Computer & Internet Usage
It is the policy of Mid-Ohio Psychological Services, Inc. to provide employees, interns and volunteers (identified as staff in the remainder of this document) access to technology, computer equipment, and Internet to help staff to complete their jobs faster and smarter. Technology and the Internet and its vast resources, for this agency, are a business tool. MOPS is committed to excellence and has a responsibility to serve the public interests by maintaining staff who are responsible members of the mental health profession and of the broader community, dedicated to high ethical standards and professionalism, and our use of the Internet must reflect this.
MOPS retains the right to review staff utilization of the Internet, Email services, or any other computer data generated or viewed utilizing equipment or services provided by MOPS. Inappropriate use of these resources may be grounds for termination at the discretion of the Agency Director or Board.
Technological resources are provided for staff to use in the course of their day-to-day functioning including the use of computers, mobile devices, and network devices/connections. The following procedures apply to the use of internet resources, including e-mail, social media, and other communication resources. Related information concerning hardware, networking, backups, etc. can be found in the Management Information Systems policy and procedure.
Other agency policies/procedures that apply to staff apply to the use of internet, social media, e-mail, etc. should also be reviewed, including but not limited to those policies governing staff conduct, inspection and monitoring of agency property, confidentiality, discrimination, harassment, retaliation, workplace violence, discipline and termination. Failure to comply with this policy and procedure may result in disciplinary action, up to and including termination of employment.
MOPS provides internet access to staff through a secured connection at each of the established sites. Secured connections protect confidential materials from being accessible to persons outside of the agency. All MOPS servers connected to the internet must be secured by appropriate firewalls and other protections as outlined in the MIS policy and procedure. All devices connected to the internet from the secured network will have firewall protections as noted in the MIS policy and procedure. Any access by a MOPS device or resource that is not through the secure connection must utilize additional security functions such as VPN technologies, data encryption technologies, etc.
Staff are encouraged to connect to the network through hardwired ethernet connections. When feasible, secure wireless access points will also be made available at each site; however, data intensive functions such as videoconferencing, accessing the electronic health record and performing system updates should be accomplished through hardwired connections to the network system.
MOPS may provide access to internet connections for guests and visitors; however, this access must be provided through a clearly segmented portion of the network from the secured network that accesses internal resources. Guest access to the internet will be made available through wireless connections only and are not secure for conducting MOPS business; therefore, staff should not presume that guest access connections are secure and should be treated as any open access point to the internet.
Access to the internet at MOPS is primarily for business-related purposes, unauthorized or unnecessary internet usage is prohibited. The MIS staff will be responsible for monitoring internet usage and will report any evidence of inappropriate utilization of the internet to the Executive Director immediately. Staff may use the internet connections for non-business purposes during breaks or outside of work hours provided that all other usage policies are adhered to.
MOPS retains the right to inspect any and all files transmitted through or stored in our network or on devices connecting to our network resources in order to ensure compliance with policy. The MIS staff will be responsible for monitoring these areas episodically.
Users ID’s and passwords help maintain individual accountability for internet resource usage. Any staff who obtains a password ID for a resource must keep that password confidential. MOPS prohibits the sharing of user ID’s or passwords obtained for access to internet sites unless the access to the site/resource is provided to the agency as opposed to a specific individual. If the username and password is based on agency access, the username and password will be stored in a secure location and accessible to only those staff who have an authorized need to access the site/resource.
Agency staff are further reminded that they may not, reveal or improperly use confidential material; or discriminate, harass, or retaliate against other persons involved in the conduct of agency business.
The display of any kind of sexually explicit image or document on any agency system is a violation of our policy on sexual harassment. In addition, sexually explicit material may not be archived, stored, distributed, edited, or recorded using our network or computing resources.
Use of internet services for the downloading or viewing of inappropriate materials is expressly prohibited. At minimum, inappropriate materials include the following:
- Anarchy content including information regarding malicious, construction of bombs, weapons, anti-government groups, terrorists, overthrowing of government, killing methods, etc.
- Criminal skills content that promote illegal activity such as pyrotechnics, computer hacking, credit card number generating, electronic intrusion, password cracking, surveillance or murder.
- Illicit drugs content that promote the use or purchase of illegal drugs. These may include offering marijuana seeds for sale, growing methods, techniques, and products for testing clean for drugs, information on illegal narcotics.
- Gambling content which encourage gambling such as betting sites, book odds, lottery, bingo, horse/dog track, on-line sports betting, on-line casinos, etc.
