Social media policy

Last updated on 18 Oct 2023

Version 3.2

Last updated 14 February 2023

1. Purpose

This document provides guidance to HRA staff on social media, networking on the internet and the external use of other online tools such as blogs, discussion forums and interactive news sites. It gives direction to staff on the use of these tools. This is a rapidly changing area and this policy may be updated and amended as our organisational communication strategy evolves.

Social media or social networking describes websites and online tools which allow users to interact with each other by sharing information, opinions, knowledge and interests. This includes but is not limited to Facebook, Twitter, LinkedIn, WhatsApp, Flickr, Instagram, TikTok, Reddit and others.

The HRA uses social media as a corporate communication tool for two-way engagement with the organisation’s stakeholders and customers. Our social media channels are also increasingly used by those wishing to contact the organisation, for example to make a complaint.

This policy, which covers staff use of social media, helps to protect the organisation, but also to protect your interests.

The aims of this document are to:

  • provide clarity to staff on the use of social media tools, to give them the confidence to engage effectively
  • ensure that the organisation’s reputation is not brought into disrepute and that it is not exposed to legal risk
  • ensure that audiences are able to distinguish official corporate HRA information from the personal opinion of staff

2. Scope

This policy covers directly employed staff, secondees, agency worker and contractors. The principles of this policy apply to HRA volunteers including Research Ethics Committee (REC) and Confidentiality Advisory Group (CAG) members.

3. Scope

3.1 Participating in online activities

Our staff are our best ambassadors. Many already use social media, interactive and collaborative websites and tools such as Twitter and LinkedIn, both in a personal and professional capacity.

This policy does not set out to restrict this activity but notes that the HRA’s communications team will provide guidance and training to empower staff to interact online in a way that is credible, consistent, transparent and relevant.

We recognise that there is an increasingly blurred line between what was previously considered 'corporate social networking', which could be useful to the business, and 'social networking', which is for personal use, to an extent where it may no longer be possible, or desirable, to make that distinction. For example, there is a tendency for people to maintain just one Twitter account, which is used to post a mixture of business related and personal content.

Posts made through personal accounts that are public can be seen and may breach organisational policy if they bring the organisation into disrepute. This includes situations when you could be identifiable as an HRA employee whilst using social networking tools or occasions when you may be commenting on HRA related matters in a public forum.

Staff should use their own discretion and common sense when engaging in online communication.

The following guidance gives some general rules and best practices which you should follow at all times:

  • know and follow the HRA code of conduct. The same principles and guidelines that apply to staff activities in general also apply to online activities. Employees are personally responsible for the content they publish online and should be mindful that this can remain public for a long time. When online, use the same principles and standards that you would apply to communicating in other media with people you do not know. If you wouldn’t say something in an email or formal letter, don’t say it online;
  • identify yourself by giving your name and, when relevant, role at the HRA if you are discussing the HRA or HRA related matters. Write in the first person. You must make it clear that you are speaking for yourself and not on behalf of the HRA (you must not use the organisation’s logo on personal web pages or social media accounts);
  • be aware that people who join your networks and participate in groups that you are a member of may be colleagues, clients, journalists or suppliers. It is also possible that people may not be who they say they are and you should bear this in mind when participating in online activities
  • if you publish content to any website outside of the HRA that could be perceived to have a connection to the work you do or subjects associated with the HRA, you must display a disclaimer such as: ‘this is my personal view and doesn't represent the position, strategy or opinions of the HRA’

Respect copyright, fair use, data protection, defamation, libel and financial disclosure laws. Don’t reveal confidential information about staff, or the organisation. Never post any information that can be used to identify a patient’s identity or health condition in any way;

  • don’t use social media in any way to attack or abuse colleagues;
  • don't publish or report on conversations that are private or internal to the HRA (for example, do not repeat externally any of the content of HRA News, or anything taken from the intranet). Don’t talk about our partners and suppliers.
  • respect your audience. Don't use personal insults, obscenities, or engage in any conduct that would not be acceptable in the workplace. You should also show proper consideration for others' privacy and for topics that may be considered objectionable or inflammatory, such as politics and religion;
  • be aware of your association with the HRA when using online social networks. If you identify yourself, or are identifiable, as an employee of the organisation, ensure your profile and related content is consistent with how you wish to present yourself to colleagues and stakeholders. Be aware that you may be identified as an employee by any public use of your @hra.nhs.uk email address;
  • if you are asked to blog or participate in a social network for commercial or personal gain, then this could constitute a conflict of interest (see “Related policies and information” section of this document). Please speak to the communications team as soon as possible if this is the case.
  • if someone from the media contacts you about posts you have made, you must contact the communications team straight away. During business hours email communications@hra.nhs.uk and out of hours call 07968 149916
  • don't pick fights, be the first to correct your own mistakes, and don't change previous posts without indicating that you have done so;
  • don’t use social media to ‘whistle blow’ without already having raised concerns through the proper channels. In the first instance this should be via the HRA’s Freedom to Speak up Guardian;
  • if you have any concerns about your position on any of the issues covered by this policy please contact the communications team.

