Email Use – Standard Operating Procedure
Electronic mail (email) has been accepted as one of the main working tools many of us use on a daily basis. Most Trust staff regularly use email to send and receive messages, documents, appointments and tasks that would previously have been sent by phone or mail. We all like the convenience, ease of use and enjoy many of the benefits email permits, which include: the ability to store, re-send and print messages and attachments.
Considering the ease with which we can send emails either internally, through the NHS network or to anywhere in the world via the internet, we need to seriously consider how we use this facility while bearing in mind the sensitive nature of much of the information we deal with on a daily basis.
The development of email is an important aspect of the Trust’s Informatics Strategy, and all staff will have access to basic email and directory services.
The adoption of email by the Trust reflects the organization’s commitment to embrace and take advantage of communication technology for the benefit of our service users, staff and organization.
The objective of this document is to enable all staff to understand the processes, procedures and their responsibilities in place with regard to the Email Use Policy. This procedural guidance is to aid effective and appropriate use of email on Trust systems and to reduce the risk of adverse events by:
• Setting out the rules governing the sending, receiving and storing of email.
• Establishing Trust and user rights and responsibilities for the use of the system.
• Promoting awareness of and adherence to current legal requirements and NHS Information Governance standards.
• Ensure users of the email system understand their responsibilities regarding appropriate and proper use
• Identify the organizational responsibilities in managing the use of email services effectively.
The Trust Email Use Policy and this procedure guide apply to the use of:
• Trust provided email accounts
• NHS email accounts (*.nhs.uk and *.nhs.net) for business and personal use on Trust and non-Trust premises including from home, internet cafes and via portable media.
• The use of personal email accounts accessed from Trust systems.
4. Access and Authorization
4.1 Access – email is available to all staff that are authorized and registered as users of the computer network.
4.2 Account Authorization – Requests to authorize staff to receive email services, or to change an existing account holders details should be submitted to the IT department on the formal “IT Services Request Form” available on the Intranet. These must be signed off by an appropriate manager or they will not be approved.
5. Overview of User Responsibilities
5.1 What you can do -
• Use the Trust’s email in an appropriate and efficient manner for business purposes, such as sending and receiving communications within the organization and to organizations outside the Trust
• Some limited personal use of email is permitted
5.2 What you can’t do -
• Transmit personal identifiable data or commercially sensitive material without using an authorized email address or without approved data encryption tools.
• Use personal\web based email for Trust business unless authorized to do so by the IT Department. Otherwise if you need to use email for any aspect of business relating to your employment with this Trust then you should only ever use email facilities provided and recognized by the Trust or the NHS, such as mhsc.nhs.uk or nhs.net email accounts.
• Make excessive personal use.
• Access email under any username other than your own.
• Use email to mis-represent or bring the Trust into disrepute
• Download software and install on any computer without the authorization of the IT department
6. Overview of Organizational Responsibilities:
6.1 The Organization will –
• Have formal request procedures to set up users with an email accounts which are allied to the creation of a network account
• Will use email filtering tools to monitor inbound and outbound email ensure the ongoing security of the Trust’s network and to protect confidential information being sent insecurely?
• Will quarantine emails that are deemed to be a threat to the Trust network or are of such a composition that are deemed to be of an offensive or of a malicious nature
• Implement and maintain anti-virus software on servers and each PC
• Maintain email accounts by suspending or removing unused accounts
• Will apply a sending and receiving message size of limit 10mb to ensure the Trust’s network performance
• Will ensure email and Personal Folders (PST) that are stored on the network are backed up on a daily basis.
7. Personal Use
Although personal use of email facilities is discouraged, limited personal use is permitted provided it is consistent with the Trust’s Code of Conduct and does not interfere with the performance of your duties.
Employees should regard this facility as a privilege that should normally be exercised in their own time without detriment to the job and not abused.
Inappropriate or excessive personal use may result in disciplinary action and/or removal of email facilities. Staff should be aware that both private and legitimate Trust business use of email will be subject to monitoring. There is no absolute right to use the email facilities for personal use.
Further guidance can be found within email good practice document (Appendix 1)
To avoid compromising confidentiality email users should:
• Work on the basis that email is not entirely immune to interception
• Work on the basis that the data subject may inspect personal data within emails.
