Skip to main content

Communications and information security policy

Contents

  1. Introduction
  2. Purpose
  3. Scope
  4. Responsibilities, accountabilities and duties
  5. Procedure or implementation
  6. Training implications
  7. Monitoring arrangements
  8. Equality impact assessment screening
  9. Links to any other associated documents
  10. References

1 Introduction

Internal and external communications play a vital role in the day-to-day activity of Rotherham, Doncaster and South Humber NHS Foundation Trust (hereafter referred to as ‘the trust’). However, they also have the power to be disruptive and impact the wellbeing of Staff, patients and the reputation of the trust. The advent of social media and online capabilities can offer new channels for external engagement which are not always authorised or in accordance with the trust’s policy.

Engaging with the media plays an important role in enhancing the reputation of the trust, with positive press coverage helping to attract and retain staff, whilst also maintaining the confidence of patients and the public.

2 Purpose

The aim of this policy is to ensure staff are aware of best practice when using all forms of communication facilities. The policy will also:

  • ensure electronic communications do not interfere with the performance of staff duties
  • minimise the likelihood of communications being disruptive, which can impact upon the wellbeing of staff and patients, and the reputation of the trust
  • minimise potential damage to morale and confidence in the trust through a planned, sustained and consistent approach to media enquiries
  • help to protect the trust against liability for the actions of its staff
  • educate staff about communication best practice both internally and externally

3 Scope

This policy applies to all forms of internal and external communications. This includes electronic forms of communication, including landline and mobile phones, text messaging, instant messaging and other Internet usage facilities. It also includes all written and verbal information relating to the trust.

4 Responsibilities, accountabilities and duties

4.1 Terminology

Terminology
Term Definition
Shall This term is used to state a mandatory requirement of this policy
Should This term is used to state a recommended requirement of this policy
May This term is used to state an operational requirement of this policy

5 Procedure or implementation

Communication facilities for both internal and external use, including internet facilities, are the property of the trust and are provided for use in the delivery of the mandate of the trust.

The use of the trust’s information communication and technology (ICT) facilities must be sensible, lawful, consistent with the individual’s duties, respectful of others and in keeping with the standards described in the IT security policy.

All clinical, patient, corporate and other information shall be managed in accordance with the NHS confidentiality code of practice and information handling and classification policy.

The trust owns all content sent using the trust’s facilities and all information stored on its servers or cloud facilities.

No social media presence shall be established under the name of the trust without express permission from the Communications team. Further guidance is contained in the social media policy.

For all electronic communications, staff shall not engage in behaviours which are deemed as unacceptable by the board. This includes, but is not limited to:

  • distributing, disseminating or storing images, text or materials that have the potential to be considered discriminatory, offensive, abusive or harassing an individual
  • sending or viewing pornographic jokes, stories or material
  • distributing, disseminating or storing images, text or materials that have the potential to be considered indecent, pornographic, obscene or illegal
  • accessing copyrighted information in a way that violates the copyright
  • introducing any form of malware
  • sending unsolicited advertisement material
  • sending messages that might congest a mail server, for example, spam

Any behaviour deemed to be in breach of this policy and or the information technology (IT) security policy may result in disciplinary action. Unlawful or illegal conduct may result in separate criminal or civil proceedings

5.1 Freedom of Information Act (2000) and Environmental Information Regulations (2004)

The Freedom of Information (FOI) Act 2000 and the Environmental Information Regulations 2004 (EIR) provide for a general right of access to information held by public authorities. All information held by the trust or on behalf of the trust and in whatever format is captured by the legislation and both schemes are fully retrospective.

The trust’s board will endeavour to be informed and assured that the trust is compliant with the FOI. This is outlined further in the trust’s freedom of information (FOI) and environmental information regulations (EIR) policy. The chief executive officer (CEO) is ultimately responsible for ensuring that the trust is compliant with the relevant legislation and for informing the board of major developments.

The duties and responsibilities of the data protection officer (DPO) or head of IG includes:

  • overall management of the FOI and EIR policy and procedure including managing and supporting the information governance department to deliver on their FOI responsibilities outlined below
  • taking a lead role in making decisions about the application of exemptions under the FOI act
  • leading on internal reviews in conjunction with other senior members of staff

The DPO or head of IG is responsible for:

  • administering all requests for information and re-use made to the trust in line with the processes described in the trust’s FOI and EIR policy
  • providing training to trust staff on FOI and EIRs, and for being the main point of contact for both trust staff and the public who require advice on FOI and or EIRs
  • ensuring the trust’s publication scheme is regularly reviewed and updated as required, and for advising individual divisions or teams on the content of the scheme
  • maintaining appropriate performance statistics on FOI activity and submitting reports as requested by information governance group

All the trust’s staff are required to comply with the act and to assist the trust’s IG department if asked for information in accordance with the associated FOI procedure. Staff who do not respond in a timely manner will have the request escalated to their relevant manager or director. Failure to assist may result in the trust failing to comply with the act, which may lead to complaints and ultimately an investigation by the information commissioner office (ICO). Failure to adhere to this policy and its associated procedures may therefore result in disciplinary action.