Note that use of HRA equipment and networks to participate in social media activities during your own time is covered by the HRA Acceptable Use of ICT User Obligations Policy.

3.2 Safeguarding

Occasionally, some teams at the HRA may engage in online conversations with children, young people and adults at risk, for example when promoting engagement opportunities.

The use of social media/networking sites introduces a range of potential safeguarding risks to these groups.

Most children, young people and adults use the internet positively, but sometimes they and others may behave in ways that pose a risk. Potential risks can include, but are not limited to:

  • online bullying
  • grooming, exploitation or stalking
  • exposure to inappropriate material or hateful language
  • the vulnerable person giving away personal details, which can be used to locate them, harass them or steal their identity
  • coercion into illegal activity, such as distributing illegal content or hate crime
  • indoctrination into ideations and encouraged into terrorist activities
  • encouraging violent behaviour, self-harm or risk taking
  • people's wellbeing not being promoted, as their views, wishes, feelings and beliefs are not taken into account.

In order to mitigate these risks there are steps you can take to promote safety online:

  • don't target/or engage with children who are likely to be under the minimum requirement age for the social networking service that you are promoting. This is usually 13 years but can vary by platform so check the terms and conditions of that site
  • don't accept 'friend' requests from anyone you suspect to be underage
  • avoid collecting, and don't ask users to divulge any personal details, including: home and email addresses, school information, home or mobile numbers.
  • you should not use any information to locate and or meet a child, young person or vulnerable adult, that is not directly to do with work.
  • The Sexual Offences Act (2003) combat increasing sexual approaches to access children and young people on-line. The Act 2003 created an offence of meeting a child following sexual grooming. This makes it a crime to befriend a child on the Internet or by other social media means and to arrange to meet or intend to meet the child or young person with the intention of abusing them
  • be careful how you use images of children, young people or adults - photographs and videos can be used to identify them to people who wish to groom them for abuse.
  • consider using models, stock photography or illustrations
  • if a child, young person or adult at risk is named, do not use their image
  • if an image is used, do not name the child, young person or adult at risk
  • where necessary obtain parents'/carers/guardians or Lasting Power of Attorney’s written consent to film, or use photographs on web sites
  • ensure that any messages, photos, videos or information comply with existing policies.
  • promote safe and responsible use of social media/networking to your audience online and consider providing links to safety and support organisations on your profile. Remind people to protect their privacy
  • data protection considerations - when you are collecting personal information about all users, you should always follow the requirements set out in the Data Protection Act 2018. You should not use social media to collect personal data and this should be done via alternative means, e.g. by signposting to a form on your website

3.2.1 Safeguarding yourself

In addition to the behaviours outlined in section 3.1, if you are using corporate or personal social media/networking accounts for work related activity, you should also:

  • ensure that your privacy settings are set up so that personal information you many not want to share is not available to members of the public
  • have a neutral picture of yourself as your profile image
  • do not use your work contact details (email or telephone) as part of your personal profile or personal contact details as part of a profile you use for work
  • keep yourself safe, if you are not sure then do not proceed without advice and support
  • do not engage in intimate or sexual conversations
  • ensure any personal pictures you upload are not intimate, compromising or sexually explicit

Should any employee encounter a situation whilst using social media that they are concerned about they should politely disengage and seek advice from the communications team and/or their line manager.

Any content or online activity which raises a safeguarding concern must be reported to the communications team. You should report any harassment or abuse you receive online whilst using corporate or personal accounts for HRA related business, to the HRA’s communications team. They will advise you what further action should be taken and escalate as required.

Keep yourself and others safe. Do not place yourself at risk and engage in risk taking behaviour on social media platforms

3.3 Personal blogs

If you are writing a personal blog, you should adhere to the guidance given in section 3.1 if your blog touches on any work-related matters. You must also include a disclaimer which says: ‘Any views expressed in this blog are entirely my own and not those of my employer.’

3.4 References and endorsements

On social networking sites such as LinkedIn, personal and professional references are the focus. If you are representing yourself as an HRA employee, you may not provide professional references about any current or former employee, contactor, vendor or contingent worker. You may provide a personal reference (for example using LinkedIn’s recommendation function) for current or former HRA employees, contractors, vendors and contingent workers provided:

  • the statements made and information provided in the reference are factually accurate; and
  • you include the disclaimer below:

‘This reference is being made by me in a personal capacity. It is not intended and should not be construed as a reference from the HRA.’

3.5 Responding to the media

Staff must not respond to requests for comment from media organisations or make comments in response to published media comment (for example on online news sites). If you read something online that you feel is factually incorrect, inaccurate or otherwise needs an official response from the HRA, then you must refer the matter to the communications team (out of hours call 07968 149916).

