary procedure.

Monitoring reports will be provided to relevant Managers on a periodic basis and will be made available to line managers on request.

3.3.3 Username and Password Management

The IT Department is responsible for username and password management. This includes:  Setting up new users in accordance with the agreed naming convention

 Issuing passwords  Deleting expired accounts  Disabling dormant accounts

 Removing access rights when employees leave the Trust  Undertaking regular audits to support these functions

No access to the internet, or email systems will be granted without the completed access request form and signed undertaking being submitted to the IT Service Desk (see Appendices C and D).

3.3.4 Virus Control

The IT Department will ensure that every PC capable of connection to the internet or able to access email is fully covered by virus-protection software. The IT Department will also undertake regular updates of such software.

(12)

4 Education and Training Requirements

It is important that there is a mechanism to ensure relevant staff are educated and trained in respect of the requirements of any documents, policies and associated procedures that affect them in their work.

4.1 Education and Training plan

Education and training plan Resources Responsibility Date / Frequency

Induction pack n/a The Academy Bi-monthly

induction sessions Advice & support on the

application of this policy to be offered

None IG Team Ongoing

5 Communication

plan

It is important that there is a mechanism to ensure relevant staff are aware of pertinent documents, policies and associated procedures that affect them in their work. Set out below is a Communication Action Plan for this document.

5.1 Communication Action Plan

Communication task Resources Responsibility Date / Frequency

Document to be uploaded to intranet

Via EDRMS Policy and

Governance Officer When document approved Notification of published document To be included in Trust-wide comms Marketing and Communication Team When document approved Notification of published document to be sent to

directorates for managers to draw to staff attention

Via email Policy and

Governance Officer

When document approved

5.2 Distribution and Communication Channels

Distribution/communication channel Contact

Trust-wide Communications Communications and Marketing Team

(13)

6 Monitoring Compliance and Effectiveness of Implementation

The arrangements for monitoring compliance are outlined in the table below: - Measurable policy objectives Monitoring / audit method Monitoring responsibility (individual / group /committee) Frequency of monitoring Reporting arrangements (committee / group to which monitoring results are presented)

What action will be taken if gaps are identified? Amount of usage in terms of length of time, time of day used and sites visited. Websense (internet usage reports) Network Manager Monthly / ad-hoc on request Reports sent to General Managers The IG Team would develop an action plan for approval by the IG Steering Group. This would be monitored at the monthly meetings and closed once recommendations were implemented. Review incoming email that is quarantined. Email quarantine reports IT Technical Manager Weekly Contact recipients if in doubt Review incoming and outgoing email. Email – using email enterprise vault email archive.

IG Team Ad-hoc Report made to

line manager Deployment of the Anti-virus updates / check the system is downloading to the server Report runs automatically from the anti-virus system software IT Technical Team Daily Head of IT Operations (if anything untoward is noted) Review report of anti-virus software uploads to check for PCs that have not been updated

Report run from the anti-virus software system

Head of IT Operations

Monthly Report allows

the IT Dept to update any active PCs that do not have the software

installed.

7 Review Date, Arrangements and Document Details

7.1 Regulatory Position

 Data Protection Act 1998

 Freedom of Information Act 2000  Computer Misuse Act 1990  Caldicott Principles

 NHS Code of Practice: Information Security Management (April 2007)

7.2 Acute and Maternity Standards Criterion

(14)

7.3 References, Further Reading and Links to Other Policies

The following is a list of other policies, procedural documents or guidance documents (internal or external) which staff should refer to for further details:

Ref. No. Document Title Document Location

1 IT Equipment Usage Policy Intranet

2 Social Networking Policy Intranet

3 Data Transfer Policy Intranet

7.4 Review Date

This document will be reviewed every two years in accordance with the Trust’s agreed process for reviewing Trust wide documents.

7.5 Consultation Comments

(15)

Appendix A – Equality Impact Assessment Tool

1 Document Title: Internet and Email Usage Policy

Yes/No Comments

2 Does this document contain the Trust’s statement on Equality?

Yes

3 Does the document affect one group less or more favourably than another on the basis of:

 Age? No

 Culture? No

 Disability? No

 Ethnic origins (including gypsies and travellers)?

No

 Gender? No

 Gender re-assignment? No

 Marriage and civil partnerships? No

 Nationality? No

 Pregnancy and maternity? No

 Race? No

 Religion or belief? No

 Sexual orientation including gay, lesbian and bisexual people?

No 4 Is there any evidence that some

groups are affected differently?

No 5 If you have identified potential

discrimination, are any exceptions valid, legal and/or justifiable?

N/A

6 Is the impact of the policy/guidance likely to be negative?

No

7 If so can the impact be avoided? N/A

8 What alternatives are there to achieving the policy/guidance without the impact?

N/A

9 Can the impact be reduced by taking different action?

N/A

f you have identified a potential discriminatory impact of the document, please refer it to the Company Secretary, together with any suggestions as to the action required to avoid/reduce this impact.

