9.11. Internet, social media and email
9.11. Internet, social media and email
9.11. Internet, social media and email
The DWMC recognises the usefulness of the internet, email, mobile devices and computer equipment as research, communication and work tools. This policy sets out the appropriate standards of behaviour for users of the DWMC’s information technology resources.
At all times when accessing or using the DWMC’s information technology resources, users must ensure that they comply with this policy. It is the user’s responsibility to ensure that they use the DWMC’s information technology resources in a lawful and professional manner.
This policy outlines the expectations in the use of the DWMC’s:
- Information technology resources.
- Internet.
- Social media.
- Email facilities.
- Mobile phones and mobile devices.
If a user is unsure about any matter covered by this policy, they should seek the assistance of their manager.
This policy applies to all staff members of DWMC, and contractors (including sub-contractors and temporary contractors) referred to as users. This policy applies to the use of all internet, social media, email and computer facilities, both during and outside of business working hours. This policy applies to the use of internet, social media, email and computer facilities inside the workplace, as well as use from remote locations and after hours use of personal computers. Use of computer facilities includes use of laptops, mobile phones and similar products, and any other equipment that provides a means of accessing the DWMC’s email and internet facilities. For example, this policy extends to the use of a personal computer which has access to the DWMC’s IT systems.
The DWMC’s information technology resources (“IT resources”) are provided to support the business and administrative activities of the DWMC. These resources include:
• The DWMC’s network.
• Computer systems and software including personal computers, notebooks and servers.
• Mobile phones, smart phones and wireless data cards.
• Access to the internet.
• Email, telephones and related services.
If users produce, collect and/or process DWMC related information in the course of their work, that information remains the property of the DWMC. This includes information stored on third party websites.
Extent of personal use
Users are permitted to use the DWMC’s IT resources for limited, incidental personal purposes, provided that such use does not:
• Interfere with the efficient business operations of the DWMC.
• Violate this policy or any other policy of the DWMC.
• Negatively impact upon the user’s work performance.
• Hinder the work of other users.
• Damage the reputation, image or operations of the DWMC.
• Such use must not cause noticeable additional cost to the DWMC.
- The DWMC accepts no responsibility for:
- Loss or damage or consequential loss or damage, arising from personal use of its IT resources.
- Loss of data or interference with personal files arising from the efforts to maintain the IT resources.
Guidelines for use of IT resources
Users must comply with the following guidelines when using the DWMC’s IT resources:
• Users must use their own username/login code and/or password when accessing the DWMC’s computer systems.
• Users should protect their username/login code and password information at all times and not divulge such information to any other person, unless it is necessary to do so for legitimate business reasons.
• Username/login codes and passwords are not to be recorded on or near computer equipment/mobile devices.
• Users should ensure that they log off from their account, and lock their computer/mobile device or shut down their computer/mobile device when leaving such equipment unattended to ensure that others do not have access to the DWMC’s computer systems.
• Users in possession of the DWMC’s computer equipment or mobile devices (including laptops, mobile phones, pagers, personal data assistants, wireless data cards, etc) must at all times ensure that such equipment is stored or placed in areas with a minimal possibility of theft or damage.
• IT resources must not be used for private commercial purposes except where the paid work is conducted in accordance with the DWMC’s practice, or the work is for the benefit of an entity in which the DWMC holds an interest.
• Use of proprietary software is subject to terms of license agreements between the DWMC and the software owner or licensor, and may be restricted in its use.
• The DWMC name or logo may only be used with prior approval from the Principal.
All use must be in accordance with the prior approval of the Principal.
Prohibited conduct
Certain behaviour is considered to be inappropriate use of the DWMC’s IT resources and is strictly prohibited. Examples of such prohibited conduct are, but are not limited to:
Users must not send (or cause to be sent), upload, download, use, retrieve, or access any file, email or internet material that:
- Is obscene, offensive or inappropriate. This includes text, images, sound or any other material, sent either in an email or in an attachment to an email, or through a link to an internet site (URL). For example, material of a sexual nature, hateful, indecent or pornographic material.
- Causes insult, offence, intimidation or humiliation by reason of unlawful harassment or discrimination.
- Is defamatory or incurs liability or adversely impacts on the image of the DWMC. A defamatory message or material is a message or material that is insulting or lowers the reputation of a person or group of people.
- Is otherwise illegal, unlawful or inappropriate.
- Affects or may affect the performance of, or cause damage to or overload the DWMC’s computer systems or internal or external communications in any way.