• Observe service user and staff confidentiality on all communications.
• Ensure consent has been given before releasing confidential information to third parties.
• Never send P.I.D. using a personal webmail account over the internet (e.g. Hotmail, Yahoo, Gmail etc.)
• Always ensure that PID if it does need to be sent by email is ENCRYPTED
• Be vigilant about forwarding emails received as these may contain confidential data.
• Check when forwarding emails sent to them that the email thread does not contain confidential or sensitive information.
9. Unacceptable and Inappropriate Use of Email
The unacceptable use of email is considered a serious breach of security and may result in action being taken under the Trust’s relevant and Disciplinary/Conduct policies and could result in dismissal. It is not possible
To make an absolute definition of inappropriate and unacceptable use however the following sub sections of this policy outline possible instances that are deemed unacceptable or inappropriate, it should be noted that the following is not exhaustive and there may be other instances that Trust may be deemed unacceptable:
• Use of email for communicating person identifiable information without being authorized to do so
• Use of email for communication of person identifiable information to an unauthorized and/or insecure email system. Any transmission of person identifiable data must also be encrypted. A list of authorized and secure email addresses is contained in Appendix 3. Please contact Management for further advice on encryption. (Appendix 4)
• Use of email to transmit large files (more than 50 records) of personal identifiable data without authorization from Management. (Bulk Transfer procedure should be followed)
• Any use of a commercial or profit-making nature, or for any other form of personal financial gain
• Any use, that conflicts with an employee's obligations to their employer.
• Use considered to be, against the organisation’s rules, regulations, policies and procedures in particular the Email Use policy
• Excessive personal use. The Trust will decide what is considered excessive use of email an example of which is given below
• Transmission of large files (documents or software) for personal use. (This uses capacity that would normally be used for business purposes and could introduce viruses that may cause severe disruption and/or harm to the Trust email and network and the ability for the Trust to carry out its duties effectively.)
• Introducing or attempting to introduce computer viruses by email messages or attachments
• Creation or transmission of material that is defamatory or material that includes claims of a deceptive nature
• Creation or transmission of material that is abusive or threatening to others serves to harass or bully others or designed to cause distress, inconvenience or anxiety. For example material that discriminates or encourages discrimination on the grounds of:-
Excessive use factors:
• The continual use of Trust provided email for ongoing email “chit chat” that interferes with the performance of your duties.
• Race or Ethnicity,
• Sexual Orientation,
• Marital Status,
• Political or Religious Beliefs.
Similarly the creation or transmission of any offensive, obscene or indecent images, message, data or other material will be considered unacceptable.
The Trust will, where appropriate, disclose evidence of any member of staff contravening the law or professional standards to the police and/or regulatory bodies. Use of email for communicating person identifiable information without using an authorised email address or without approved encryption facilities or without using NHS net or without password protecting the information. A list of authorised email address is contained in Appendix 3 Please contact the IT Security Manager for further advice on encryption, 0161 277 1111
• Use of email for communicating commercially sensitive material without using an authorised email address or without approved encryption facilities or without using NHS net. or without password protecting the information. A list of authorised email address is contained in Appendix 3. Please contact the IT Security Manager for further advice on encryption, 0161 277 1111
• Use of email to misrepresent the Trust or enter into contractual agreements (unless you are specifically authorised to present views of your organisation or engage in online purchasing),
• Re-producing Trust publications and communications thus infringing copyright laws law and intellectual property rights
• Creation or cascading of emails using Trust provided email services containing material that brings the Trust into disrepute
• Creation or cascading of emails using Trust provided email services containing unsolicited commercial or advertising material
• Creation or cascading of chain letters or junk mail of any kind
• Creation or cascade of anonymous messages or deliberately forged messages
• Use of Trust provided email for activities that violate the privacy of others or unfairly criticise and misrepresent other individuals
• Use of Trust provided email for activities that corrupt or destroy other users' data or disrupt the work of other users
• Routing external communications in a manner that deliberately attempts to bypass any system logging or audit functionality
• Users disguising themselves or their sending address when they use the service in order to misrepresent any aspect of a communication.
