Introduction and purpose of this policy

Sydney Medical Service Co-operative Limited (the Co-operative) may provide its employees and contractors (Users) with computers or devices and access to email and the internet, video conferencing (ICT Resources) reasonably required for the effective performance of work and to improve business related communications and access to business related information.

Users with access to ICT Resources must act responsibly and use those resources in a professional, ethical and lawful manner. Users must ensure that others also act accordingly.

This policy is to provide guidance to ensure that Users:

• understand and follow procedures to ensure the safe and appropriate use of ICT Resources
• take responsibility to protect and maintain privacy in accordance with the Co-operative’s Privacy Policy
• are aware that only authorised persons are permitted to access the Co-operative’s ICT Resources
• understand what constitutes inappropriate or unlawful use of the Co-operative’s ICT Resources to avoid such activities

This policy applies to the use of Co-operative’s ICT Resources inside the premises of the Co-operative as well as from remote locations.

Legal, ethical and responsible use of the Co-operative’s ICT Resources
Legal and Ethical use of the Co-operative’s ICT Resources

Users must ensure that use of the Co-operative’s ICT Resources is always legal and ethical.

Inappropriate use of the Co-operative’s ICT Resources would include (but is not limited to):

• creating or exchanging messages which commit or permit a breach of confidence or the privacy of any other person (such as the disclosure of patient records or confidential information belonging to the Co-operative)
• creating or sending an email under another person’s name or using another person’s email account to send an email (unless express consent has been given)
• creating, forwarding or sending chain or spam emails, or other unsolicited or bulk email
• creating, forwarding or sending emails which are obscene, abusive, harassing, fraudulent, threatening, tormenting, annoying or repetitive, discriminatory, vilifying or incite hatred toward any person based on sex, race or disability
• viewing or downloading internet content that is offensive, obscene, pornographic, or otherwise objectionable
• downloading or installing software or running unknown or unapproved programs without the Co-operative’s express prior approval or which has not been licensed by the Co-operative
• burdening the email system or internet system with noticeable congestion or additional costs
• accessing gambling internet sites
• playing electronic or online games in work time
• using the Co-operative’s ICT Resources to create any legal or contractual obligations
• transmitting the Co-operative’s information to personal email accounts

Respect for intellectual property and copyright

The internet allows access to information, software, files (including images, videos and recordings) but those may not be freely available to copy or download. Users must not use the Co-operative’s ICT Resources to access, copy, store, transmit or download materials without the consent of the owner of copyright in those materials or as permitted by law.

Users must always respect the copyright and intellectual property rights of others by using appropriately licensed or authorised programs, complying with the terms of any licence, and ensuring copyright material is used only with consent or as permitted by law.

The Co-operative has intellectual property rights (including copyright) in materials which are stored on and accessed via the ICT Resources which are valuable business assets. In limited circumstances, the Co-operative may permit third parties to use its intellectual property rights but express consent must be provided by the Co-operative. Users should not share any materials which would be a breach of the Co-operative’s intellectual property rights. If a User has any concerns regarding this issue, they should contact the Chief Executive Officer.

Responsible and professional use of the Co-operative’s ICT Resources

Users must be aware there is an inherent risk in transmitted information across the internet because information submitted unencrypted via email may be read, intercepted or modified by third parties. Users must always consider this inherent risk in use of the Co-operative’s ICT Resources and act with caution and responsibly.

The Co-operative’s ICT Resources must be shared by all Users. Users must ensure that they are efficient and professional in their use of ICT Resources.

Responsible and professional use of the Co-operative’s ICT Resources include:

• email communications which are expressed in a careful and courteous manner (as might be expected of a paper communication). In this respect, Users should always check the content of emails and verify email addresses before sending an email
• email communications must include the Co-operative’s standard disclaimer
• limited personal use in accordance with this policy
• exercising caution before opening files or launching programs that have been received as an attachment to an email
• Users should lock their device screens when they are not in use

Examples of inappropriate use would include (but are not limited to):

• making public representations about the Co-operative unless it has been approved
• downloading large files without permission (‘hogging bandwidth’)’
• excessive personal use of ICT Resources
• using the Co-operative’s ICT Resources to store personal music, movies, photos or other non-business related data
• using a Co-operative email to subscribe to mailing lists except in relation to work or professional development purposes
• using an alternative or personal email to send or receive official communications for the Co-operative
• automatic forwarding of emails to an external email account

Consent to communicate with a patient or transfer personal information by email

Patients may request that the Co-operative transfer personal information (including patient health records) by email to the patient or other third party. There is an inherent risk in the transfer of personal information across the internet as information submitted unencrypted via email may be read, intercepted or modified by third parties (despite any reasonable steps taken by the Co-operative to reduce such risk).

Written consent of the patient must be obtained before transmitting personal information (including patient health records) by email. The Co-operative has a specific form for this purpose which alerts the patients to this inherent risk.

Before transferring any personal information (including patient health records) by email, a User must verify the patient has completed the requisite form and that the Co-operative is legally permitted to share that information. A User should confirm these matters with the Chief Executive Officer before sharing any information by email.

Prohibited use for personal gain

Under no circumstances may the Co-operative’s ICT Resources be used for, or in relation to, corrupt conduct, unauthorised personal financial or commercial gain (including the use of the Co-operative’s ICT Resources for work other than the Co-operative), or the unathorised financial or commercial gain of a third party.

Limited personal use

While the Co-operative provides ICT Resources for the primary purpose of work, limited, infrequent and brief personal use of the email and internet is allowed so long as:

• it does not negatively impact upon a User’s work performance or the conduct of the Co-operative’s operations
• it does not hinder the work of others
• it does not interfere with the normal operation of the Co-operative’s network or its electronic storage capacity (for example large email attachments can decrease system performance)
• it does not compromise the security of the Co-operative
• it does not violate and legislation
• it does not contravene the general obligations of use under this policy
• it does not damage the reputation or operations of the Co-operative
• it does not impose additional costs on the Co-operative

Reasonable limited use may include conducting a brief online bank transaction, paying a bill, sending a brief personal email.

