This Document Defines the Email Policy for Rotherham CCG. the Email Policy Applies to All

Title: / Email Usage Policy & Procedures
Reference No: / 002/IT
Owner: / Deputy Chief Officer
Author / Derek Stowe, IG Assurance and Security Manager, TRFT
First Issued On: / August 2007
Latest Issue Date: / March 2013
Operational Date: / February 2015
Review Date: / December 2016
Consultation Process
Ratified and approved by: / Governing Body March 2015
Distribution: / All staff and GP members of the CCG.
Compliance: / Mandatory for all permanent and temporary employees of Rotherham CCG.
Equality & Diversity Statement: / In applying this policy, the Organisation will have due regard for the need to eliminate unlawful discrimination, promote equality of opportunity, and provide for good relations between people of diverse groups, in particular on the grounds of the following characteristics protected by the Equality Act (2010); age, disability, gender, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, and sexual orientation, in addition to offending background, trade union membership, or any other personal characteristic.
Policy title: / RotherhamCCG Email Usage Policy & Procedures
Issue date: / 01/08/07 / Review date: / 17/12/14
Version: / 3.0 / Issued by: / Rotherham CCG
Aim: / To ensure proper usage of RotherhamCCG’s Email system
Scope: / Establish rules for sending, receiving and the storing of electronic mail whilst making all users aware of what Rotherham CCG deems acceptable and unacceptable use of its email system.
Associated documentation: / Legal Framework: The Data Protection Act (1998), Computer Misuse Act (1990), Freedom of Information Act (2000)
Appendices: / Appendix A: Best Practice Guidance
Appendix B: Definitions
Appendix C: Using Rotherham CCG Email and NHS Mail for sending or receiving Personal Identifiable Information
Approved by:
Date:
Review and consultation process: / Review as required by Rotherham CCGGoverning Body/Operational Executive
Responsibility for Implementation & Training: / Implementation: TRFT Health Informatics Service
Training:Rotherham CCG Departmental Managers

HISTORY

Revisions:
Date: / Author: / Description:
08/11/04 / D Stowe / First Draft
30/03/05 / D Stowe / Second Draft
23/08/05 / D Stowe / Third Draft
17/11/05 / I Lancaster / Fourth Draft
24/01/06
27/10/06
12/12/06
22/01/07
12/11/08
08/06/10
09/06/10
11/08/10
14/09/12
17/12/14 / D Stowe
D Stowe
D Stowe
D Stowe
D Stowe
D Stowe
D Stowe
D Stowe
D Stowe
D Stowe / Fifth Draft
Sixth Draft
Seventh Draft
Eighth Draft
Addition of guidance supporting the sending and receiving of personal data including patient data
Changed all PCT references to NHSR.
Change logo to NHSR
Added ‘to an external organisation’ to 7.1
Added ‘(for more details on what you can send, see the end of this document)’ to 7.1
Changed IT Help Desk to IT Service Desk
Included Appendix C:
Changed all references to NHS Rotherham to read Rotherham CCG
Changed all references to NHS Rotherham IT Service to RFT IT Service
Changed all references to NHSR to CCG
Changed main logo.
Policy reviewed and updated to reflect organisational changes that have occurred since the last review. Posts and accountability updated.
Distribution methods: / Intranet
Internet

INTRODUCTION

This document defines the Email Policy for Rotherham CCG. The Email Policy applies to all business functions and information of the email system and relevant people who support the system. This document:

• Sets out the Organisation’s policy for the protection of the confidentiality, integrity and availability of the email system.
• Establishes Organisation and user responsibilities for the email system.
• Provides reference to documentation relevant to this policy.

1.POLICY OBJECTIVES

The objective of this policy is to ensure the security, integrity and effectiveness of Rotherham CCG’s email system in accordance with the CCG’s values. The Organisation will:

1.1.Ensure Availability

Ensure that the email system is available for users.

