Skip to main content

Mobile phone policy

Contents

  1. Introduction
  2. Purpose
  3. Scope
  4. Responsibilities, accountabilities and duties
  5. Procedure or implementation
  6. Training implications
  7. Monitoring arrangements
  8. Equality impact assessment screening
  9. Links to any other associated documents
  10. Appendices

1 Introduction

Mobile phones play a significant role in people’s lives and are an essential item of equipment for staff, their uses are numerous and include:

  • communicate in a variety of ways, including voice, text, email and video including virtual consultation with patients
  • provide information from an application or web browser
  • take, store and share photographs and videos
  • vehicle navigation
  • provide supplementary safety for lone workers

This document sets out the trust policy for the management and use of mobile phones. It also incorporates the management and use of SIM cards which may be used in laptops and other equipment for data transfer. These may be provided to trust staff for work related purposes at the discretion of the head of service. In an emergency these can be used for private purposes; however, where excessive costs are incurred, these may be charged to individuals. The use of personal mobile phones is discouraged. The information governance, information management and data security elements of this policy are applicable to staff who use a trust provided or their own mobile phone for trust business.

2 Purpose

The purpose of this policy is to set out responsibilities and procedures for the management of mobile phones including purchase, use and disposal.

3 Scope

This policy applies to all employees, agency workers, students, volunteers and other persons who may carry out work for the trust (collectively known as trust staff) who are provided with a trust owned mobile phone or use a SIM card (herein referred to as a mobile phone).

This policy does not cover what mobile phones may be used for in the context of applications and interaction with patients and others and reference should refer to the information governance handbook. Any requests for application software to be installed must be made to the I.T. change management board for consideration.

This policy does not cover the use of mobile phones by patients, visitors and others; however, trust staff should ensure that all persons show due consideration for others and respect the privacy, dignity and confidentiality of individuals. The mobile Phones and other handheld technology, management within adult mental health inpatient services, standard operating procedure should be referred to for further guidance.

A number of other policies are referenced from this policy, section 9 refers, and the intent of this policy is to extract the main points which relate to the management and use of mobile phones from these policies and not to replicate them. This will mitigate the risk of providing conflicting information when other polices are updated. It also ensures that the wider context of this policy is maintained, as copying guidance from other policies may cause confusion when taken in isolation. Trust staff should follow any local guidance which may apply to the use of mobile phones.

4 Responsibilities, accountabilities and duties

The Trusts management have a duty to put in place policies and procedures for the management of mobile phones

4.1 The chief executive

The chief executive has overall responsibility for management of mobile phones and whilst the responsibility for managing these is delegated to other officers in the trust, the accountability remains with the chief executive. The chief executive should appoint a board level director to act on their behalf to ensure that adequate policies, procedures and structures are in place to ensure that mobile phones are effectively managed.

4.2 Director of health informatics

The director of health informatics is the director who is appointed to ensure that adequate policies and procedures are in place to ensure that mobile phones are effectively managed and report any material losses to the director and finance and performance. Some of these duties may be delegated to others within the informatics team and within the trust.

4.3 Head of IT support services

The head of IT support services is part of the IT security group which is responsible for ensuring that policies and procedures are in place in relation to the management of mobile phones. Duties of the head of IT support services include and are not limited to:

  • keeping up to date with legislation, guidance and best practice
  • developing and maintaining trust policies and procedures and to arrange for these to be monitored and audited to assess their effectiveness
  • investigating incident reports and disseminating any learning
  • liaising with the trusts service providers and trust managers in relation to mobile phones

4.4 Head of IT infrastructure and team

The head of IT Infrastructure is part of the IT security group which is responsible for ensuring that policies and procedures are in place in relation to the management of mobile phones. Duties of the head of IT infrastructure include and are not limited to:

  • ensure that the supporting infrastructure, for example, mobile device manager is suitable configured and working as expected to provide appropriate security and controls in relation to IT security best practice and IT Toolkit requirements
  • keeping up to date with legislation, guidance and best practice

4.5 IT asset and licence manager

The IT asset and licence manager is responsible for arranging for six monthly audits on the receipt, issue and disposal of mobile phone and SIM cards and providing a report to the health informatics group. Suitable auditors are the internal audit team and the trusts safety team.

4.6 IT support services team

The IT support services team are responsible for ensuring that policies and procedures are followed in relation to mobile phones. Duties of the team include and are not limited to:

  • the secure storage of phones and SIM cards
  • working with the purchasing team to recommend new phones
  • setting up of new phones, including installing mobile device management software and updating both the trust and service provider databases
  • reassigning used phones and SIM cards
  • ensuring that the users sign and accept the conditions of use for phones and SIM cards, appendix A refers
  • where a user changes departments, arrange for the service provider to change the cost code on their database
  • on a monthly basis, obtain the list of staff who have left the trust from HR, check the supplier database and where applicable suspend or cancel any SIM cards
  • on a monthly basis, check the MDM database and recall all phones which are non-compliant
  • on a monthly basis provide a summary of all reported mobile phone related incident reports to the head of IT services

On receipt of a phone which is no longer being used:

  • label the phone with the SIM number, phone number, previous user name, cost centre and record the condition. The device may be reset, reprocessed and reused if suitable, preferably within the same service
  • re-use the SIM card and if required, arrange for the service provider to change the cost code on their database
  • follow infection control procedures
  • reset and disable unwanted phones and send for disposal in accordance with the trusts waste management policy

The IT support services team shall maintain appropriate records and send a report to the head of IT services on a monthly basis of all phone and SIM cards which have been received and either remain in storage, have been issued to staff or disposed of.

