CH204-Internet Access for People Policy
{{org_field_logo}}
{{org_field_name}}
Registration Number: {{org_field_registration_no}}
Internet Access for People Policy
1. Purpose
The purpose of this policy is to set out how {{org_field_name}} supports people to access and use the internet safely, lawfully and in a person-centred way. We recognise that digital access can promote independence, inclusion, communication, relationships, access to services, education, recreation and wellbeing. We also recognise that online activity can expose people to risks including scams, financial abuse, coercion, bullying, harassment, exploitation, misinformation, breaches of privacy and other forms of harm.
This policy explains how the service will balance people’s rights, preferences and independence with our duties to protect them from avoidable harm. It supports compliance with the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014, including Regulation 9 (Person-centred care), Regulation 10 (Dignity and respect), Regulation 11 (Need for consent), Regulation 12 (Safe care and treatment), Regulation 13 (Safeguarding service users from abuse and improper treatment), Regulation 16 (Receiving and acting on complaints), Regulation 17 (Good governance) and Regulation 18 (Staffing). It also reflects the Mental Capacity Act 2005, data protection requirements and current CQC guidance and quality statements relating to person-centred care, consent, safeguarding, independence, choice, control, information governance and good oversight.
2. Scope
This policy applies to all staff, agency staff, bank staff, volunteers and managers working at {{org_field_name}} who may support people living in the service to access or use the internet, digital devices or online services. It covers the use of service-user-owned devices and, where applicable, devices made available by the service, including tablets, smartphones, computers, smart televisions and other internet-enabled or assistive technology. It applies to support provided in communal areas, private rooms and any other area of the service where internet access or online activity forms part of a person’s care, support, wellbeing, communication or daily living.
3. Related Policies
- CH07-Person-Centred Care Policy
- CH09-Consent to Care Policy
- CH13-Safeguarding Adults from Abuse and Improper Treatment Policy
- CH18-Risk Management and Assessment Policy
- CH34-Confidentiality and Data Protection (GDPR)-Service User Policy
- CH42-Communication and Engagement with Service Users and Families Policy
4. Policy Statement
{{org_field_name}} recognises internet access as an important part of modern life and, for many people, an essential means of communication, participation, self-expression, accessing services and maintaining independence. We will support people to use the internet in accordance with their wishes, needs, abilities, communication preferences and assessed risks.
Our approach is person-centred and rights-based. We will promote choice, independence and inclusion, and we will not impose unnecessary restrictions on internet use. Where support or limits are needed to reduce risk, these will be lawful, proportionate, clearly documented, regularly reviewed, and discussed with the person and, where appropriate, those lawfully acting on their behalf. Information will be provided in a way the person can understand so that they can make informed decisions about online activity, digital communication and the use of internet-enabled devices.
5. Key Principles and Implementation
Person-Centred Access
We will discuss with each person whether and how they wish to use the internet and what support, if any, they would like. Internet access and digital support will be considered as part of assessment, care planning and review. Care plans and risk assessments will reflect the person’s individual needs, strengths, goals and preferences, including communication needs, sensory impairment, cognitive needs, cultural factors, protected characteristics, preferred routines, privacy wishes, and any support needed to maintain relationships, social contact, community links and access to online services.
Support may include help with video calls, messaging, browsing, entertainment, online learning, shopping, banking awareness, access to NHS or public services, assistive technology and other lawful online activities chosen by the person. Staff must work in partnership with the person and, where appropriate, family members, advocates or others lawfully involved in their care, while ensuring that the person remains central to decision-making.
Consent and Capacity
Support with internet use, online accounts, digital communication or internet-enabled devices will only be provided with the person’s valid consent, unless there is another lawful basis for action. Consent must be informed and voluntary. Staff must explain the proposed support, any material risks, benefits, limitations and alternatives in a way the person can understand, using communication aids or other support where required.
Capacity must be assessed in accordance with the Mental Capacity Act 2005 where there is reason to doubt whether the person can make a particular decision. Capacity is decision-specific and may fluctuate. Where a person lacks capacity to make a specific decision about online activity or digital access, staff must follow the Mental Capacity Act 2005 and any applicable code of practice, consult those lawfully involved in the person’s care, and act in the person’s best interests using the least restrictive option.