• Use the email service to violate the laws and regulations of the United Kingdom or the European Union.
Remember that all laws relating to written communications also apply to emails.
Emails are recorded and could be presented as evidence in a court or tribunal.
Your emails may also be disclosed to anyone making an information request under the Freedom of Information Act 2000 or a subject access request under the Data Protection Act 1998.
In addition users should be aware of their responsibilities to;
• Ensure that the identity of the recipient to whom they are sending an email is correct.
• Reasonably understand copyright, trade-mark, libel, slander and public speech control laws, so that their use of the email service does not inadvertently violate any laws which might be enforceable against the Trust or organisation.
• Check before forwarding any emails received from others as these may contain confidential or sensitive information which should not be shared.
10. Email Retention
Trust emails, either in electronic of hard copy form should be retained for the periods set out in Part 2 of the Records Management NHS Code of Practice as appropriate for the subject matter of the email.
11. User Names and Passwords
The use of Trust provided email services is aligned to the creation and ongoing usage of a Trust network account. Therefore:-
• You are responsible for maintaining the security of your individual username and password
• You must not share your unique username and password. Unauthorised access, modification (or the intent to access/modify) are criminal offences under the Computer Misuse Act 1990
• If a breach of security is recorded under your login you will be required to prove that you are not responsible for the breach
The Trust’s IT Security and Internet Usage policies should be read in conjunction with this policy.
• Do not leave your PC logged in and unattended always lock it using Control Alt Delete
• At the end of the day or for an extended period time you should log and turn your PC off.
• Never leave passwords written down in areas close to your PC or where they can be found
12. Temporary Staffing Network Account
A number of Delegated network accounts for Temporary staff have been established by the IT Department so that business continuity can proceed during staff absences or shortfalls dictate the need for such resource. These accounts are managed and requested by individual Departmental Managers and as such the requesting manager is responsible for ensuring that such accounts are used appropriately and are closed when the need for the temporary account has ended, in accordance with the Trust’s relevant and Disciplinary/Conduct policies.
To request such an account a “Temporary Staffing network account request form” should be completed and signed by the requesting manager and returned to the IT Department. Upon leaving the Trust the temporary member of staff must release the password they have set to allocating manager who in turn signs acceptance of this password upon which the password is reset by individual issuing manger.
Viruses can damage computer systems, destroy data, cause disruption and incur considerable expense for the Trust. Although the email system has background antivirus defences it is still essential for users to specifically check any suspicious mail or attachments prior to opening.
Employees must not open attachments from external sources unless they are sure of their authenticity. If in doubt seek clarification from the sender. Areas expecting emails from unknown sources should request a code be inserted in the title/subject heading (e.g. a job vacancy code).
If any viruses are found or you suspect that your machine may be infected, the IT department must be informed immediately by telephoning the service desk on 0161 277 1111.
It is forbidden to send executable computer programme files as attachments, without prior consent from the Trust IT department. The downloading and subsequent use of software received via email, without prior approval, is strictly forbidden (this includes screen savers).
It will be considered a serious breach of policy if an email user deliberately infects or makes any attempt to infect the Trust or other network system with computer viruses.
14. Formation of Contracts
Email is capable of forming or varying a contract in just the same way as a written letter. Such capability gives rise to the danger of employees inadvertently forming contracts on behalf of the Trust or varying contractual terms to which the Trust then becomes bound. For example sending an ambiguous email to a contractor or supplier that could be misread as asking them to undertake some work on behalf of the Trust could be deemed a legal contract. Employees such take due care when drafting the words of an email so that they cannot be construed as forming or varying a contract when this is not the intention.
15. Email Disclaimer
Disclaimer text will automatically be added to any external emails that are sent. Staff should not add disclaimer text within their own signature panel.
The addition of this text is designed to limit the Trust’s potential liability with respect to information being communicated. The use of a disclaimer does not provide an absolute defence against breaches of confidentiality nor should it preclude the user from undertaking fundamental checks before sending the email.