The associated FOI and EIR policy sets out the processes for responding to requests under the act. All trust staff should familiarise themselves with the information in the procedure.

5.2 Media enquiries

All enquiries from the press and media shall be directed to the Communications team.

All output from the Communications team to the media shall be sanctioned by an appropriately responsible member of the trust.

Staff shall not contact the media to pass on information, respond to an enquiry or express any opinion related to the trust without prior express permission from the trust through the Communications team.

Staff shall not take photographs of patients or other individuals without the individual’s express permission. Such photographs shall not be shared with the press without the express permission of the individual concerned (or, where applicable, their guardian) and the permission of the Communications team and the SIRO. The data protection officer (DPO) shall also be consulted.

If any employee is approached by the media for a comment, the invitation to comment shall be declined and redirected to the Communications team.

In the event that the Communications team cannot be reached to deal with an urgent media enquiry, Staff shall contact the most senior manager they can locate. The senior manager shall then contact the director on call.

5.3 Other enquiries

The trust’s responsibilities in relation to communications are conditioned by the Data Protection Act (DPA) (2018) and the FOI.

  • enquiries under the DPA shall be directed to the DPO and managed in accordance with the data protection regulations policy
  • enquiries under the FOI shall be handled in accordance with the Freedom of Information and Environmental Information regulations policy and, if applicable, the subject access request policy

6 Training implications

6.1 All staff DSA

  • How often should this be undertaken: Upon commencement of employment and annually thereafter.
  • Length of training: 1 and a half hours.
  • Delivery method: E-learning or face to face.
  • Training delivered by whom: IG or NHS digital e-learning package.
  • Where are the records of attendance held: ESR.

7 Monitoring arrangements

7.1 Policy

  • How: Review of best practice against the policy will be undertaken annually through auditing.
  • Who by: Head of information governance.
  • Reported to: Information governance group and health informatics group.
  • Frequency: Annually.

8 Equality impact assessment screening

To access the equality impact assessment for this policy, please see the overarching equality impact assessment.

8.1 Privacy, dignity and respect

The NHS Constitution states that all patients should feel that their privacy and dignity are respected while they are in hospital. High Quality Care for All (2008), Lord Darzi’s review of the NHS, identifies the need to organise care around the individual, ‘not just clinically but in terms of dignity and respect’.

As a consequence the trust is required to articulate its intent to deliver care with privacy and dignity that treats all service users with respect. Therefore, all procedural documents will be considered, if relevant, to reflect the requirement to treat everyone with privacy, dignity and respect, (when appropriate this should also include how same sex accommodation is provided).

8.1.1 How this will be met

No issues have been identified in relation to this policy.

8.2 Mental Capacity Act 2005

Central to any aspect of care delivered to adults and young people aged 16 years or over will be the consideration of the individuals capacity to participate in the decision making process. Consequently, no intervention should be carried out without either the individual’s informed consent, or the powers included in a legal framework, or by order of the court.

Therefore, the trust is required to make sure that all staff working with individuals who use our service are familiar with the provisions within the Mental Capacity Act (2005). For this reason all procedural documents will be considered, if relevant to reflect the provisions of the Mental Capacity Act (2005) to ensure that the rights of individual are protected and they are supported to make their own decisions where possible and that any decisions made on their behalf when they lack capacity are made in their best interests and least restrictive of their rights and freedoms.

8.2.1 How this will be met

All individuals involved in the implementation of this policy should do so in accordance with the principles of the Mental Capacity Act (2005).

10 References

  • NHS Confidentiality Code of Practice.
  • Freedom of Information (FOI) Act 2000.
  • Environmental Information Regulations 2004 (EIR).
  • Data Protection Act (2018).
  • UK General Data Protection Regulations (2018).

Document control

  • Version: 1.1
  • Unique reference number: 602.
  • Date approved: 15 January 2024.
  • Approved by: Corporate policy approval group.
  • Name of originator or author: DPO or head of Information governance.
  • Name of responsible individual: Director of health informatics or SIRO.
  • Date issued: 16 January 2024.
  • Review date: August 2024.
  • Target audience: All staff.

Page last reviewed: May 14, 2024
Next review due: May 14, 2025

Problem with this page?

Please tell us about any problems you have found with this web page.

Report a problem