Appointment

Acceptable Use Policy

1. Purpose

This Acceptable Use Policy outlines the standards of behaviour expected from all users of Bodyfunction Clinic’s devices, systems, networks, and applications to ensure the confidentiality, integrity, and availability of sensitive data and IT infrastructure.

2. Scope

This policy applies to:

  • All employees, clinicians, and administrative staff
  • Contractors, locums, and temporary workers
  • Any third parties accessing clinic systems or using clinic devices

3. General Principles

All users must:

  • Use clinic systems and devices for legitimate clinical or administrative purposes only
  • Protect patient data and clinic information at all times
  • Comply with UK GDPR, the Data Protection Act 2018, and internal privacy policies
  • Immediately report any data breaches, suspicious activity, or system issues to management

4. Hardware and Device Use

  • Clinic-owned devices must be used for clinic-related tasks only
  • Devices must be secured with strong passwords or biometric authentication
  • Users must not alter security settings or install unauthorised software
  • Portable devices (e.g. laptops, tablets) must be stored securely when not in use
  • Personal devices (BYOD) may only be used for clinic access with prior approval and proper security settings in place (e.g. encryption, passcode)

5. System and Application Use

  • Access to electronic health records and patient data is strictly role-based
  • All access is logged and periodically reviewed for security compliance
  • Users must log out or lock their systems when leaving devices unattended
  • Only approved, secure applications may be used to store, process or transmit patient data

6. Email, Internet, and Messaging

  • Clinic email must only be used for professional communications
  • Patient information must not be transmitted via unsecured email or messaging platforms
  • Internet use during work hours must be professional and relevant
  • Staff must not access, download, or distribute illegal, offensive, or inappropriate content
  • Use of personal messaging apps (e.g. WhatsApp, iMessage) for clinic business is not permitted unless part of an approved secure communication policy

7. Data Protection and Confidentiality

  • Personal or clinical data must not be stored on unencrypted drives or cloud services outside of approved systems
  • Data must be backed up only to secure, clinic-managed platforms
  • Printing of sensitive data should be avoided; where necessary, ensure documents are not left unattended

8. Monitoring and Enforcement

  • Bodyfunction Clinic reserves the right to monitor use of its systems and devices in line with legal and ethical standards
  • Breaches of this policy may result in disciplinary action, up to and including termination of employment or contract
  • Serious breaches involving personal data may also be reported to the Information Commissioner’s Office (ICO)

9. Review

This policy will be reviewed annually or in response to changes in:

  • Applicable legislation
  • Clinical operations
  • Identified risks or incidents