- Gives the impression of or is representing, giving opinions or making statements of on behalf of the DWMC without the express authority of the DWMC.
- They don’t solicit socially harmful activities including arms, carbon pollution, gambling, tobacco, pornography, low-cost labour/slave labour, human rights violations and animal cruelty.
Users must not use IT resources to:
- Violate copyright or other intellectual property rights. Computer software that is protected by copyright is not to be copied from, or into, or by using the DWMC’s computing facilities, except as permitted by law or by contract with the owner of the copyright. Similarly, users should not copy or access copyright protected music or videos on the DWMC’s IT resources.
- Breach an individual’s privacy, including patients under the care of a Fellow or trainee;
- Create any legal or contractual obligations on behalf of the DMC unless expressly authorised by the Principal.
- Disclose any confidential information of the DWMC or any employee, Fellow, trainee, client or supplier of the DWMC unless expressly authorised by the DWMC.
- Install software or run unknown or unapproved programs on the DWMC’s computers. Under no circumstances should users modify the software or hardware environments on the DWMC’s computer systems (this includes installing software purchased by users for personal private use) without prior approval from the general manager, IT.
- Gain unauthorised access (hacking) into any other computer within the DWMC or outside the DWMC or attempt to deprive other users of access to or use of any DWMC computing system.
- Plagiarise another person’s work.
- Deliberately send or cause to be sent chain or spam emails in any format.
- Obtain personal gain. For example, running a personal business using the DWMC’s computers.
- Gamble.
- Stream content for personal use.
- Use peer to peer file sharing software such as VUZE, BitTorrent, etc.
- Download, install or use instant messaging software.
- Perpetrate any form of fraud or software, film or music piracy.
Users must not use another user’s computer or internet access or email facilities (including passwords and usernames/login codes) for any reason without the express permission of the user.
Internet
The DWMC’s IT resources should only be connected to the internet using means authorised by the Principal, IT.
Users are not permitted to publish personal web pages on computers connected to the DWMC network.
9.12Using social media in our practice
- Policy
‘Social media’ is defined as online social networks used to disseminate information through online interaction.
Regardless of whether social media is used for business related activity or for personal reasons, the following standards apply to members of our practice team, including general practitioners. Practitioners and team members are legally responsible for their postings online. Practitioners and team members may be subject to liability and disciplinary action including termination of employment or contract if their posts are found to be in breach of this policy.
- Personal and professional use of social media by DWMC staff and contractors must not bring the DWMC into disrepute, compromise effectiveness at work, imply DWMC endorsement of personal views or disclose, without authorisation, confidential information.
- Workers are responsible for the content they post on their personal social media accounts. Where a Worker’s personal use of social media contravenes our policy, then it may be appropriate for the DWMC to respond, either in work time or after hours.
- Think about consequences, please remember: Using your public voice to trash or embarrass your employer, your patients, your co-workers or even yourself is not okay – and not very smart.
For the sake of clarity, social media includes, but is not limited to:
• Social networks (such as Facebook and MySpace).
• Blogs.
• Wikis (such as Wikipedia).
• Podcasts.
• Forums.
• Content communities (such as YouTube and Flickr).
• Microblogs (such as Twitter).
- Procedure
Our practice has appointed Practice Manager Tanya Barrett as our social media officer with designated responsibility to manage and monitor the practice’s social media accounts. All posts on the practice’s social media websites must be approved by this person.
When using the practice’s social media, all members of our practice team will not:
- Post any material that:
- Is unlawful, threatening, defamatory, pornographic, inflammatory, menacing, or offensive
- Infringes or breaches another person’s rights (including intellectual property rights) or privacy, or misuses the practice’s or another person’s confidential information (e.g. do not submit confidential information relating to our patients, personal information of staff, or information concerning the practice’s business operations that have not been made public)
- Is materially damaging or could be materially damaging to the practice’s reputation or image, or another individual
- Is in breach of any of the practice’s policies or procedures
- Use social media to send unsolicited commercial electronic messages, or solicit other users to buy or sell products or services or donate money
- Impersonate another person or entity (for example, by pretending to be someone else or another practice employee or other participant when you submit a contribution to social media) or by using another’s registration identifier without permission
- Tamper with, hinder the operation of, or make unauthorised changes to the social media sites
- Knowingly transmit any virus or other disabling feature to or via the practice’s social media account, or use in any email to a third party, or the social media site
- Attempt to do or permit another person to do any of these things:
- Claim or imply that you are speaking on the practice’s behalf, unless you are authorised to do so
- Disclose any information that is confidential or proprietary to the practice, or to any third party that has disclosed information to the practice
- Be defamatory, harassing, or in violation of any other applicable law
- Include confidential or copyrighted information (e.g. music, videos, text belonging to third parties), and
- Violate any other applicable policy of the practice.
