Internet access has revolutionised general practice but abuses can occur and practices need a policy to protect both themselves and their staff, says Dr Melanie Wynne Jones
Most practices now have internet access in every office and consulting room. The advantages are obvious. But allowing everyone in the practice to have access to the internet is a risk that must be actively managed.
The best way to do this is to have a written policy which all employees (including doctors) sign up to literally and which forms part of their terms and conditions of work. This helps the practice to:
·define acceptable standards for e-mail/
internet usage, based on the law
·prevent employees wasting practice time on non-work related activities
·warn employees that they are not
entitled to privacy in their e-mail and
internet use (although they do have some protection in law)
·warn employees about the risks of
·protect the practice from the legal
consequences of internet misuse by
·protect the practice from accusations that employees had not been informed about the policy
·protect the system from viruses, slow
running or crashing as a result of
downloading large files.
All employees should receive training in the principles and operation of the policy which should cross-reference other practice policies, such as phone use, data storage,
data protection and equal opportunities.
Most doctors browse the internet for information or recreation during the working day, and many practices are happy to allow employees internet access during their breaks, as long as they observe practice policies. These should cover:
·when employees may or may not access the internet and whether personal use is
allowed in non-practice time
·whether employees are required to use their own log-in or password, keep
passwords secret, and log off when finished to protect themselves in the event of an
audit trail to investigate inappropriate use
·a warning that access may not be secure (for example when using online banking)
·a note of the types of site that may not be accessed (job advertisements, offensive or pornographic websites)
·the need to observe copyright, licensing and other laws
·a ban on changing system security
·a ban on loading unauthorised software on to the system or downloading
unauthorised software from the internet
·a ban on use of sites for criminal purposes
·a ban on divulging confidential
information about the practice or patients on chat-rooms, blogs and so on
·a ban on posting defamatory or offensive material
·guidance on when a breach of the policy will result in disciplinary action.
It is possible to buy software that blocks access to certain internet sites or prevents downloading of large or inappropriate files.
E-mails are easy to fire off (sometimes to the wrong person!) and their informality means people send them in haste and repent at leisure. E-mails sent as a joke can easily, if unintentionally, upset or offend.
Libel and other laws relating to publication of any form of written communication also cover e-mails, so offensive, defamatory or illegal e-mails could get both the employee and the practice into trouble. This applies to internal as well as external e-mails, and employees should be warned that e-mails should not be regarded as confidential
The practice policy should specify that employees:
· use professional language in all e-mails
· include a standard disclaimer and
warning to recipients outside the practice
· do not hold themselves out as
representing the practice unless authorised to do so and do not inadvertently enter
into a binding contract
· do not bring the practice into disrepute
· do not send or forward e-mails or
attachments that contain personal/
confidential information about patients or colleagues
· do not send e-mails or attachments that are abusive, pornographic, racist, sexist or break the law in any other way
· must report to their line manager any such e-mails they receive
· must agree to have their work-related
e-mails read by colleagues when they are
absent (for patient safety)
· must agree to allow inspection or
monitoring of their practice e-mails
· must read and action practice e-mails sent to them (however, the practice must protect employees from information overload by discouraging unnecessary e-mails)
· may not write or send personal e-mails during working hours
· may be subject to disciplinary action for specified breaches.
The warning could state:
· that the practice monitors e-mails for business purposes
· that e-mails should not be read by
unauthorised recipients, and should be
destroyed if received in error, and deleted from the receipient's computer
· that the e-mail's contents are confidential and must not be copied, forwarded or
reproduced without the practice's consent
· that the practice has not checked the
e-mail or attachments for viruses, and that it is the recipient's responsibility to check for viruses
· that the practice accepts no liability for any losses or damage incurred by any
person through use of the e-mail.
A GP's true experience
The following genuinely happened. My last patient of the evening wondered if she could have testosterone implants to improve her libido. I promised to find out about them. After she'd gone, I typed 'testosterone implants' into the search engine on my desktop.
To my horror the screen said: 'Warning! Your server has terminated connection, you are attempting to access illegal sites not appropriate for your user level. A report has been sent to your manager.'
Everyone at the PCT had gone home, and I spent the weekend worrying what damage I had done to my reputation or even whether the GMC would be notified. Luckily, nothing came of it, but it has made me much more aware of the need to be circumspect when using the internet.
Melanie Wynne Jones is a GP in Marple, Cheshire
· Human Rights Act 1998
· Regulation of Investigatory Powers Act 2000
· Data Protection Act 1998
· Copyright law
· Obscene Publications Act 1959
· Protection of Children Act 1988
· Criminal Justice Act 1988