1.2.Preserve Integrity

Protect the email system from unauthorised or accidental modification ensuring the accuracy and completeness of the Organisation’s assets.

1.3.Preserve Confidentiality

Protect assets against unauthorised disclosure.

The purpose of this policy is to ensure the proper use Rotherham CCG‘s email system and make users aware of what the organisation deems as acceptable and unacceptable use of its email system in accordance with it’s values and legal requirements. Email is an excellent medium for certain forms of communication but overuse or inappropriate use can lead to work stress and an inefficient use of CCG resources.

2.Legal RISKS

Email is a business communication tool and users are obliged to use this tool in a responsible, effective and lawful manner. Although by its nature email seems to be less formal than other written communication, the same laws apply. Therefore, it is important that users are aware of the legal risks of email:

2.1.If you send emails with any libellous, defamatory, offensive, harassing, racist, obscene or pornographic remarks or depictions, you and the Organisation can be held liable.

2.2.If you forward emails with any libellous, defamatory, offensive, harassing, racist, obscene or pornographic remarks or depictions, you and the Organisation can be held liable.

2.3.If you unlawfully forward confidential information, you and the Organisation can be held liable.

2.4.The Organisation can be held liable if an email is sent from it that contains a virus. If you knowingly send an attachment that contains a virus, you can also be held liable.

By following the guidelines in this policy, the email user can minimise the legal risks involved in the use of email and ensure it is operated in accordance with the CCG’s values. If any user disregards the rules set out in this email Policy, the user will be fully liable and may be subject to disciplinary action by the Organisation.

3.ORGANISATION RESPONSIBILITIES

3.1.TRFT Health Informatics Service and Line Managers will endeavour to ensure that all users are properly trained before using the email system. The TRFT Health Informatics Service will ensure arrangements are in place to achieve this objective.

3.2.The Organisation will take all reasonable steps to ensure that users of the email service are aware of policies, protocols, procedures and legal obligations relating to the use of email. This will be done through training and staff communications at departmental and Organisation-wide levels, including departmental induction.

4.ACCESS TO THE EMAIL SYSTEM

4.1.All staff should complete the necessary documentation to be a registered user on the network and have an email account. Completing this documentation means you have read and agree to the CCG Email Policy. Departmental Managers will need to agree to the account creation by counter-signing the document.

5.Legal requirements

The following rules are required by law and are to be strictly adhered to:

5.1.It is strictly prohibited to send or forward emails containing libellous, defamatory, offensive, harassing, racist, obscene or pornographic remarks or depictions. If you receive an email of this nature, you must promptly notify your supervisor. In addition, all CCG employees are required to act in accordance with the CCG’s values and policies at all times and this includes not sending any emails which could constitute harassment, inappropriate behaviour, or direct or indirect discrimination of any sort. Upon notification, Supervisors must immediately inform the Line Manager who will contact the Information GovernanceLeadand HR Manager to determine the appropriate course of action. Where appropriate, the line manager will take disciplinary action in accordance with the CCG Disciplinary Procedure.

5.2.Do not forward a confidential message without acquiring permission from the sender first.

5.3.Do not send unsolicited email messages. The definition of this is electronic mail that is unrequested by the recipient and is of an advertising or promotional nature and can include spam.

5.4.Do not forge or attempt to forge email messages.

5.5.Do not send email messages using another person’s email account except where explicitly agreed as part of delegated authority e.g. personal secretary on behalf of senior management. Delegated authority to ‘send on behalf of’ is acceptable.

5.6.Do not breach copyright or licensing laws when composing or forwarding emails and email attachments.

6.Personal Use

Although the CCG’s email system is meant for business use, CCG allows the reasonable use of email for personal use if certain guidelines are adhered to:

6.1.Personal use of email must not interfere with work.

6.2.Personal emails must also adhere to the guidelines in this policy, must not breach any of the CCG’s Policies or Procedures and must not be used for personal adverts or personal gain.