The care plan must clearly record what the person has consented to, any support they want, any decisions made in their best interests, any relevant legal authority such as a Lasting Power of Attorney or deputyship, and when consent or capacity arrangements must be reviewed.
Online Safety, Risk Management and Safeguarding
The service recognises online harm as a potential safeguarding and safe-care issue. This includes scams, fraud, financial abuse, phishing, identity theft, coercion, blackmail, cyberbullying, harassment, hate incidents, grooming, sexual exploitation, radicalisation, exposure to harmful or misleading content, and any online activity that places a person’s health, safety, wellbeing, dignity or property at risk.
Staff must remain alert to indicators of online abuse or exploitation and must take immediate action where concerns arise. This includes taking reasonable steps to reduce immediate risk, preserving relevant information where appropriate, reporting concerns internally without delay, and making safeguarding referrals or contacting emergency services where required. Concerns must be managed in line with the person’s risk assessment, safeguarding procedures, local authority safeguarding arrangements and information-sharing duties.
Support must be proportionate and person-centred. The aim is not to prevent lawful internet use unnecessarily, but to help the person stay as safe as possible while maintaining choice and independence. Any restrictions, monitoring arrangements or increased supervision must be based on assessed risk, be the least restrictive option, and be clearly documented and reviewed.
Staff Support, Boundaries and Professional Conduct
Staff may provide practical support within the limits of their role, such as helping a person access a device, open a website, use video calling, read information on screen, or navigate online services in line with their care plan. Staff must maintain clear professional boundaries at all times. They must not use personal devices, personal email accounts, personal social media accounts or private messaging services when supporting people.
Staff must not act as a substitute decision-maker, digital proxy, financial adviser or personal representative unless this is clearly authorised, lawful, necessary, recorded in the care plan and consistent with the staff member’s role. Staff must not set up personal accounts in their own details for a person, must not retain passwords unless there is a documented and authorised arrangement, and must not access a person’s online accounts except to the extent agreed, recorded and necessary for the support being provided.
Any support with sensitive activity, including account setup, password reset, online purchases, subscriptions, identity verification, access to official records or online forms, must be clearly authorised, transparent, witnessed where appropriate, and recorded in the care record.
Equipment, Accessibility and Technical Support
Where internet-enabled devices are used as part of care or support, the service will take reasonable steps to ensure that equipment used by or with people is suitable, safe and accessible for its intended purpose. This includes considering accessibility functions such as font size, contrast, speech output, hearing support, simplified interfaces and other assistive features relevant to the person’s needs.
Staff must not make technical changes beyond their competence. Where the service is involved in setup or basic assistance, staff should encourage the use of secure settings, device locking, software updates, reputable applications and safe internet connections. Shared or service-owned devices must not retain unnecessary personal information and must be managed in line with the service’s information governance and cyber security procedures. More specialist setup, repairs or technical troubleshooting should be referred appropriately.
Access to Health and Public Services Online
Staff may support people to access online NHS, pharmacy, local authority or government services where this forms part of their agreed care and support. Wherever possible, the person should remain directly involved and in control of the activity. Staff should guide and support rather than take over, unless there is a clearly recorded reason and lawful authority to act otherwise.
Before staff assist with online forms, appointments, repeat prescriptions, portals, benefits-related information or similar services, the person’s consent and the scope of support must be clear. Staff must not misrepresent themselves, create accounts inappropriately, or submit information on a person’s behalf without clear authorisation. Support provided and any significant online action taken must be recorded contemporaneously in the care record.
Monitoring, Review and Governance
The service will monitor the implementation of this policy through care plan reviews, risk assessment review, incident reporting, safeguarding oversight, supervision, spot checks, complaints, feedback from people using the service and audits of record keeping. The purpose of monitoring is to identify risks, confirm that support remains person-centred and lawful, and improve practice where required.