All members of our practice team must obtain the relevant approval from our social media officer prior to posting any public representation of the practice on social media websites. The practice reserves the right to remove any content at its own discretion.
Any social media must be monitored in accordance with the practice’s current polices on the use of internet, email and computers.
Our practice complies with the Australian Health Practitioner Regulation Agency (AHPRA) national law, and takes reasonable steps to remove testimonials that advertise our services (which may include comments about the practitioners themselves). Our practice is not responsible for removing (or trying to have removed) unsolicited testimonials published on a website or in social media over which we do not have control.
Any social media posts by members of our practice team on their personal social media platforms should:
- Users must take a common sense approach to the content that they publish online. Because of the public nature of the internet and social media, this common sense approach also applies to use of social networking sites outside of business hours or on equipment other than DWMC equipment.
- If a user is holding themselves out as a representative of the DWMC, any material published online must:
- Be relevant to the user’s area of expertise.
- Not be anonymous.
- Maintain professionalism, honesty and respect. Statements of fact about the DWMC and its products and services, publicly available information and information already published on the DWMC’s website ( when available) are all examples of appropriate online content.
- Users must not publish any material online that contains the DWMC’s confidential information (including financial information and information about organisational matters), the personal information of another (without that individual’s consent), information about the DWMC’s customers or clients, or content that may offend, intimidate, defame or humiliate a Fellow, trainee, staff member, volunteer or contractor of the DWMC. Further, if a user becomes aware of the publication of material that is linked to the DWMC, its workers or its clients which would be deemed distasteful or inappropriate, the user should report such conduct to the DWMC’s Human Resources Department.
If a user is unsure about whether they should publish material on the internet, they should seek guidance from the Computer Security officer, IT.
- Include the following disclaimer example in a reasonably prominent place if they are identifying themselves as an employee of the practice on any posting: ‘The views expressed in this post are mine and do not reflect the views of the practice/business/committees/boards that I am a member of’, and
- Respect copyright, privacy, fair use, financial disclosure and other applicable laws when publishing on social media platforms.
Social media activities internally and externally of the practice must be in line with this policy.
Email/Message
Appropriate standards of civility should be used when using email and other messaging services to communicate with other staff members or any other message recipients. When using the email or messaging system users must not send:
• Angry or antagonistic messages – these can be perceived as bullying or threatening and may give rise to formal complaints under grievance procedures or discrimination/sexual harassment procedures.
• Offensive, intimidating or humiliating emails – the DWMC’s IT resources must not be used to humiliate, intimidate or offend another person/s on the basis of their race, gender, or any other attribute prescribed under anti-discrimination legislation.
Guidelines for use of the DWMC’s email system
A user must comply with the following guidelines when using the DWMC’s email system:
• Any disclaimer which is automatically included in the DWMC’s emails must not be removed.
• If a user receives an email which they suspect contains a virus, they should not open the email or any attachment to the email and should immediately contact the IT service desk for assistance.
• If a user receives an email the content of which (including an image, text, materials or software) is in breach of this policy or any the DWMC’s other policies, the user should immediately delete the email and report the matter to the Computer security officer, IT. The user must not forward the email to any other person.
• Users must not publish the DWMC email address on a private business card.
• Users must not forward or copy emails that contain personal information about an individual without the prior permission of that individual. They must be sent by return email to address provided. Patient must be advised not secure and noted in their clinical notes.
• Endeavor to answer emails within 2 working days or have an auto respond message.268
• Users must adhere to the guidelines and prohibitions set out in this policy at all times.
• Messaging and email must not be used for private commercial purposes except where the work is for the purposes of a corporate entity in which the DWMC holds an interest.
Mobile phones and mobile devices
Mobile phones and/or mobile devices may be provided by the DWMC to staff members, Fellows or trainees for the purposes of carrying out DWMC business. Mobile phones, mobile devices, accessories and associated telephone numbers remain the property of the DWMC at all times.