For advice in respect of answering the above questions, please contact the Company Secretary or Policy Governance Officer

Reviewed by: Glyn Rowe Date: 21/01/2014

(16)

Appendix B – Quality Impact Assessment Tool

Purpose

To assess the impact of individual policies and procedural documents on the quality of care provided to patients by the Trust both in acute settings and in the community.

Process

The impact assessment is to be completed by the document author. In the case of clinical policies and documents, this should be in consultation with Clinical Leads and other relevant clinician representatives.

Risks identified from the quality impact assessment must be specified on this form and the reasons for acceptance of those risks or mitigation measures explained.

Monitoring the Level of Risk

The mitigating actions and level of risk should be monitored by the author of the policy or procedural document or such other specified person.

High Risks must be reported to the relevant Executive Lead.

Impact Assessment Please explain or describe as applicable.

1. Consider the impact that your document will have on our ability to deliver high quality care.

The use of internet and email services is essential for Trust employees to allow access to up-to-date information and as a means of fast communication both within and outside of the organisation.

2. The impact might be positive (an improvement) or negative (a risk to our ability to deliver high quality care).

Employees need guidance to ensure that they use the internet and email services in a positive way that will assist the Trust to deliver its objectives.

3. Consider the overall service - for example: compromise in one area may be mitigated by higher standard of care overall.

n/a 4. Where you identify a risk, you must include identify

the mitigating actions you will put in place. Specify who the lead for this risk is.

Identified risks will be assessed and recommendations made to ensure that appropriate controls are in place.

Impact on Clinical Effectiveness & Patient Safety

5. Describe the impact of the document on clinical effectiveness. Consider issues such as our ability to deliver safe care; our ability to deliver effective care; and our ability to prevent avoidable harm.

Effective use of the internet and email services ensures that the Trust can deliver safe, effective care to its patients. Readily available

information supports decision-making and may be needed to meet legal requirements.

Impact on Patient & Carer Experience

6. Describe the impact of the policy or procedural document on patient / carer experience. Consider issues such as our ability to treat patients with dignity and respect; our ability to deliver an efficient service; our ability to deliver personalised care; and our ability to care for patients in an appropriate physical

environment.

Having access to the internet and a means of communicating with other health professionals quickly and

effectively ensures that employees can keep themselves informed of any new developments in the provision of healthcare.

Impact on Inequalities

7. Describe the impact of the document on inequalities in our community. Consider whether the document will have a differential impact on certain groups of patients (such as those with a hearing impairment or those where English is not their first language).

(17)

Appendix C - Internet / Email Access Request Form

PLEASE COMPLETE ALL SECTIONS

Any incomplete forms will be returned to the Line Manager for further completion. To: IT Support Service Manager

From: ... Line Manager or Head of Department

Ext No: ...

I Request Access to Internet / Email for:

Full Name: ... Job Title: ... DOB: ... ID Badge No: ... Extension No: ... Bleep No: ... Name of Line Manager: ... Department / Ward: ... Directorate: ...

The above information helps to provide you with appropriate IT services and confirm your identity when dealing with IT issues.

Please tick all box(es) that apply, to indicate the type(s) of access being requested:

Trust email account NHSmail (NHS.net) Internet access

Why is access to the Internet / Email required?

... Please outline any restrictions (e.g. days, times etc):

...

Line Manager’s Undertaking:

The applicant has been fully briefed on the risks and advantages of INTERNET and EMAIL access and a copy of the signed Employee undertaking is attached.

It is understood that any unforeseen costs associated with this application will be borne by this Department – further details will be supplied by the IT Department if this is the case.

Signed: ... Date: ... Name: ... For IT Department use only

Call Ref No: Date of receipt of completed

employee declaration: Access is

authorised? YES / NO If NO, reason(s) for not granting access:

(18)

Appendix D - Undertaking to be signed by Employee

"I have received a written copy (in induction starter pack) and have access to an electronic copy of Great Western Hospitals NHS Foundation Trust’s Internet and Email Usage Policy. I fully understand the requirements of this policy and agree to abide by them. I realise that the Trust’s security software may record, for management use, the internet address of any site that I visit and may keep a record of any email which I send and any other network activity by me, including activity by which I transmit or receive any kind of file. I acknowledge that details of any message I send or receive will be recorded and stored for management reporting. I understand that any violation of this policy could lead to dismissal or even criminal prosecution."

Signed: ... Name (print): ... Post: ... Department: ... Directorate: ... Date: ...

The original (not copy) of this form should be sent, along with the request for access, to: IT Support Service Manager

Great Western Hospitals NHS Foundation Trust IT Department

IM&T Offices

Urgent requests can be faxed to the IT Service Desk on extension 5852, but the original should also be sent.

A copy of this form should be retained by the line manager for future reference.

After processing by the IT Service Desk, this form will be forwarded to the Employee Services Department for retention on your personnel file.