All staff within the practice are to assist in mitigating security risks. This includes being aware of the risks associated with email and internet usage.
All staff are to use the internet, email and secure messaging in a manner which meet our privacy obligations and are to use such resources in a respectful and professional manner.
To avoid unnecessary risk to information systems, the following applies:
Use of the Internet by employees is encouraged where such use is consistent with their work and with the goals and objectives of Tatiara Medical Centre in mind.
Reasonable personal use is permissible subject to the following:
This practice uses antivirus, anti-malware and anti-spyware which are centrally installed and managed and locally deployed.
Staff members have full accountability for internet sites accessed on their workstations and are expected to utilise this tool in an acceptable manner.
Emails sent or received on the email system form part of the official records of Tatiara Medical Centre; they are not private property. Tatiara Medical Centre does not recognise any right of employees to impose restrictions on disclosure of emails within the business. Emails may be disclosed under the Freedom of Information Act, as part of legal proceedings (e.g. tribunals), and as part of disciplinary proceedings. Users are responsible for all actions relating to their email account/computer username and should therefore make every effort to ensure no other person has access to their account.
When using Company email, users must:
Staff who receive improper email from individuals inside or outside of Tatiara Medical Centre, should discuss the matter in the first instance with their line manager or supervisor.
Personal use of Tatiara Medical Centre email is not permitted.
Communication with patients via electronic means (e.g. email) is conducted with appropriate regard to the privacy and confidentiality of the patient's health information.
Our practice uses the attached 'Privacy Disclaimer' on outgoing emails that are affiliated with the practice.
Emails and internet usage will be monitored by the Practice Manager including discretion to blacklist certain sites such as personal email or social media sites.
All staff have signed a computer use agreement as a condition of their employment.
Users may sometimes need to use Tatiara Medical Centre equipment and access the business’s network while working remotely, whether from home or while travelling. The standards set out in this document apply whether or not Company equipment and resources are being used.
All resources of Tatiara Medical Centre, including computers, email, and voicemail are provided for legitimate use. If there are occasions where it is deemed necessary to examine data beyond that of the normal business activity of Tatiara Medical Centre then, at any time and without prior notice, the business maintains the right to examine any systems and inspect and review all data recorded in those systems. This will be undertaken by authorised staff only. Any information stored on a computer, whether the information is contained on a hard drive, USB pen or in any other manner may be subject to scrutiny by Tatiara Medical Centre. This examination helps ensure compliance with internal policies and the law. It supports the performance of internal investigations and assists in the management of information systems.
Withdrawal of facilities:
Users in breach of these regulations may have access to Tatiara Medical Centre’s IT equipment restricted or withdrawn.
Disciplinary Action:
Breaches of these regulations may be dealt with under Tatiara Medical Centre’s disciplinary procedures. It may lead to termination of employment from the Company.
Breaches of the law:
Where appropriate, breaches of the law will be reported to the police.
Legislation
All users shall comply with the relevant legislation. This includes the following:
SA Freedom of Information Act 1991
Any information which Tatiara Medical Centre holds is potentially disclosable to a requester under one of these pieces of legislation. This includes emails too.
Users need to be sure that they are not breaching any data protection when they write and send emails. This could include but is not limited to:
Email should where possible be avoided when transmitting personal data about a third party. Any email containing personal information about an individual may be liable to disclosure to that individual. This includes comment and opinion, as well as factual information. Therefore, this should be borne in mind when writing emails, and when keeping them.
Cybercrime Act 2001
This Act makes it an offence to try and access any computer system for which authorisation has not been given.
Copyright Act 1968
Under this Act it is an offence to copy software without the permission of the owner of the copyright.
Defamation Act 2005
Under this Act it is an offence to publish untrue statements which adversely affect the reputation of a person or group of persons.
Criminal Code Amendment (Terrorism) Act 2003
This Act makes it a criminal offence to encourage terrorism and/or disseminate terrorist publications.
Telecommunications Act 1997
This allows for any organisation to monitor or record communications (telephone, internet, email, and fax) for defined business-related purposes.