Mobile phones and mobile devices are considered IT resources and, as such, their use is governed by this policy. If mobile devices are provided the users are responsible for understanding the costs associated with using the DWMC’s mobile phones and mobile devices and should ensure that this equipment is used in the most cost effective manner. All costs associated with the use of mobile phones and mobile devices will be included in the appropriate management budget reports. Periodic checks and trend analysis will be undertaken by the IT Department on all costs associated with the use of mobile phones and mobile devices. An investigation may be undertaken where it is identified that a user is exceeding reasonable personal use of the equipment provided.
Guidelines for use of the DWMC’s mobile phone and mobile devices
Users must comply with the following guidelines when using the DWMC’s mobile phones and mobile devices:
• Users must maintain the operational effectiveness of the mobile phone or mobile device (i.e. keeping the batteries charged when required to be contacted).
• Mobile phones and mobile devices that have the ability to be password protected and encrypted must have this security feature activated at all times. Users are not to remove or modify such security features as configured by the IT Department.
• International and premium number call facilities will not be available without prior agreement for both business and private use and must be approved by the budget holder for the phone. Requests to allow international use should be made through the ITcoordinator.
• Users are prohibited from using mobile phones or devices while operating a motor vehicle in the conduct of business for the DWMC.
• Users must report any loss, theft, damage or security breach of any mobile phone or mobile device immediately to the IT coordinator to ensure appropriate measures are taken to secure and disable the device. If such loss, theft or damage is due to the negligence of the user, the user may be responsible for the cost of replacing or repairing the mobile device.
MONITORING – EMAIL, FILES, INTERNET DOWNLOADS OR DATA STORAGE
DWMC does not generally monitor email, files, internet downloads or data stored on its IT resources. However, the DWMC reserves the right to access and monitor any computer or other electronic device connected to the DWMC’s network. This includes equipment owned by DWMC and personal computing equipment (for example, laptops) that are connected to the network.
Access to and monitoring of equipment is permitted for any reason, including but not limited to, suspected breaches of this policy by a user or unlawful activities. Access to and monitoring includes, but is not limited to, email, web sites, server logs and electronic files.
DWMC may keep a record of any monitoring or investigations.
DELORAINE & WESTBURY MEDICAL CENTRE
PRIVACY POLICY
Collection
It is necessary for us to collect personal information from patients and sometimes others associated with their health care in order to attend to their health needs and for associated administrative purposes.
Use & Disclosure
A patient’s personal health information is used or disclosed for purposes directly related to their health care and in ways that are consistent with a patients expectations. In the interests of the highest quality and continuity of health care this may include sharing information with other health care providers who comprise a patient’s medical team from time to time. In addition there are circumstances when information has to be disclosed with patient consent, such as:
- Emergency situations
- Disclosure by doctors, by law, of information sometimes required for public interest reasons, eg manducatory reporting of some communicable diseases.
- Disclosure of information about a patient to fulfil a medical indemnity insurance obligation
- Provision of information to Medicare or private health funds, if relevant, for billing and medical rebate purposes.
- Assessment of medical records by a visiting doctor for quality review and accreditation the practice.
In general a patient’s health information will not be used for any other purposes without their consent.
There are some necessary purposes of collection for which information will be used beyond providing health care, such as professional accreditation, quality assessments, clinical auditing, billing and so forth.
Data Quality
The storage, use and, where necessary, transfer of personal health information will be undertaken in a secure manner that protects patient privacy. It is necessary for medical practices to keep patient information after a patients’ last attendance for as long is required by law or is prudent having regard to administrative requirements.
Openness
Our practice makes this policy available to patients. On request this practice will let patients know, generally, what sort of personal information we hold, for what purposes, and how we collect, hold , use and disclose that information.
Access and correction
Patients may request access to their personal health information held by this practice. Where necessary, patient will be given the opportunity to amend any incorrect personal information that is held. There are some circumstances in which access is restricted, and in these cased reasons for denying access will be explained. A charge may be payable where the practice incurs costs in providing access. This practice acknowledges the right of children to privacy of their health information. Based on the professional judgment of the doctor and consistent with the law, it might at times be necessary to restrict access to personal health information by parents and guardians. Upon request, and with patient’s consent, a patient’s health information held b this practice will be made available to another health provider.
Indentifiers
These are numbers, letter or symbols that are used to identify patients with or without the use of a name (eg Medicare numbers). We will limit the use of identifiers assigned to patients by Commonwealth Government agencies to those uses necessary to fulfil our obligation to those agencies.
