Email & Internet Usage Policy

Policy

All staff within the practice are to assist in mitigating security risks. This includes being aware of the risks associated with email and internet usage.

All staff are to use the internet, email and secure messaging in a manner which meet our privacy obligations and are to use such resources in a respectful and professional manner. 


Procedures

To avoid unnecessary risk to information systems, the following applies: 


Internet usage

Use of the Internet by employees is encouraged where such use is consistent with their work and with the goals and objectives of Tatiara Medical Centre in mind.


Reasonable personal use is permissible subject to the following:

  • Users must not participate in any online activities that are likely to bring Tatiara Medical Centre into disrepute, create or transmit material that might be offensive or incur liability on the part of the business, or adversely impact on the image of Tatiara Medical Centre.
  • Users must not visit, view or download any material from an internet site which contains illegal or inappropriate material. This includes, but is not limited to, pornography (including child pornography), obscene matter, race hate material, violence condoning messages, criminal skills, terrorism, cults, gambling and illegal drugs.
  • Users must not knowingly introduce any form of computer virus into Tatiara Medical Centre’s computer network.
  • Personal use of the internet must not cause an increase for significant resource demand, e.g. storage, capacity, speed or degrade system performance.
  • Users must not “hack into” unauthorised areas.
  • Users must not download commercial software or any copyrighted materials belonging to third parties, unless such downloads are covered or permitted under a commercial agreement or other such licence.
  • Users must not use the internet for personal financial gain.
  • Users must not use the Internet for illegal or criminal activities, such as, but not limited to, software and music piracy, terrorism, fraud, or the sale of illegal drugs.
  • Users must not use the internet to send offensive or harassing material to other users.
  • Use of the internet for personal reasons (e.g. online banking, shopping, information surfing) must be limited, reasonable and done only during non-work time such as lunch-time.
  • Use of gambling sites, online auction sites and social networking sites such as, but not limited to, Facebook, LinkedIn, YouTube, Twitter, Bebo, Flickr, MySpace etc. is not permissible, unless for work purposes.
  • Staff may face disciplinary action or other sanctions (see below) if they breach this policy and/or bring embarrassment on Tatiara Medical Centre or bring it into disrepute.

This practice uses antivirus, anti-malware and anti-spyware which are centrally installed and managed and locally deployed.

Staff members have full accountability for internet sites accessed on their workstations and are expected to utilise this tool in an acceptable manner.


Email usage

Emails sent or received on the email system form part of the official records of Tatiara Medical Centre; they are not private property. Tatiara Medical Centre does not recognise any right of employees to impose restrictions on disclosure of emails within the business. Emails may be disclosed under the Freedom of Information Act, as part of legal proceedings (e.g. tribunals), and as part of disciplinary proceedings. Users are responsible for all actions relating to their email account/computer username and should therefore make every effort to ensure no other person has access to their account.

When using Company email, users must:

  • Ensure they do not disrupt the Tatiara Medical Centre’s wider IT systems or cause an increase for significant resource demand in storage, capacity, speed or system performance e.g. by sending large attachment to a large number of internal recipients.
  • Ensure they do not harm the businesses reputation, bring it into disrepute, incur liability on the part of Tatiara Medical Centre or adversely impact on its image.
  • Not seek to gain access to restricted areas of the network or other “hacking activities” is strictly forbidden
  • Must not use email for the creation, retention or distribution of disruptive or offensive messages, images, materials or software that include offensive or abusive comments about ethnicity or nationality, gender, disabilities, age, sexual orientation, appearance, religious beliefs and practices, political beliefs or social background. Employees who receive emails with this content from other employees of the business should report the matter to the Practice Manager.
  • Not send email messages that might reasonably be considered by recipients to be bullying, harassing, abusive, malicious, discriminatory, defamatory, and libellous or contain illegal or offensive material, or foul language.
  • Not upload, download, use, retain, distribute, or disseminate any images, text, materials, or software which might reasonably be considered indecent, obscene, pornographic, or illegal.
  • Not engage in any activity that is likely to:
  1. Corrupt or destroy other users’ data or disrupt the work of other users. 
  2. Waste staff effort or business resources, or engage in activities that serve to deny service to other users.
  3.  Be outside of the scope of normal work-related duties – for example, unauthorised selling/advertising of goods and services.
  4.  Affect or have the potential to affect the performance of damage or overload Tatiara Medical Centres system, network, and/or external communications in any way.
  5. Be a breach of copyright or license provision with respect to both programs and data, including intellectual property rights.
  6. not send chain letters or joke emails from a Company account.