3.6 Representing the HRA online when acting in an official capacity

It is important that the organisation maintains a clear and consistent online presence through the strategic use of official communication channels.

Staff must not set up

  • Twitter accounts, Facebook pages, YouTube channels or a presence on any other social media site that represents an HRA product or service
  • unauthorised ‘official’ blogs on behalf of HRA programmes or individuals; or,
  • posting video content or setting up surveys using any unapproved online channels

3.7 Official HRA blogs

Blogs are a great way to share engaging content, written using an informal and personal tone, which can help to establish the HRA as a thought leader, setting the agenda, and stimulating discussion.

The HRA wishes to encourage a blogging culture for all employees. The HRA blogs are published on our website. If you wish to set up a blog to write in your capacity as an HRA employee, then please discuss your proposal with the communications team in the first instance. The team can provide advice on the types of things you will need to consider, such as: content; timing; newsworthiness; time and resources to manage and maintain; editorial policy; whether this is the best medium for your message and how it might fit into the bigger engagement picture.

Opportunities occasionally arise for employees to blog, in an official capacity, on alternative platforms or websites. To ensure that they are appropriate, and provide benefit to the organisation, these opportunities must be discussed, and agreed, with the communications team.

3.8 Online surveys

If you wish to run an externally facing online survey please complete the Survey checklist and authorisation form and email quality.assurance@hra.nhs.uk. It is important that the organisation takes a joined-up approach to contacting stakeholder groups, so survey activity may need to be considered in the context of other pieces of work. Data protection requirements also may need to be considered.

3.9 Participation in collaborative communities of practice

If you wish to participate in online collaboration using externally facing web-based tools such as HRA Atlas or other external sites, with sector-wide colleagues or suppliers, on programmes, projects and documents, you must carefully consider security. In the majority of cases, when involved in collaborative working, discussion and the sharing of work-related information and documents must take place in a closed environment, behind a secure login, to minimise the risk of unapproved or commercially sensitive material reaching the public domain. All information stored on internal or external websites must be held in accordance with our Information Governance Policies. If you have a requirement to set up a new collaboration space, you should contact the HRA IT team for general advice before contacting the IT Service Desk. The HRA IT team will be able to advise on the tools available which fit your requirements for HRA.

3.10 Non compliance

The HRA’s policies apply to all forms of communication, whether it be verbal, in print or online. Staff should remember that they are ultimately responsible for what they publish online and that there can be consequences if policies are broken. If you are considering publishing something that makes you even slightly uncomfortable, review the policy above and ask yourself why that is. If you’re in doubt or in need of further guidance, please contact the communications team to discuss. Non-compliance with the policies associated with this guidance may lead to disciplinary action in accordance with the HRA Disciplinary Policy. You are also reminded that actions online can be in breach of the harassment/IT/equality policies and any online breaches of these policies may also be treated as conduct issues in accordance with the Disciplinary Procedure.

3.11 Accountability, responsibilities and training

Overall accountability for procedural documents across the organisation lies with the Chief Executive who has overall responsibility for establishing and maintaining an effective document management system, for meeting all statutory requirements and adhering to guidance issued in respect of procedural documents. Overall responsibility for the social media and attributed content policy lies with the Director for Policy and Partnerships who has delegated responsibility for managing the development and implementation of social media and attributed content procedural documents. Staff will receive instruction and direction regarding the policy from a number of sources:

  • Advice and guidance from the Communications Team
  • Articles and guidance on the staff Intranet

4. Distribution and implementation

4.1 Distribution plan

This document will be made available to all staff via HRA Atlas. A notice will be issued in HRA news notifying of the release of this document.

4.2 Training plan

All staff are required to complete the ESR Information Governance and Data Security training annually. In addition, information asset owners are required to complete IAO training provided by NHS Digital.

5. Management of documents and records

The documents will be managed in line with the HRA’s Record Retention Schedule.

6. Dissemination and publication of the document

A copy of this document is held in the HRA hub central library. All members of staff are expected to read and understand the information security policy as part of their HRA induction and when revised versions are released. This should be confirmed as part of the annual appraisal process.

7. Screening questions - HRA Equality Analysis and Privacy Impact Assessment

Equality and privacy screening questions

For every HRA policy (defined by the Equality and Human Rights Commission (EHRC) as a function, strategy, procedure, practice, project or decision). Please answer the question below to determine whether further analysis is required. 
Equality: With due regard to our Equality Duty, could this policy have the potential to have a detrimental impact on anyone with a protected characteristic? No If yes, please complete as required either the HRA Initial Equality Analysis and / or Initial Privacy Impact Assessment Template and copy and paste the completed assessment (s) below. This one document can be found on the Intranet.
Privacy: With due regard to the Data Protection Act, does this policy involve the use of Personal Information? No If yes, please complete as required either the HRA Initial Equality Analysis and / or Initial Privacy Impact Assessment Template and copy and paste the completed assessment (s) below. This one document can be found on the Intranet.
Back to our policies and procedures