16. Signature Panels
Email signatures should contain the following minimum amount of information. Name Job title Department Location/address Telephone number Work mobile, if appropriate
Some Directorates and Departments have standard signature formats that their staff must adhere to. See appendix 5 for help in adding a signature to your email
17. Sending and Receiving Email Messages
• Use email only when it is the most appropriate means of communication.
• Communicate only with those who are required to read the message (need to know) to avoid breach of confidentiality.
• Use the Global Address Book with care to ensure email reaches the correct recipient.
• In the event of a mistake, use the “recall” message tool.
• File attachments should only be sent via email when absolutely necessary and should be deleted as soon as is practicable. Ideally place large attachments in a shared location (where possible) and include the path to the file in the email. Make use of approved tools to minimise the size of attachments, e.g. Portable Document Format (PDF).
17.1 Large Numbers of Recipients
Be selective about who you send messages to. Place large attachments in a shared location such as the Intranet or “SharePoint” and send only the link to the location.
17.2 Distribution Lists
Inappropriate use of the 'distribution lists’ wastes both network resources and staff time, for this reason they must only be used for business purposes for distributing mail which is relevant to everyone on the list.
Users should check that the distribution list they are using is appropriate for the email being sent.
17.3 Global Emails
Global emails are intended for communicating high-level information relating to Trust business within the organisation.
All messages must have a named signatory and be approved by an appropriate Head of department or Director before they are sent. Or alternatively request that the Manager or department Head forwards to the Communications Department to distribute on their behalf.
If you wish to reply to a global email message, only reply to the named contact on the bottom of the email. Do not respond globally as this takes up unnecessary storage space on the email server.
17.4 Auto Forwarding of Email
To avoid service user/person identifiable data or sensate or confidential information being sent on to an insecure email address auto forwarding of email from a Trust email to a non NHS email address, i.e. a personal email address, is NOT allowed. Exceptions to this can be approved by the Chief Executive or Director of Strategy and Business Development.
17.5 Email Received in Error
Inform the sender if you receive a message to you in error. Delete the message from your mailbox.
17.6 Phishing Email
If you received an email with suspicious or clearly fraudulent content do not respond to this email. Delete it immediately. DO NOT RESPOND as this indicates an active mailbox. Advice can be sought if required from our Local Security Management Specialist.
17.7 Junk Email (or Spam)
Junk Email (or "Spam") is any email received when it has not specifically been asked for. It may be advertising goods or services, or even warning of a new supposed "virus." It is always something that you don't want to receive.
Although there is a Trust wide filtering system The best policy to deal with junk messages is to delete them as soon as you receive them - in this way, the people that sent the message never receive a reply from your account, and may not send a message to your account.
• Never respond to them - by replying to the message, you're giving them your email address, and confirming to them that your mail account is active.
• Never respond to instructions to reply with the word "remove" - again, by replying to the message, you're giving them your email address, and confirming your account is active. Chances are that you won't be removed from the list, and you may in fact be added to more lists as a result.
• Never click on URL (web addresses) contained within the message - again, this action could alert the message sender of the validity of your email address.
• Never sign up to sites that promise to remove your address from junk email lists - although the site may be legitimate, there's also the chance that the site is owned by email address collectors, so instead of giving your email address to be removed from a list, you've just added it to another.
• If you receive an email with an attachment that you haven't asked for - DO NOT open the attachment. It's very common to spread viruses by email - when you open the attachment, you could be launching the virus on your computer.
17.8 Emails with Warnings about Criminal Activity/Frauds/Scams
Where there are genuine matters relating to security that staff need to be aware of these will be notified by the Police to NHS Security Management Specialist who in turn will issue warnings or guidance to staff.
17.9 Out of Office
Use the “out of office” tool when appropriate. This is especially important for Freedom of Information, as a disclaimer will be automatically added to all Out of Office notifications informing the requestor that they must resubmit their request to the appropriate Trust FOI email address.
Staff should ensure that their out of office message includes details of when they will be back in the office, who should be contacted in their absence and include contact email addresses or telephone numbers.
17.10 Shared Email Facilities
To aide productivity the Trust’s email service offers users the potential to send email on behalf of another user, once delegated permissions have been set up. Whilst this is a useful service, users should be aware that in giving permissions to someone else they are still also responsible for any email sent on their behalf by this mechanism. All emails sent under these arrangements should make clear that they are sent on behalf of another. Should you require further guidance please contact the IT Service desk on 0161 277 1111.