4.7 Managers or heads of departments

Managers and heads of department are responsible for ensuring that there is a proactive approach to the management of mobile phones, their duties include:

  • ensuring that staff under their control are provided with guidance in relation to this policy
  • notifying the IT service desk when a member of staff leaves the trust or when a device is no longer required. Managers must label the phone with the previous users name and or cost centre and return with user acceptance or return form (appendix A) and hand to the IT support services team to enable them to reset and reallocate the phone to other staff
  • notifying the IT service desk when laptops are transferred between users; unless this is of a temporary nature or those used on a pooled basis
  • before authorising the purchase of new phones, to ensure funding is available within the departmental budget to support both costs of purchase, rental and other charges of the equipment. To monitor budget reports for expenditure on mobile phones and investigate any significant changes
  • where phones are used on a pooled basis, consideration should be given to using a basic phone or text without smartphone features. Where a smartphone is required some features, such as email, may need to be disabled. In both cases the manager of the service will take responsibility for these phones and ensure these are managed in accordance with the principles set out in this policy

4.8 Finance and purchasing teams

The finance and purchasing teams are responsible for:

  • processing orders for new phones; working with the IT support services team to ensure that new phones are purchased in the most economical manner
  • accessing the service provider’s database and processing the payment of invoices and the reallocation of telephone and data costs across all cost centres
  • the re-allocation of the agreed IT support service costs on a pro-rata basis across all cost codes
  • review of contractual arrangements with suppliers, including supplier and contract review, tender process etc

The cost of SIM card rental, phone calls, data usage and the cost of IT support is charged directly or on a pro-rata basis to each care group or corporate cost code.

4.9 Care group or corporate administration teams

Care group or corporate administration teams are responsible on a monthly basis for monitoring the usage and cost of all telephone and data charges allocated to their teams. Any suspected misuse should be reported to the appropriate manager or head of service.

4.10 All staff

Mobile phones may contain confidential information and the advice given in the trusts information governance, information management, information technology and employee usage of social media policies must be followed.

All staff using a trust provided mobile phone must ensure that it is used in a reasonable, appropriate and lawful manner and in accordance with this policy. This includes, wherever practicable:

  • using a trust or private WIFI connection and data saver settings on the phone or laptop to reduce data costs
  • not to use and premium rate services, not making premium rate or international calls without the consent of a manager
  • when absent from work, only use the phone for keeping in touch

Staff must take all reasonable steps to prevent damage, theft or loss to equipment in their possession and must report any of these events to their manager and also record as an incident report. Staff may be held responsible for any loss or damage if reasonable care has not been taken. Precautions to be taken include:

Don't

  • do not leave on view in unattended areas and in vehicles unless this is unavoidable
  • do not leave visible through a window in any environment
  • do not allow other staff or any other persons to use a trust provided smart phone which has been assigned to them
  • do not remove or exchange SIM cards, remove MDM software or reset trust provided phones
  • do not to use a mobile phone for tethering to a laptop except in where there is an urgent need

Staff must inform IT support services if they move from one service to another within the trust. The use of a mobile phone or other interactive communication devices whilst driving can distract the driver and increase the likelihood of an accident occurring. For the above reason, whilst not prohibited by law, mobile phones and other interactive communication devices must only be used in an emergency situation whilst driving on trust business. Further guidance is provided in the trusts safer driving at work policy.

Where devices have a camera, respect must be shown for the privacy, dignity and confidentiality of individuals; refer to the consent requirements in the Information governance policies.

When leaving the trusts employment or when a phone is no longer required they must be handed to your manager in accordance with appendix A. Failure to comply with the requirements of this policy may lead to disciplinary action and or legal or civil action being taken.

5 Procedure or implementation

5.1 Mobile device management (MDM)

To enhance the management and security of mobile phones, a mobile management solution is deployed on trust provided ‘smartphones’ which provides:

  • device management to secure and manage trust owned devices
  • application management which restricts access to trust approved applications
  • anti-virus, malware, ransomware, unwanted applications, spam protection
  • web protection against malicious online content

The MDM solution is used for the above purposes and to determine who the phone is allocated to and to check if any smartphones have been factory reset or tampered with.

5.2 Infection control

New or refurbished mobile phones must be cleaned with an infection control approved alcohol wipe before being issued. Shared mobile phones must be cleaned before being used by others.

5.3 Use of phones during absence from work

During periods of absence, which includes sickness absence and maternity leave, managers should discuss and agree with staff whether a mobile phone will be required. Where a phone is not required, it should be returned by hand to the IT Support Services team who will suspend the SIM card and either hold or re-use the phone.