6.3.Personal e-mails must not be sent to Organisation wide distribution lists.

6.4.Personal emails should be kept in a separate folder, named ‘Private’. The emails in this folder should be deleted weekly so as not to clog up the system.

6.5.The forwarding of chain letters, junk mail, jokes and executables (programs) is strictly forbidden.

6.6.Employees should not expect any email message composedreceived or sent using Rotherham CCG’s email system to be for private viewing only.

If in doubt about the appropriateness of an email, ask permission from your line or departmental manager.

7.SENSITIVE PERSONAL INFORMATION

7.1.Email is an insecure system. Sensitive personal information (i.e. that relating to identifiable individuals – staff, patients or others) or commercially sensitive information MUST NOT be sent by email to an external organisation unless it is encrypted to NHS standards using software approved by the Organisation (for more details on what you can send, see the end of this document).

Prior to sending any sensitive information by email, please contact the IT Services department for advice.

8.System Monitoring

8.1.All emails are monitored for viruses. All email traffic (incoming and outgoing) is logged automatically. The logs do not include email content. These logs are audited periodically.

8.2.The content of emails is not routinely monitored; however the CCG reserves the right to retain message content as required to meet legal and statutory obligations and to view the content of any email after notification to the author unless email content is being monitored as part of an official investigation.

8.3.If there is evidence that you are not adhering to the guidelines set out in this policy, the CCG reserves the right to examine PC usage/content and to take disciplinary action, which may lead to a termination of contract and/or legal action.

9.Email accounts

9.1.All email accounts maintained on our email systems are the property of Rotherham CCG.

10.Questions

If you have any questions or comments about this Email Policy, please contact the TRFT IT Service or your line/departmental manager otherwise the CCG presumes that you understand and are aware of the requirements of the Email Policy and will adhere to them.

APPENDIX A: Best Practice Guidance

CCG considers email as an important means of communication and recognises the importance of proper email content and speedy replies in conveying a professional image and delivering good customer service. Therefore the Organisation wishes users to adhere to the following guidelines:

• Do not use the ‘!All CCG Users’ address unless agreed as appropriate with line management. The TRFT IT Service will follow up inappropriate use.

• Write well-structured emails and use short, descriptive subjects.
• Do not use the CCG email system as a file storage area. Attachments should be saved if necessary to the correct area on the file system provided by the CCG.
• Email should be archived on a regular basis after which non essential email should be removed from the Inbox, Sent Items and Deleted Items folders. Information on archiving is available from the TRFT IT Service.
• CCG’s email style is informal. This means that sentences can be short and to the point. For example you can start your email with ‘Hi’, or ‘Dear’, and the name of the person. Messages can be ended with ‘Best Regards’ but this is not compulsory. The use of abbreviations and characters such as Smileys however, is not encouraged.
• Signatures must include your name, job title and Organisation name.
• Use the spell checker before you send out an email.
• Do not send unnecessary attachments.
• Do not write emails in capitals. This appears as if you are shouting and is considered rude.
• Do not print emails unless you really need to for work purposes. Emails can be saved, if you need them. Use recycled paper no longer required such as papers from meetings.
• If you need a reply to your email by a particular date let the recipient know this and allow a reasonable timescale.
• If you forward mails, state clearly what action you expect the recipient to take.
• Only send emails the content of which the content could be displayed on a public notice board.
• Only mark emails as urgent or of high importance if they really are urgent or important.
• Ensure you send your email only to people who need to see it. Sending emails to all in your address book can unnecessarily block the system and cause work stress to receivers.
• Emails should be treated like any other correspondence and should be answered as quickly as possible in accordance with their priority.
• Delete any email messages that you do not need to have a copy of.
• If you suspect you received a virus by email, do not switch off your PC and telephone the IT Service Desk immediately (308844).
• Do not attempt to remove the virus yourself. The Service Desk will need to know what virus it is.
• Take responsibility for your email in the same way you would a hard copy letter.
• Do not assume that the receiver instantly received and is able to deal with your email just because you have sent it instantly e.g. allow for reasonable timescales enabling the receiver to action/respond.
• Do not assume that just because it’s easier for you to send attachments by email that staff find it easier to access the information in this way e.g. for regular meetings with numerous attachments, check with members how they wish to receive papers.