17.11 Shared Calendar/Diary Facilities
To aide productivity the Trust’s email service offers users the potential to share calendars and diaries, once delegated permissions have been set up.
Whilst this is a useful service, users should be aware that giving permissions to someone else comes with some risk, thus permissions should be applied carefully so that for example permission to the users email is not given by mistake. Should you require further guidance please contact the IT Service desk on 0161 277 1111.
18. Emailing Patients.
It is accepted that in some instances patients/carers etc may wish to communicate with the Trust about their care and treatment provided by email.
Using email as a means of communication has a number of advantages over some other forms of sending and receiving information. For instance, it helps when the patient has difficulty in making direct contact with clinical staff during office hours (for example, the patient is working;. It can also help if the patient often travels away from home. However, communicating by email must not replace other forms of communicating (e.g., face to face contact, letters etc).
The reason for this is that any communication by email has to be considered as being non-urgent; i.e., the sender of an email does not always know whether the recipient is able to read the email/text immediately.
Staff can communicate with patients by email if the patient requests that form of communication. The request must be initiated by the patient and not the staff member involved. Staff should also document consent from the patient/carer prior to communicating by email and consent should be documented on Amigos where appropriate or in the appropriate place if for example a complaint file.
An assessment must be made of the risk against the benefits for the patient. The patient must be made aware of the risk that someone could intercept an email.
Additional security must be in place if confidential information is transmitted via email. Staff should not put any confidential information into the body of the email but into an attachment such as word that can be protected as per the encryption method described in Appendix 4. If the use of the encryption methods described are not suitable for communicating with the patient then a password-protected word document can be sent. The password must be communicated separately.
The same restrictions and considerations for the use of email apply to communicating with carers.
The printing and filing emails into health records will be based on a clinical decision of their significance (for example, a significant change in the patient’s presentation or for any risk issue).
Email correspondence being entered into with carers will be subject to the same confidentiality and sharing of information considerations as for any other form of communication.
1. Patient requests communication by email/text and proposed use is discussed in staff supervision. Appropriate boundaries will be discussed, agreed and documented in the client’s record.
2. Ensure the service user understands that email communication should not be used out of hours and that they are given the contact information for use in an emergency.
3. A record is made in the records/Amigos of the decision to use email.
4. Both parties in email communication must be made aware that no people mentioned in the email can be identified by any outside and unauthorized agency.
5. If for any reason it is agreed between the parties that confidential or sensitive information will be sent, the information must be in the form of an encrypted or password-protected document attached to the email.
6. Send the password in a separate email however before sending the encrypted file and password you should verify the email address by sending a test message first.
7. Once confirmed that the test message has been received by the correct person you can send the encrypted file. Ask the recipient to contact you to confirm receipt and then you can email the password in a separate email or provide it over the phone. DO NOT SEND the password in the same email as the encrypted document or call the recipient and tell them directly.
8. The sent email and attachment should be printed off and filed in the patient record and the password recorded in the records. The sent email should then be deleted. Both staff and patients/carers will need to be confident that they are able to manage encrypted or password- protected documents.
9. The patient or carer has to sign the specific email consent/use form (appendix 6) before using this form of communication. The form states the restrictions in using emails. The completed form must be filed in the client’s record.
10. It is good practice to inform the patient of any communication with carers by email. This should only be done if considered appropriate by the clinician following a risk assessment.
11. Emails must be summarized in the clinical record/Amigos. Printing of emails should be based on a clinical decision of their significance.
12. Neither party may forward an email without the consent of the sender.
13. Email communication will be for use only by the named clinician on the consent form.
14. Once an email has been printed off and filed in the Health Record, it must be deleted from the Inbox. All emails sent to the patient must also be deleted from the Sent folder following printing and filing.
15. Staff should always ensure they validate and check the email address each time they wish to communicate with the patient/carer as these are liable to change often.
16. Record the patient details, i.e. DoB and NHS/Hospital number on printed emails before filing. If the name of the patient is not clear from the Email header, add this to the printed copy as well.