Anonymity
A patient has a right to be dealt with anonymously, provided this is lawful and practicable. However, in the medical context this is not likely to be practicable or possible for Medicare and insurance rebate purposed. It could also be dangerous to the patient’s health.
Transborder Data Flow
An individual’s privacy is protected Australia-wide by privacy laws. We will take steps to protect patient privacy if information is to be sent intestate or outside Australia
Sensitive Information
Health information is “sensitive information” for the purposes of privacy legislation. This means that generally patients consent will be sought to collect health information that is necessary to make an accurate medical diagnosis, prescribe appropriate treatment and to be proactive in patient health care.
Breach of Privacy
We protect your privacy and treat all patient information, including health and financial details, as private and confidential. Any breach of the privacy policy should be reported to the Practice Manger for investigation.
Reviewed 2014
Our privacy collection statement:
DELORAINE & WESTBURY MEDICAL CENTRE
Your PRIVACY is OUR business
Deloraine Medical Centre
22 Tower hill Street
Deloraine 7304
Ph: 03 6362 2266
The provision of quality health care is our principal concern. It requires a doctor-patient relationship of trust and confidentiality. Your doctor regards patient health information as confidential and will only collect this information with patient consent.
A patient’s personal information is handled in accordance with this practices’ privacy policy and consistent with the privacy legislation. Patients are entitled to know what personal information is held about them; how and under what circumstances they may have access to it; why it is held; its use; to whom and under what circumstances it may be disclosed; when consent is required for these purposed; and how it is stored.
Every effort will be made will made to discuss these matters with patients at the time personal information is collected from patients attending this practice. Because there will be occasions when it is not practicable to make patients aware of these matters at the time of collection, this brochure is designed to outline how this practice endeavours to protect the privacy of patients’ personal health information.
Collection
Information about a patient’s medical and family health history is needed to provide accurate medical diagnosis and appropriate treatment. We will be fair in the way we collect information about our patients. This information is generally collected from the patient, and otherwise with the patients consent. However, from time to time we may receive patient information from others. When this occurs we will, wherever possible, make sure the patient knows we have received this information.
Medical care requires full knowledge of patient health information by all members of a medical team. To ensure quality and continuity of patient care a patient’s health information has to be shared with other health care providers from time to time. For quality review and accreditation of the practice, medical records may need to be assessed by a visiting doctor. Some information about patients is also provided to Medicare, and private health funds if relevant, for billing and medical rebate purposes.
The doctors in this practice are members of various medical and professional bodies including medical defence organisations. There may be occasions when disclosure of patient information is required for medical defence purposes.
There are also circumstances where a medical practitioner is legally bound to disclose personal information. An example of this is the mandatory reporting of communicable diseases.
It is necessary for us to keep patients’ information after their last attendance at this practice for as long as is required by law or is prudent having regard to administrative requirements.
Access
A patient has a right to access their information. They may ask to view the information or ask for a copy of a part or of the whole record. While not required to give reason for their request, a patient may be asked to clarify the scope of the request.
There may be some circumstances in which access may be denied but in such an event, the patient will be advised of the reason.
A charge may be payable where the practice incurs costs in providing access. This will depend on the nature of the access.
The material over which the doctor has copyright might be subject to conditions that prevent further copying or publication without the doctor’s permission.
If a patient finds that the information held on them is not accurate or complete, the patient may have that information amended accordingly.
Upon request a patient’s health information held by this practice will be made available to another health provider.
Parents/guardians and children
The right of children to privacy of their health information, based on the professional judgment of the doctor and consistent with the law, might at times restrict access to this information by parents or guardians.
Complaints
It is important to us that your expectations about the way in which we handle your information are the same as ours.
Please do not hesitate to discuss any concerns, questions or complaints about any issues related to the privacy of your personal information with the doctor.
If you are still dissatisfied you can complain to the Federal Privacy Commissioner whose contact details are:
Level 8 Piccadilly Tower
133 Castlereagh Street
Sydney NSW 2000
GPO Box 5218
Sydney NSW 1042
Privacy Hotline: 1300 363 993
Website: www.privacy.gov.au
I
- Is obscene, offensive or inappropriate. This includes text, images, sound or any other material, sent either in an email or in an attachment to an email, or through a link to an internet site (URL). For example, material of a sexual nature, hateful, indecent or pornographic material.
- Causes insult, offence, intimidation or humiliation by reason of unlawful ha