6 Training implications

All staff who use a mobile phone need to be aware of the key points that the policy covers. All phones are provided with instruction manuals and any additional advice and training will be given on issue of the phone. Staff can be made aware of the policy through the daily email and local induction.

7 Monitoring arrangements

7.1 Summary of all reported mobile phone related incident reports

  • How: Investigated by the IT Support Services team and any identified preventative action taken and reported to others as appropriate.
  • Who: Head of IT support services.
  • Reported to: Health informatics group.
  • Frequency: Monthly.

7.2 Statistics on the receipt, issue and disposal of mobile phone and SIM cards

  • How: Audit on the IT Support Services team.
  • Who: IT asset and licence manager via an appropriate internal auditor.
  • Reported to: Health informatics group.
  • Frequency: Six Monthly.

7.3 Supplier contract review

  • How: Review of contract, contract renewal or negotiation etc.
  • Who: Head of procurement and purchase ledger with the head of IT support services.
  • Reported to: Finance sub committee and health informatics group.
  • Frequency: Quarterly.

7.4 Statistics on the receipt, issue and disposal of mobile phone and SIM cards

  • How: Collated by the IT Support Services team.
  • Who: IT support services team.
  • Reported to: Head of IT support services.
  • Frequency: Monthly.

7.5 Overall cost of mobile phone contract

  • How: Collated by the Finance team.
  • Who: Designated finance manager mobile phones.
  • Reported to: Finance sub committee.
  • Frequency: Six monthly.

8 Equality impact assessment screening

The completed equality impact assessment for this policy has been published on this policy’s webpage on the trust’s website. Link to equality impact assessment: EIA.

8.1 Privacy, dignity and respect

The NHS Constitution states that all patients should feel that their privacy and dignity are respected while they are in hospital. High Quality Care for All (2008), Lord Darzi’s review of the NHS, identifies the need to organise care around the individual, ‘not just clinically but in terms of dignity and respect’.

As a consequence the trust is required to articulate its intent to deliver care with privacy and dignity that treats all service users with respect. Therefore, all procedural documents will be considered, if relevant, to reflect the requirement to treat everyone with privacy, dignity and respect, (when appropriate this should also include how same sex accommodation is provided).

8.1.1 How this will be met

There are no effects on the provision of privacy and dignity or respect within this policy.

8.2 Mental Capacity Act 2005

Central to any aspect of care delivered to adults and young people aged 16 years or over will be the consideration of the individuals capacity to participate in the decision making process. Consequently, no intervention should be carried out without either the individual’s informed consent, or the powers included in a legal framework, or by order of the court.

Therefore, the trust is required to make sure that all staff working with individuals who use our service are familiar with the provisions within the Mental Capacity Act (2005). For this reason all procedural documents will be considered, if relevant to reflect the provisions of the Mental Capacity Act (2005) to ensure that the rights of individual are protected and they are supported to make their own decisions where possible and that any decisions made on their behalf when they lack capacity are made in their best interests and least restrictive of their rights and freedoms.

8.2.1 How this will be met

All individuals involved in the implementation of this policy should do so in accordance with the guiding principles of the Mental Capacity Act (2005) (section 1).

11 Appendices

11.1 Appendix A User acceptance or return form

No. Question Tick to accept Signature
1 I understand that mobile phones may contain confidential information and will follow the advice given in the Trusts information governance, information management, information technology and employee usage of social media policies.
2 I will use the mobile phone in a reasonable, appropriate and lawful manner. This includes, wherever practicable, using a Trust or private WIFI connection and data saver settings to reduce data costs and not making premium rate or international calls without consent of a manager.
3 I will take all reasonable steps to prevent damage, theft or loss and to report any loss to my manager and record as an incident report. I understand that I may be held responsible for any loss or damage if reasonable care and precautions have not been taken.
4 I will not allow other staff or any other persons to use a Trust provided smart phone which has been assigned to me.
5 I will only use the phone for emergency use whilst driving on Trust business.
6 When using the camera I will show respect for the privacy, dignity and confidentiality of individuals.
7 I will not remove or exchange SIM cards, remove MDM software or reset the phone. I will inform IT support services if I move from one service to another within the Trust.
8 I will hand the phone to my manager when I leave the Trust.
Name (in block caps.) Date
Job title Place of work
Phone serial number SIM number

The completed form is to be kept on the personnel file and a copy sent to IT support services.

Receipt of returned phone and SIM card.

Name (manager to print) Name (Sign) Date:

The phone will require resetting to before issuing to another user, ensure that the phone is returned by hand to IT support. The completed form is to be kept on the personnel file and a copy sent to IT support services.

Document control

  • Version: 4.2.
  • Unique reference number: 201.
  • Approved by: Corporate policy approval group.
  • Date approved: 25 January 2024.
  • Name of originator or author: Head of estates and facilities.
  • Name of responsible individual: Director of health informatics.
  • Date issued: 25 January 2024.
  • Review date: January 2024.
  • Target audience: All staff who use a mobile phone or data enabled SIM card.

Page last reviewed: April 15, 2024
Next review due: April 15, 2025

Feedback

Report a problem