17. Remember not to use names that can identify a patient or carer in the Subject field of the email.
18. Emails tend by their nature have an informal tone. There must be no possibility of an email sent by staff being misconstrued. Staff must therefore be especially aware of professional boundaries and conduct when using email as a form of communication.
19. The use of email must be regularly reviewed, e.g. via care review processes and the decision to continue, nor not, recorded in the patient’s clinical record/care plan.
19. Accessing a Mailbox of Another Member of Staff
Except as set out below, no member of staff will be allowed to access another member of staff’s email account without the express permission of the member of staff to whom the mail box belongs.
Where it is not possible to ask the permission of the member of staff whose mailbox needs to be accessed, due to them being away from the office for an extended period of time e.g. sick leave, or the person is no longer employed, and there is no other way of obtaining the information, the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 permit the accessing of such information. The procedure for gaining access to their mailbox in the following order is:
• Gain written authorisation from the Executive Director ultimately responsible for the member of staff.
• Submit the authorisation to the IT Manager.
• The IT Manager will consider the appropriate way forward i.e. if access to the mailbox is required or specific messages can be identified.
If you believe you may have cause to need copies of emails sent to a user who is going on planned leave etc then you should agree with the member of staff an appropriate way of doing this prior to their leave.
The reason for accessing an individual’s mailbox without express permission must only be in accordance with the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 or where access is otherwise permitted by law
• Obtaining business information in order to action: Subject access requests under the Data Protection Act Freedom of Information requests Evidence in legal proceedings
• Line of business enquiry
• Conducting and investigating serious matters which may result in disciplinary action
• The investigation and detection of crime
A record will be made and held by the Information Governance Manager of the reason for accessing the mailbox with the names of the people involved.
They will, where possible, inform the person whose mailbox was accessed conveying the information recorded as cited above; except when to do so may prejudice the investigation of criminal offences. In these circumstances the relevant Data Protection Act forms will be held by the Information Governance Manager and will be subject to the rules of disclosure under the Criminal Procedures and Investigations Act 1996 (CPIA).
20. Use of Personal Mail Folders (PST)
The email service provided by the Trust allows the creation of Personal Folders to store emails. This system creates a folder on your personal network drive (P:) in which you can store emails in a structured method via Outlook. This method relieves the load on the email system and enables users to manage emails they may need to keep. Users are encouraged to use this method rather than storing large numbers of email on the mail server itself. Should you require further assistance on this function please contact the IT Service desk on 0161 277 1111
Email users must observe all contractual, copyright issues. Under the Copyright, Designs and Patens Act 1988, copyright law can be infringed by making an electronic copy or making a “transient” copy (which occurs when sending an email). Copyright infringement is becoming more commonplace as people forward text, graphics, audio and video clips by email. Employees must not copy, forward, or otherwise disseminate third-party work without the appropriate consent.
22. Freedom of Information
Although by its nature, email seems to be less formal than other written communication, the same laws apply. Therefore, it is important that users are aware of the legal risks of email.
As defined in the Trust Records Management Policy, email is an electronic record. A printed copy of an email is a hardcopy record. Information contained in an email may be disclosed either in part or in whole to the public through the Freedom of Information Act or associated legislation. Although exemptions exist, staff and stakeholders need to be aware that the Trust cannot guarantee confidentiality of correspondence conducted by email, as stated in the Trust email disclaimer.
It is strictly forbidden to send messages that contain offensive or harassing statements or language, particularly in respect of race, national origin, sex, sexual orientation, age, disability, religious or political beliefs. Remarks sent by email that are capable of amounting to harassment may lead to complaints of discrimination under the Sex or Disability Discrimination Acts or the Race Relations Act.
The ease of use of e-mail can lead to unguarded and impetuous comments being made, which in turn could be classified as defamatory. Defamation arises where there is the publication of an untrue statement tending to lower the subject of the statement (which may be an individual or an organisation) in the estimation of the public generally. Liability for the tort of defamation applies to electronic communication just as it does to more traditional forms of publishing.
25. Email Good Practice Guidelines
Email is a powerful communications mechanism and therefore it should be used in a professional and courteous manner and in a similar vein to the written or spoken word. Take care in what you write, because you do not know where copies of your email may end up.