- Obscene/tasteless content that involve such things as mutilation, murder, bodily functions, horror, death, candid scenes, executions, violence, etc.
- Erotica content that include nudity of any form, vulgarity, including sites that contain nudity or sexually explicit verbiage for the purpose of sexual arousal.
If any of the inappropriate material identified above is accidentally accessed or if any of the above inappropriate material is accessed for legitimate therapeutic purposes as approved by a supervising clinician, report MIS Department who will report such activity to the Executive Director.
Agency staff must respect the copyright, software licensing rules, property rights, privacy, and prerogatives of others. No staff may use agency facilities knowingly to download or distribute pirated software or data or use the agency’s internet services to deliberately propagate any virus, worm, Trojan horse, or trap-door program code. The agency’s internet services and computing resources must not be used knowingly to violate the laws and regulations of the United States or any other nation, or the laws and regulations of any state, city, province, or local jurisdiction in any material way. Use of any agency resources for illegal activity is grounds for immediate termination and MOPS will cooperate with any legitimate law enforcement activity. The agency will comply with reasonable requests from law enforcement and regulatory agencies for logs, diaries, and archives on individuals internet activities.
Agency staff may download only software with direct business use and must arrange to have such software properly licensed and registered. Downloaded software must be used only under the terms of its license. Any software files downloaded into the agency network become the property of the agency. Any such files or software may be used only in ways that are consistent with their licenses or copyrights. Staff may not upload any software licensed to the agency or data owned or licensed by the agency without explicit authorization from the manager responsible for software data.
Agency staff should schedule internet intensive operations such as large-file transfers, video downloads, mass emailing, etc. for off-peak times and must coordinate such activities with the MIS Department. Video and audio streaming and downloading technology represent significant data traffic that can cause local network congestion and should be avoided during peak data usage times.
No staff may use the agency’s internet services knowingly to disable or overload any computer system or network or to circumvent any system intended to protect the privacy or security of another user.
Use of agency internet access services to commit infractions such as misuse of agency assets or resources, sexual harassment, unauthorized public speaking and misappropriation or theft of intellectual property are also prohibited by general agency policy and will be sanctioned under relevant provisions of the personnel procedures.
The agency maintains as part of its technology platform an electronic mail system, commonly known as email. The system is provided to assist in conducting business within the agency and to facilitate business communications. Email may be used only for legitimate business.
All e-mail messages composed, sent, and received through the MOPS email system or on MOPS devices are and always remain the property of the agency. Therefore, the agency reserves the right at any time to retrieve and read any message composed, sent or received; accordingly, privacy of messages cannot be guaranteed to anyone, and staff should have no expectation whatsoever with respect to privacy of the messages.
MOPS utilizes Microsoft Office 365 for email services. Procedures within Microsoft Office 365 are implemented to ensure that any e-mail leaving the agency by nonsupervisory staff must be approved by supervisory staff unless the staff clearly demarks the e-mail as clearly not containing protected health information by including “NPHI!” in the body of the e-mail. In all other cases, the supervisory staff must authorize the release of the e-mail before the system will send the e-mail. Any e-mail that contains protected health information must be sent using the Microsoft encryption mechanism which is implemented by adding “ENCRYPT!” to the body of the e-mail. Staff must assume that all messages may be read by someone other than the intended or designated recipient. If staff chooses to use Outlook on their personal device, they must turn off all notifications that appear prior to unlocking the device (ie. turn off “Show on Lock Screen” notification on iPhones).
Social Media and Networking
Social media and networking sites provide a public face for the organization and facilitate professional integration. However, staff are reminded that these same tools can pose a substantial risk to the health of the agency. Staff are reminded that social media sites are public forums where it is inappropriate to reveal confidential agency information, client information, or any other material covered by existing agency privacy policies and procedures. Staff releasing protected information, whether or not the release is inadvertent, will be subject to all penalties under the existing agency policy and procedures. The agency retains the copyright to any material posted to any social media or networking forum by any staff in the course of his/her duties.
Staff are strongly discouraged from making disparaging remarks or derogatory comments about competitors, consultants, or agents of the agency. Staff are reminded that their conduct both on and off the job must meet a high standard. This includes, but is not limited to, conduct related to materials posted on social media and networking sites, or other material that is disseminated or posted electronically. The agency does not seek to unduly interfere with the staff personal non-working activities, but certain limits and reminders are required to protect staff, and the agency. Staff may maintain personal websites or blogs on their own time using their own resources. Staff must ensure that social media activity does not interfere with their work. In general, the agency considers social media activities to be personal endeavors, and staff may use them to express their thoughts or promote their ideas as long as they do not have a propensity to negatively affect the agency.