APPENDIX B: Definitions of terms used in the email policy

DEFINITIONS

1. Defamation & libel

What is defamation & libel?

A published (spoken or written) statement or series or statements that affects the reputation of a person (a person can be a human being or an organisation) and exposes them to hatred, contempt, ridicule, being shunned or avoided, discredited in their trade, business, office or profession, or pecuniary loss. If the statement is not true then it is considered slanderous or libellous and the person towards whom it is made has redress in law.

What you must not do

Make statements about people or organisations in any email that you write without verifying their basis in fact. Note that forwarding an email with a slanderous or libellous statement also makes you liable.

What are the consequences of not following this policy?

You and CCG may be subject to expensive legal action.

1. Harassment, Bullying and Discrimination

What is harassment, Bullying and Discrimination?

CCG requires staff to act in accordance with CCG’s values and the standards contained in its corporate policies including its Policy and Procedure on Bullying and Harassment. Full details are available on the HR website page of the CCG Intranet.

What you must not do

Use the email system to harass other members of staff by sending or forwarding messages that they may consider offensive or threatening or which could constitute discrimination.

Definitions

Harassment

CCG recognises harassment as being any conduct based on any grounds which has the effect of violating someone’s dignity or creates an environment that is hostile, intimidating, degrading or offensive to a person and which is unreciprocated or unwanted.

Harassment can constitute:

• Persistent incidents or a single serious incident
• Unwanted physical contact
• Verbal abuse (jokes, name calling, rumours, propositions)
• Written abuse (email, faxes, letters, posters)
• Explicit or covert behaviour
• Stalking.

Bullying

Bullying is recognised byCCG as unwanted behaviour where an individual abuses a position (real or perceived) of power or authority over another. This could include unwanted behaviour by an employee to another employed in a more senior post than the perpetrator.

Bullying behaviour tends to have the following characteristics:

• accumulation of small incidents over a period of time.
• bullying can be subtle or insidious behaviour which may wear a person down over a period of time.
• each incident tends to be trivial on its own and out of context does not constitute a disciplinary offence.
• there are often no witnesses.

What are the consequences of not following this policy?

The CCGtakes harassment, bullying and discrimination very seriously and provides support to staff involved in such incidents. Those perpetrating harassment, bullying or discrimination are also subject to the CCG’s Disciplinary procedure,which could lead to their dismissal.

1. Pornography

What is pornography?

Pornography can take many forms. For example, textual descriptions, still and moving images, cartoons and sound files. Some pornography is illegal in the UK and some is legal. Pornography considered legal in the UK may be illegal elsewhere. Because of the global nature of email these issues must be taken into consideration. The CCG will not tolerate its facilities being used for this type of material and considers such behaviour to constitute a serious disciplinary offence.

What you must not do

• Send or forward emails containing pornography. If you receive an email containing pornography you should report it to the Helpdesk or your supervisor.
• Send or forward emails with attachments containing pornography. If you receive an email with an attachment containing pornography you should report it to the Helpdesk or your supervisor.
• Save pornographic material that has been transmitted to you by email.

What are the consequences of not following this policy?

• Users and/or CCG can be prosecuted or held liable for transmitting pornographic material in the UK and elsewhere.
• The reputation ofCCG will be seriously questioned if pornographic material has been transmitted and this becomes publicly known.
• Users found to be in possession of pornographic material, or to have transmitted pornographic material, may be subject to CCG disciplinary action.

1. Copyright

What is copyright?