Further guidance on good email conduct can be found in Appendix 1.
26. Limits and Quotas
All email accounts on the centrally managed server have quota limits placed on them however limits are generous and should never be reached provided the following guidelines are adhered to:
1. Regularly delete unwanted emails and the contents of ‘sent items’ and ‘deleted items’ folders.
2. Copy any mail and/or attachments you need to keep to a folder on your PC.
3. Use the archive facility to save ‘old’ mail.
Users will receive email notification when approaching their quota limit and are encouraged to follow the above guidance to manage their account. Once over quota no further email can be sent or received from an individual's account until they have reduced their storage to below the set limit.
It is not always necessary to send an attachment as an alternative a you can email a hyperlink to a particular document once it has been placed on the Trust’s Intranet. Advice on Trust Intranet publication can be obtained from the Information Management Department.
27. Lost or Stolen IT Equipment and Data
All staff are required to report immediately to the Trust the loss or theft of any of the following;
• Computer or Laptop, Memory Stick, flash pens, CDs, DVDs, external hard drives, Palmtop Computer, blackberry device, mobile phone, iPad or other such mobile IT device.
• Papers or files containing patient Information, papers of files containing carer information, papers or files containing staff Information
The above should be reported if the equipment or data belongs to the Trust or relates to anyone connected with the Trust e.g. staff, patient or carer. This also applies in instances where your own property is lost or stolen and it contains such information.
Loss or theft of any of the above items should be reported immediately to the;
• Line Manager
• Trust Security Officer
• IT Security Manager – 0161 277 1111
• Police (for high value items or containing confidential information)
The Lost or Stolen IT Equipment and Data incident must also be reported via the Trust Incident Reporting System.
28. Security Breaches
Recording security breaches enables management to improve the quality of service to patients and staff; you are encouraged to report incidents for this purpose.
Any security breaches (or suspected breach) must be reported immediately either directly or through your line manager, to the Trust IT Security Officer 0161 277 1111 who will investigate the matter.
28.1 Security Breaches must also be reported via the Trust Incident Reporting Process.
If warranted the findings will be subsequently reported to the Board and to the NHS Security Incident Reporting Scheme.
28.2 Investigatory/Disciplinary Proceedings (see also Monitoring)
The organisation will investigate complaints received from both internal and external sources, about any unacceptable use of email that involves the organisation’s IT facilities.
Where there is evidence of an offence or breach of the Trust’s policies, it will be investigated and acted upon in accordance with the organisation’s disciplinary procedures. In such cases The Trust reserves the right to disable accounts or block email to prevent further damage or harm occurring or impound equipment.
29. General Rules
Email users must not:
• Use other people’s email accounts to send emails.
• Give other authority to view or amend your mailbox unless fully justified.
• Engage in any activity, which is illegal, offensive or likely to have negative repercussions for the Trust.
• Allow third parties to read personal or confidential data in emails by leaving your screen in view of such third parties.
• Read other people’s emails sent to someone else, without their express permission.
• Create or send any offensive, obscene or indecent images, data or other material.
• Initiate or propagate any provocative exchanges of email.
• Initiate or propagate electronic chain letters or junk mail.
• Engage in unauthorised selling or advertising of goods and services.
• Create or send messages that may constitute racial, sexual harassment or harassment on the grounds of disability.
• Send any unsolicited commercial or advertising material either to another user or organisation(s).
• Forge, use a false identity or anonymously send emails.
• Attach “fancy” decorations, such as smiley faces, borders, coloured or theme backgrounds to emails. Unnecessary network storage is taken up by their use and many third party software applications offering these decorations often carry surveillance software within them.
30. Outlook Mailbox Housekeeping
The amount of email in the personal inbox should be kept to a minimum and the inbox should not be used as a storage facility. Unless required for audit purposes, emails should be deleted after reading, responding or action.
The email system is designed for the transmission of messages and is not designed to be an archival system; staff should not rely on the email system as a safe archive for important documents. Emails should be reviewed on a
monthly basis and deleted when no longer required. The same housekeeping rules apply to Sent items.
