For health professionals

Back |

Research and development

Education and training

Training for nurses

Training for doctors

Training in child and adolescent psychiatry

Training for physical and occupational therapists

Guide for students of occupational therapy

Responsibilities - student

Responsibilities - practice placement educator

Responsibilities - placement co-ordinator

Library facilities, computer access & RiO

Student reading and internet resources list

Security guidance for computer users

Occupational therapy placement profiles

Student support

Student accommodation

Sickness absence reporting proceedure

General personal safety advice

Guide for students of physical therapies

Training for psychotherapists

OCD: A web guide for health professionals

Security guidance for computer users

Introduction

All health authorities and trusts are required by the Government to have an Information Management and Technology (IM&T) Security Policy. This large document outlines the responsibilities and procedures concerning the Trust’s information system and the data it contains. Its purpose is to ensure that information systems are available when required, that users only have access to information on a “need to know” basis, that information is kept confidential and that data has integrity (i.e. it is as accurate and up-to-date as possible).

The following security guidance is intended as a brief introduction for all computer users and lays down instructions that must be followed. It is divided into several headings covering hardware, software, data and general aspects of computer security.

Hardware

All hardware, (PCs, printers etc) must be kept securely. This is the responsibility of local management. The staff of the Information Management Department will advise and assist if required.

All hardware equipment will be security marked by the IT Maintenance Department.

All PCs will be wired up in line with British Safety standards and extra power points installed where necessary.

Software

Only authorised software may be used on the Trust’s equipment. No personal software may be loaded on ANY PC. No software may be pirated (that is, copied) onto more PCs than the software license permits.

All software licenses will be held centrally under the auspices of the Information Management Department and will be registered under the Trust’s name.

A screensaver should be set up on every PC as this will protects the screen. Additionally, if you work with confidential data this screensaver should be set with a password.

Data and information

Your password is your property. It is not to be given to anyone else except under * below.

The level of access you have been given reflects the training you have received and the information you need to know. If you require further access please contact Matt Walker, Systems Administrator, to discuss your needs. Further training will almost certainly be required.

Patient data (obtained from InteHEALTH or elsewhere) is not be given to any unauthorised personnel or organisation. If necessary, please contact your line manager or the Trust’s Data Protection Officer (Keith Williams) for guidance.Information taken from trust systems (especially if it identifies a patient) should only be incorporated into other software package (i.e. cut and pasted into Word or Excel) when absolutely necessary.

Any documents containing data which identifies a patient or is in any other way confidential must be password protected.

* Boot-up and/or screensaver passwords must be given to your line manager who will be responsible for its safekeeping. Authorised maintenance or repair personnel will then be able to access your computer in your absence

* Your password should not be disclosed to anyone except the Help Desk or Systems Administrator (Matt Walker).

Log off of Trust Systems, close any confidential documents and log out of the network if you take a planned absence from your workstation.

The Data Protection Act requires that information about a person is accurate and kept as up-to-date as possible. This means that answers to any questions about marital status, ethnicity, religion etc. which a patient cannot or declines to answer should not be inferred by Trust personnel but should be recorded as unknown. Additionally, it is essential that where patient information changes (e.g. moves house, changes GP) all data should be updated.

General security points

There is much security legislation. In particular, you should be aware of, and comply with, the Data Protection Act and the Access to Medical Records Act. Full guidance on these and other legislative issues will be contained in the Trust’s IM&T Security Policy (in preparation) but in the meantime copies of the legislation and guidance may be obtained from the Trust’s Data Protection Officer (Keith Williams, Information Management Department).

Unauthorised personnel (e.g. Trust employees who are not computer users and anyone not employed by the Trust) may not use your PC under any circumstances. Software suppliers who perform maintenance, upgrade or repair should contact the IT Maintenance Department for authorisation to proceed.

Housekeeping

All essential documents on your PC should be backed up regularly and whenever changes are made. These backup disks should be securely stored.

Unwanted computer files should be deleted to prevent the PC’s hard disk from becoming full.

All floppy disks must be virus-checked before being loaded onto the PC drive. Each networked PC will be loaded with virus protection software at the time of its installation.

Confidential papers must be disposed of carefully. They should either be shredded or collected by one of the recycling companies who can provide certification that shredding of this material has taken place.

Disciplinary offence

English Law, NHS Policies and the Trust’s own policies are extremely strict about all these matters. You SHOULD NOT take them lightly. Disciplinary action will be taken in case of breaches of these policies.