User accountability and responsibility

Users are personally accountable for their use of the Co-operative’s ICT Resources and are responsible for the equipment which is assigned to them. Users must be mindful of the security requirements for the Co-operative’s ICT Resources.

Where a User is required to use a password, user identification or authorisation in connection with the use of the Co-operative’s ICT Resources, the User is responsible for the safekeeping of the password and details and must not share that information with any other person to allow access to the Co-operative’s ICT Resources.

Users should not base passwords on personal details which could be easily guessed (for example, birthdays, names). Passwords assigned to the Co-operative’s ICT resources should be different to those used for personal resources and should be changed/updated on a reasonably regular basis. Users should not record passwords in locations which can be accessed by other people.

Users must not attempt to use or use the Co-operative’s ICT Resources via access of any other person or attempt to access systems or materials to which they are not authorised.

If a User has any concern regarding unauthorised access to the Co-operative’s ICT Resources using a password, the User must immediately change the password (or request it be changed if required) and notify senior management.

Users are responsible for the safe keeping of any portable devices provided by the Co-operative to access the ICT Resources. If a device is lost or stolen, the User should immediately notify senior management.

If a User has any suspicion regarding the use of the Co-operative’s ICT Resources in breach of this policy in any way or concerns regarding a risk to or vulnerability of the Co-operative’s ICT Resources, the User should immediately notify senior management.

Security of ICT Resources

The Co-operative takes reasonable steps to protect the ICT Resources from misuse, interference, loss, unauthorised access, modification or disclosure. The Co-operative uses technology and processes such as access control procedures (including passwords), network firewalls, anti-virus protection, encryption, back up servers and logs and physical security to protect those resources.

Users must not remove or modify any security controls or settings which have been installed to protect the Co-operative’s ICT Resources (for example, the removal or disabling of anti-virus software). Users must not connect unauthorised devices or equipment to the Co-operative’s internal networks.

Users must follow reasonable directions for the purpose of preserving the security of the ICT Resources (including when using removeable media).

Workplace Surveillance Act 2005 (NSW)

The Co-operative must observe the Workplace Surveillance Act 2005 (NSW) (the Act) in relation to its employees and contractors in NSW. This is the Co-operative’s policy for the purposes of the Act.

This policy is notice to the Co-operative’s employees and contractors for the purposes of the Act that the Co-operative will undertake computer surveillance of use on ongoing, continuous basis commencing 14 days after the introduction of this policy.

The Co-operative reserves the right to monitor internet access, and to generate reports in relation to that access. Generally, only the Co-operative’s senior management will examine internet access.

All emails on the Co-operative’s system, and any information contained within them, remain the property of the Co-operative. The Co-operative reserves the right to monitor or examine the emails which Users send and receive using the Co-operative’s ICT Resources. Generally, only the Co-operative’s senior management will examine emails.

Access and monitoring is permitted for any reason but specific circumstances in which the Co-operative may be likely access an emails or review internet access include (but are not limited to):

• accessing emails for a legitimate business purpose if a User is unexpectedly absent from work (including work continuity) or work health and safety reasons (including a reasonable concern regarding a person’s health and safety)
• when the Co-operative reasonably suspects that a User is not complying with this policy, other policies of the Co-operative or law
• for use in legal proceedings or as required by law (including response to a subpoena)
• for IT security purposes (for example, to protect networks or data stored on the network)

The Co-operative may block emails or access to the internet which is inappropriate. SMS may give notice to any User who is the recipient of a blocked email that an email addressed to him or her has been blocked, unless the email is offensive, spam or may contain a virus.

The Co-operative’s senior management are not permitted to use or disclose personal information which they learn through examining a User’s use of the email or internet. This does not prevent the Co-operative from using this information for legitimate business purposes, disciplinary purposes, or to avoid harm to any person.

Cost recovery

If a User breaches this policy, the Co-operative may seek reimbursement of any expense incurred by it because of that breach of the policy.

The Co-operative may set off the amount recoverable under this policy from any amount otherwise payable by the Co-operative to a User.

Breaching the terms of this policy

The Co-operative’s employees and contractors must comply with the terms of this policy in connection with the use of the Co-operative’s ICT Resources.

The Co-operative will discipline any employee who misuses the ICT Resources. The nature of disciplinary action will depend upon the seriousness of the circumstances. In less serious cases, disciplinary action may result in the Co-operative limiting or revoking access to the ICT Resources. In more serious cases, disciplinary action may result in an employee’s summary dismissal.

In relation to contractors, the Co-operative may limit or revoke access or terminate a contractor’s contract.

If the Co-operative becomes aware of any criminal conduct arising or alleged breach of any law, the Co-operative may notify the police or other relevant authority. In these circumstances, a User may be liable to criminal or civil action (including a claim for damages).

The Co-operative may, without notice to or approval from the User, investigate, replicate and/or remove any illegal or unacceptable materials in breach of this policy from the ICT Resources.

Implementation

The Co-operative will induct Users to this policy. Users who wish to clarify any aspect of this policy may do so by contacting the Chief Executive Officer. Users will be asked to sign an acknowledgment that they have understood and agreed to the terms of this policy.

Policy review statement

This policy is current as at 16th December 2020.

The Co-operative reserves the right to amend this policy. The policy will be reviewed every 2 years to ensure that it is in accordance with any changes that may occur. The Co-operative will notify Users of any change to this policy.

This policy and any updated version of the policy will be made available to the Users.