Any incident, near miss, complaint, safeguarding concern or repeated issue relating to online activity, privacy, account access, financial risk, cyber security or inappropriate staff practice must be reviewed to identify learning and any service improvement needed. Where review identifies new or increased risk, the person’s care plan, consent arrangements, communication support and risk assessment must be updated promptly.
Privacy, Confidentiality and Information Security
Staff must respect each person’s privacy when providing support with internet use and must only view, handle, record or share personal information where this is necessary, lawful and proportionate. Personal information obtained during digital support must be handled in accordance with the UK General Data Protection Regulation, the Data Protection Act 2018, common law confidentiality duties and the service’s information governance procedures.
Access to online content, messages, personal accounts, photographs, health information or financial information must be limited to what is necessary for the agreed support. Records must be accurate, factual, relevant and stored securely. The service will maintain appropriate information security arrangements and, where applicable, complete and maintain the Data Security and Protection Toolkit or equivalent assurance standards.
Digital Inclusion, Equality and Empowerment
The service will actively promote digital inclusion and will make reasonable adjustments to reduce barriers to internet access for older people, disabled people, people with sensory loss, people with communication needs, and others who may be digitally excluded. This includes considering accessible information, communication aids, adapted devices, support with confidence-building and signposting to local community or voluntary sector resources.
Our aim is to enable people to benefit from online communication, services, learning, leisure and self-management in ways that match their interests, goals and rights, rather than excluding people from digital opportunities because support is needed.
Complaints, Concerns and Feedback
People using the service, and those lawfully acting on their behalf, must be able to raise concerns or complaints about support with internet use, online safety, privacy, restrictions, staff conduct or any related matter. Information about how to complain must be accessible and provided in a way the person can understand. Concerns and complaints will be taken seriously, investigated promptly, responded to fairly, and used to improve the service.
Internet-Enabled Monitoring, Cameras and Smart Devices
Where internet-enabled devices include monitoring, listening, recording or surveillance functions, the service will ensure that their use is lawful, necessary, proportionate and consistent with the person’s privacy, dignity and human rights. The reasons for use, the risks and benefits, the person’s views, any consent required, and any less intrusive alternatives must be considered and documented before such technology is used as part of care or support.
Staff must not introduce or use surveillance or recording equipment informally. Any proposal to use such technology must be referred to management and considered in line with the service’s surveillance, consent, data protection and safeguarding procedures. The service will seek legal or specialist advice where appropriate.
Record Keeping
The following must be clearly recorded where relevant: the person’s wishes about internet use; assessed benefits and risks; consent given or withheld; any capacity assessment or best-interest decision; the level and limits of staff support; any authority for staff to assist with accounts or online services; any restrictions or monitoring arrangements; incidents, complaints or safeguarding concerns; and outcomes of review. Records must be clear, accurate, contemporaneous and auditable.
6. Staff Training and Responsibilities
All relevant staff will receive training, instruction or guidance appropriate to their role in: person-centred digital support; consent and the Mental Capacity Act 2005; online safeguarding; recognising scams and financial abuse; confidentiality and data protection; cyber security awareness; professional boundaries; record keeping; and escalation of concerns.
Managers must ensure that staff only provide support within their competence and authority, and that additional guidance or supervision is provided where risks are higher or support is more complex. The Registered Manager is responsible for ensuring that this policy is implemented, monitored and reviewed; that incidents and concerns are acted on; that learning is shared; and that the service’s governance systems provide assurance about the safe and lawful support of internet access and digital inclusion.
7. Policy Review
This policy will be reviewed at least annually and sooner if there is a change in legislation, CQC guidance, safeguarding practice, data protection requirements, cyber security risks, service delivery, incident trends or learning from complaints, audits or investigations. The review will consider whether the policy remains effective, lawful, person-centred and consistent with current CQC expectations and the fundamental standards.
Responsible Person: {{org_field_registered_manager_first_name}} {{org_field_registered_manager_last_name}}
Reviewed on: {{last_update_date}}
Next Review Date: {{next_review_date}}
Copyright © {{current_year}} – {{org_field_name}}. All rights reserved.