Postings online are public information and there is no right to privacy in what is posted, anything posted in public manner can be used as grounds for discipline, whether the staff wrote it from agency equipment or outside of the agency.
Staff are not to “friend” any current or former clients of the agency on any social media site.
If an staff identifies himself or herself as an agency staff or discusses matters related to the agency on a social media site, the site must include a disclaimer on the front page stating that it does not express the views of the agency and that the staff is expressing only his or her personal views. For example: “The views expressed on this website/blog are mine alone and do not necessarily reflect the views of my employer.” Place the disclaimer in a prominent position and repeat it for each posting expressing an opinion related to the agency or the agency’s business. Staff must keep in mind that if they post information on a social media site that is in violation of agency policy and/or federal, state, or local law, the disclaimer will not shield them from disciplinary action.
Staff shall not allow, permit, or post any digital media or material to the internet that at any time that:
- Identifies or references a specific client or could reasonably be inferred by a client to apply to them.
- Discloses personal information about MOPS staff, including personal contact information or other information that exists outside of their role with the agency.
- Could be interpreted to express the opinions of the agency, except for business purposes approved in writing by the Executive Director as outlined above.
- Contains content that is unprofessional, unbecoming, illegal, or that does not affirmatively promote positive public image e.g. excessive alcohol consumption, lewd behavior, or other similar behaviors. Courts and other entities may view social sites to scrutinize the credibility of staff.
- Could be reasonably interpreted as having an adverse effect upon agency morale, discipline, and operations of a department, safety of staff and clients, or perception of the public about the agency.
- Contains any recordings, or images, obtained while engaged in the performance of duties or any other activity that will have adverse effect upon the agency.
- Contains photographs of agency staff, in a state of nudity, semi-nudity, or in suggestive clothing.
- Staff must have written consent from the Executive Director to participate in any social media on behalf of the agency. Staff are required to identify by name and URL any social media they participate in for business purposes.
Exemptions: Staff may inquire to the Executive Director for written permission to post materials for which they require clarification regarding the restrictions listed. Such postings will not occur until permission is granted. Staff may appear in agency identifying clothing on social media and networking sites, provided that the photograph meets the requirements set forth in this policy and display a professional appearance.
When participating in social media for business purposes, staff must identify themselves and the agency by name. Staff are personally responsible for the content they publish on any form of social media. Any participation in social media must be meaningful and respectful. Staff are prohibited from using slurs, personal insults, obscenity, or engaging in any other communications or behavior that would not be acceptable in the agency workplace. All posts should be on-topic, timely, appropriate, professional, and polite. Staff are reminded to carefully consider and review all content before posting and should quickly correct any mistakes.
This policy does not apply to postings that serve a legitimate agency purpose.
An ever-evolving reality is the use of internet technologies for communication. To assist MOPS in effectively communicating, Skype For Business is provided to every staff member. Skype For Business is a distinct product from Skype and should not be confused. Skype For Business provides a secure communication platform that allows for video conferencing, desktop sharing, webinars, voice calling, and instant messaging. Skype For Business may be used for communication with any MOPS staff but should only be used to communicate with non-MOPS staff after consultation with supervisory staff. Skype For Business may be used to communicate with other entities without permission provided that no Protected Health Information is disclosed; although caution is warranted as the tools available with this product can make accidental disclosure easy (ie. sharing a desktop that has PHI information displayed). The standard version of Skype should never be used to communicate with a client or to discuss client information.
Personal Communication Devices
Staff may use personal communication devices (cell phones, tablets, personal computers) to access MOPS resources in limited ways. Personal devices may not access the secured internal network (may not use the secured wireless connections) and may only access MOPS resources through Remote Desktop connections or through Office 365. No client information may be stored on personal devices including but not limited to: client contact information, pdf files with client data, audio or video of clients, or browser history data relevant to client social media.
Other Communication Systems
Technology is ever evolving, and communication tools continue to evolve as well. MOPS encourages the use of communication systems such as video conferencing, webinars, instant messaging tools, etc. Each of these communication systems both enhance communication while posing a risk to the agency. Any use of an electronic communication system must ensure at least 128 bit encryption and prevent storage of data when communicating protected health information. When using any communication tool beyond those outlined above, specific permission must be granted by the Executive Director or Director of Operations.
Revised 7/31/18 (previous revision: 11/7/2012) Note: This policy/procedure replaces the Internet Usage policy that was in place before this date.