The deleted items folder should be set up to clear all deleted items upon exiting outlook. Any emails that need to be saved should be moved to a personal folder (PST file). PST files should always be stored on a network drive to ensure they are backed up by the server.
Staff should be aware that PST files above 1GB in size can become unstable and may corrupt resulting in the loss of data. It is important that staff regularly check the size of their personal folders within Outlook and carry out regular housekeeping in order to keep them under this recommended size limit.
Email Good Practice Guidelines
1. Email Etiquette
Who are you?
It is good practice to identify yourself and your position at the end of the email. This may not be apparent from your email address alone.
Email formatting and content
• The Trust’s email format is:-
Font – Arial 10
Auto signature containing – name, job title, location, telephone number, fax number
• Always ensure the email SUBJECT line is completed;
• Internal email can increase the effectiveness of interpersonal communications with colleagues and can improve efficiency in creating, editing and accessing written documents
Electronic communication within the Trust represents an outstanding opportunity to improve the speed and efficiency with which we communicate with our working partners. It also raises important issues in the areas of data security, confidentiality and interpersonal communications.
2. Email Good Practice
• NEVER send personal or patient identifiable information unless you are sure this email method is secure
• Be careful about disclosing confidential information; remember that email can be easily copied and forwarded.
• Be vigilant when receiving files attached to email, especially from unknown sources, such files often contain viruses. If you are unsure, do not open the file and contact the IT Servicedesk 0161 277 1111
• NEVER disclose your password to anyone. Nobody has the right to know your personal password, and if you divulge it to another, both of you will be in breach of the IT Security Policy and may be liable to disciplinary action
• Check email on each working day or arrange for a duly authorised person to do so
• Advise people when you are not available. When out of the office and not able to log into your mail account, use the tools within the system to notify others of your inability to do so
• Reply promptly to all email messages requiring a reply
• Request confirmation of receipt on important emails sent, when requested recipient should acknowledge receipt
• Notify your line manager and IT Department if email is received which is regarded as illegal or offensive.
3. Guidelines for writing business email messages
• Ensure the subject line gives a clear indication of the content of the message
• Indicate if the subject matter is sensitive
• Use flags to indicate whether the message is of high or low importance.
• Indicate whether an action is required or whether the email is for information only.
Subject and Tone
• Greet people by name at the beginning of an email message
• Ensure that the purpose and content of the email message is clearly explained
• Include a signature with your own contact details
• Ensure that the email is polite and courteous
• Make a clear distinction between fact and opinion
• Proof read message before sending
• Include original email message when sending reply
• Ensure email messages are not unnecessarily long.
Structure and Grammar
• Try to use plain English
• Check spelling before sending
• Put important information at the beginning
• Avoid abbreviations
• Avoid using capital letters as this can be interpreted as shouting
• Do not use emoticons.
• Distribute email messages only to the people who need to know the information
• Think carefully before using reply all
• Use ‘To’ field for people who are required to take further action and the ‘cc’ field for people who are included for information only
• Ensure email message is correctly addressed
• Be aware that different computer systems will affect the layout of an email message
• Avoid sending messages in HTML format as if an email recipient is using an email system that does not support HTML the layout will be affected
• Be aware that some computer systems might have difficulties with attachments
• Try not to forward messages unnecessarily.
Email, short for electronic mail and often abbreviated to email, e-mail or simply mail, is a store and forward method of composing, sending, storing, and receiving messages over electronic communication systems.
(Source http://en.wikipedia.org/wiki/Email) Within this procedural Email is defined as the access to Trust’s electronic mail system that operates under the @mhsc.nhs.uk domain. Consideration is also given to the use of NHS.net.
Spamming is the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages. (Source http://en.wikipedia.org/wiki/Spamming)
Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. (Source:http://en.wikipedia.org/wiki/Phishing)
Chain letter consists of a message that attempts to induce the recipient to make a number of copies of the letter and then pass them on to one or more new recipients. (Source http://en.wikipedia.org/wiki/Chain_letter)
Internet service provider (abbr. ISP, also called Internet access provider or IAP) is a business or organization that provides consumers or businesses access to the Internet and related services, e.g. hotmail.
To use the webmail you must agree to this policy: