This site is intended for health professionals only

At the heart of general practice since 1960

pul jul aug2020 cover 80x101px
Read the latest issue online

Independents' Day




Internet access has revolutionised general practice but abuses can occur and practices need a policy to protect both themselves and their staff, says Dr Melanie Wynne Jones

Most practices now have internet access in every office and consulting room. The advantages are obvious. But allowing everyone in the practice to have access to the internet is a risk that must be actively managed.

The best way to do this is to have a written policy which all employees (including doctors) sign up to ­ literally ­ and which forms part of their terms and conditions of work. This helps the practice to:

·define acceptable standards for e-mail/

internet usage, based on the law

·prevent employees wasting practice time on non-work related activities

·warn employees that they are not

entitled to privacy in their e-mail and

internet use (although they do have some protection in law)

·warn employees about the risks of

inappropriate use

·protect the practice from the legal

consequences of internet misuse by


·protect the practice from accusations that employees had not been informed about the policy

·protect the system from viruses, slow

running or crashing as a result of

downloading large files.

All employees should receive training in the principles and operation of the policy which should cross-reference other practice policies, such as phone use, data storage,

data protection and equal opportunities.

Internet usage

Most doctors browse the internet for information or recreation during the working day, and many practices are happy to allow employees internet access during their breaks, as long as they observe practice policies. These should cover:

·when employees may or may not access the internet and whether personal use is

allowed in non-practice time

·whether employees are required to use their own log-in or password, keep

passwords secret, and log off when finished to protect themselves in the event of an

audit trail to investigate inappropriate use

·a warning that access may not be secure (for example when using online banking)

·a note of the types of site that may not be accessed (job advertisements, offensive or pornographic websites)

·the need to observe copyright, licensing and other laws

·a ban on changing system security


·a ban on loading unauthorised software on to the system or downloading

unauthorised software from the internet

·a ban on use of sites for criminal purposes

·a ban on divulging confidential

information about the practice or patients on chat-rooms, blogs and so on

·a ban on posting defamatory or offensive material

·guidance on when a breach of the policy will result in disciplinary action.

It is possible to buy software that blocks access to certain internet sites or prevents downloading of large or inappropriate files.

E-mail usage

E-mails are easy to fire off (sometimes to the wrong person!) and their informality means people send them in haste and repent at leisure. E-mails sent as a joke can easily, if unintentionally, upset or offend.

Libel and other laws relating to publication of any form of written communication also cover e-mails, so offensive, defamatory or illegal e-mails could get both the employee and the practice into trouble. This applies to internal as well as external e-mails, and employees should be warned that e-mails should not be regarded as confidential

The practice policy should specify that employees:

· use professional language in all e-mails

· include a standard disclaimer and

warning to recipients outside the practice

· do not hold themselves out as

representing the practice unless authorised to do so and do not inadvertently enter

into a binding contract

· do not bring the practice into disrepute

· do not send or forward e-mails or

attachments that contain personal/

confidential information about patients or colleagues

· do not send e-mails or attachments that are abusive, pornographic, racist, sexist or break the law in any other way

· must report to their line manager any such e-mails they receive

· must agree to have their work-related

e-mails read by colleagues when they are

absent (for patient safety)

· must agree to allow inspection or

monitoring of their practice e-mails

· must read and action practice e-mails sent to them (however, the practice must protect employees from information overload by discouraging unnecessary e-mails)

· may not write or send personal e-mails during working hours

· may be subject to disciplinary action for specified breaches.

The warning could state:

· that the practice monitors e-mails for business purposes

· that e-mails should not be read by

unauthorised recipients, and should be

destroyed if received in error, and deleted from the receipient's computer

· that the e-mail's contents are confidential and must not be copied, forwarded or

reproduced without the practice's consent

· that the practice has not checked the

e-mail or attachments for viruses, and that it is the recipient's responsibility to check for viruses

· that the practice accepts no liability for any losses or damage incurred by any

person through use of the e-mail.

A GP's true experience

The following genuinely happened. My last patient of the evening wondered if she could have testosterone implants to improve her libido. I promised to find out about them. After she'd gone, I typed 'testosterone implants' into the search engine on my desktop.

To my horror the screen said: 'Warning! Your server has terminated connection, you are attempting to access illegal sites not appropriate for your user level. A report has been sent to your manager.'

Everyone at the PCT had gone home, and I spent the weekend worrying what damage I had done to my reputation ­ or even whether the GMC would be notified. Luckily, nothing came of it, but it has made me much more aware of the need to be circumspect when using the internet.

Melanie Wynne Jones is a GP in Marple, Cheshire

Relevant legislation

Relevant legislation

· Human Rights Act 1998

· Regulation of Investigatory Powers Act 2000

· Data Protection Act 1998

· Copyright law

· Obscene Publications Act 1959

· Protection of Children Act 1988

· Criminal Justice Act 1988

Rate this article 

Click to rate

  • 1 star out of 5
  • 2 stars out of 5
  • 3 stars out of 5
  • 4 stars out of 5
  • 5 stars out of 5

0 out of 5 stars

Have your say