 

Staff who receive improper email from individuals inside or outside of Tatiara Medical Centre, should discuss the matter in the first instance with their line manager or supervisor.

Personal use of Tatiara Medical Centre email is not permitted.

Communication with patients via electronic means (e.g. email) is conducted with appropriate regard to the privacy and confidentiality of the patient's health information. 

Our practice uses the attached 'Privacy Disclaimer' on outgoing emails that are affiliated with the practice.

Emails and internet usage will be monitored by the Practice Manager including discretion to blacklist certain sites such as personal email or social media sites.

All staff have signed a computer use agreement as a condition of their employment.

Remote Users

Users may sometimes need to use Tatiara Medical Centre equipment and access the business’s network while working remotely, whether from home or while travelling. The standards set out in this document apply whether or not Company equipment and resources are being used.

Monitoring

All resources of Tatiara Medical Centre, including computers, email, and voicemail are provided for legitimate use. If there are occasions where it is deemed necessary to examine data beyond that of the normal business activity of Tatiara Medical Centre then, at any time and without prior notice, the business maintains the right to examine any systems and inspect and review all data recorded in those systems. This will be undertaken by authorised staff only. Any information stored on a computer, whether the information is contained on a hard drive, USB pen or in any other manner may be subject to scrutiny by Tatiara Medical Centre. This examination helps ensure compliance with internal policies and the law. It supports the performance of internal investigations and assists in the management of information systems.

Penalties for Improper Use


Withdrawal of facilities:

Users in breach of these regulations may have access to Tatiara Medical Centre’s IT equipment restricted or withdrawn.


Disciplinary Action:

Breaches of these regulations may be dealt with under Tatiara Medical Centre’s disciplinary procedures. It may lead to termination of employment from the Company.


Breaches of the law:

Where appropriate, breaches of the law will be reported to the police.

Legislation

 All users shall comply with the relevant legislation. This includes the following:

 SA Freedom of Information Act 1991

Any information which Tatiara Medical Centre holds is potentially disclosable to a requester under one of these pieces of legislation. This includes emails too.

Users need to be sure that they are not breaching any data protection when they write and send emails. This could include but is not limited to:

  • Passing on personal information about an individual or third party without their consent.
  • Keeping personal information longer than necessary.
  • Sending personal information to a country outside of Australia without third party consent.

 

Email should where possible be avoided when transmitting personal data about a third party. Any email containing personal information about an individual may be liable to disclosure to that individual. This includes comment and opinion, as well as factual information. Therefore, this should be borne in mind when writing emails, and when keeping them.

 

Cybercrime Act 2001

This Act makes it an offence to try and access any computer system for which authorisation has not been given.

 

Copyright Act 1968

Under this Act it is an offence to copy software without the permission of the owner of the copyright.

 

Defamation Act 2005

Under this Act it is an offence to publish untrue statements which adversely affect the reputation of a person or group of persons.

 

Criminal Code Amendment (Terrorism) Act 2003

This Act makes it a criminal offence to encourage terrorism and/or disseminate terrorist publications.

 

Telecommunications Act 1997

This allows for any organisation to monitor or record communications (telephone, internet, email, and fax) for defined business-related purposes.

Share by: