CH205-Internet Access for Staff Policy
{{org_field_logo}}
{{org_field_name}}
Registration Number: {{org_field_registration_no}}
Internet Access for Staff Policy
1. Purpose
The purpose of this policy is to define how internet access is provided, used, and monitored by staff at {{org_field_name}} in a manner that supports safe care delivery, confidentiality, professionalism, and compliance with the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014. The policy ensures that internet access is used responsibly, securely, and in alignment with CQC requirements under Regulation 17 – Good Governance and Regulation 13 – Safeguarding from Abuse and Improper Treatment.
2. Scope
This policy applies to all employees, contractors, agency staff, and volunteers at {{org_field_name}} who access the internet using company-owned or approved personal devices for work-related purposes. It covers access through office-based Wi-Fi, mobile data, or remote access tools, and applies equally during working hours, out-of-hours duties, or while working in people’s homes.
3. Related Policies
- CH04 – Good Governance Policy
- CH13 – Safeguarding Adults from Abuse and Improper Treatment Policy
- CH27 – Staff Supervision, Training, and Development Policy
- CH28 – Staff Conduct and Code of Ethics Policy
- CH34 – Confidentiality and Data Protection (GDPR) – Service User Policy
4. Policy Statement and Responsibilities
Purpose of Internet Access for Staff
Internet access is provided to staff at {{org_field_name}} for the following operational purposes:
- Accessing digital care records, rotas, and communication tools
- Using electronic medication administration systems
- Communicating securely with colleagues, health professionals, and family members
- Undertaking e-learning, mandatory training, and professional development
- Accessing emergency protocols, care policies, or regulatory guidance
- Using secure cloud-based systems for reporting, logging incidents, and completing audits
Access must be directly related to the staff member’s duties and responsibilities.
Acceptable Use
Staff must:
- Use the internet solely for work-related tasks during working hours
- Access only approved platforms, applications, and websites necessary for care provision
- Ensure all usage complies with data protection and confidentiality regulations
- Log out of systems when not in use and protect login credentials
- Use professional language and behaviour when engaging in any form of online communication
Any internet use that is excessive, inappropriate, illegal, or discriminatory is strictly prohibited and may lead to disciplinary action under CH28 – Staff Conduct and Code of Ethics Policy.
Personal Use
Reasonable personal use of the internet during designated breaks or outside of working hours may be permitted on personal devices if it does not:
- Interfere with work duties
- Involve inappropriate or high-bandwidth usage (e.g. streaming, downloading)
- Compromise network security or confidentiality
- Breach company values or safeguarding principles
Information Security and Data Protection
Staff must follow CH34 – Confidentiality and Data Protection (GDPR) Policy to protect sensitive information when using the internet. This includes:
- Accessing care records only via secure, encrypted systems
- Not downloading confidential information onto personal devices
- Not sharing work-related data via personal messaging apps or social media
- Immediately reporting any suspected data breach to the Registered Manager and Data Protection Officer ({{org_field_data_protection_officer_first_name}} {{org_field_data_protection_officer_last_name}} – {{org_field_data_protection_officer_email}})
Mobile Internet Access in Home Care
Staff delivering care in people’s homes may be issued with tablets or smartphones pre-configured with secure internet access. Staff must:
- Use only secure, company-approved apps to access or enter care information
- Avoid using public Wi-Fi for work-related internet activity
- Lock devices when unattended and keep them with them at all times during visits
- Report loss or theft of any device immediately
Device usage is monitored to ensure data security and regulatory compliance.
Monitoring and Auditing
Internet use on {{org_field_name}} systems and devices is subject to monitoring to:
- Prevent misuse
- Protect against cybersecurity threats
- Ensure compliance with this policy and legal obligations
The Registered Manager and IT provider (if applicable) may conduct routine audits of usage logs, data transfers, and access history. This forms part of our commitment under Regulation 17 – Good Governance.
Staff Training and Guidance
All staff receive training on:
- Acceptable internet use
- Cybersecurity awareness (e.g. phishing, malware)
- Confidentiality and data handling
- Accessing care platforms and communication systems
Refresher training is provided annually or when systems are updated.
Breach of Policy
Breaches of this policy may result in:
- Formal warnings or disciplinary action
- Withdrawal of internet or device access
- Reporting to safeguarding leads if behaviour puts people at risk
- Referral to professional bodies or regulators in serious cases
Safeguarding Considerations
Inappropriate use of the internet—such as accessing offensive content, engaging in harassment, or sharing unauthorised information—may constitute abuse under Regulation 13. All such breaches must be reported immediately to the Safeguarding Lead ({{org_field_safeguarding_lead_name}} – {{org_field_safeguarding_lead_role}}) for investigation and appropriate action.
5. Policy Review
This policy will be reviewed annually or sooner if there are changes in legislation, cybersecurity risks, or operational systems. The Registered Manager and Data Protection Officer are responsible for ensuring staff are aware of any updates and that compliance is maintained across the service.
Responsible Person: {{org_field_registered_manager_first_name}} {{org_field_registered_manager_last_name}}
Reviewed on: {{last_update_date}}
Next Review Date: {{next_review_date}}
Copyright © {{current_year}} – {{org_field_name}}. All rights reserved.