Background image

MUSC Acceptable Use Policy

Before you can change your password, you must review the MUSC Acceptable Use Policy and indicate your acceptance below.


UPDATED: The Acceptable Use Policy, as approved by the Policy Governance Committee, has replaced the Computer Use Policy effective June 28, 2023.

MUSC Acceptable Use Policy

IMPORTANT: This agreement applies to all individuals who receive access to any of MUSC's computing, electronic, network or print resources regardless of your affiliation with MUSC (employee, faculty, student, contractor, vendor, etc.).

    Policy Statement/Purpose:

    The purpose of this policy is to set forth rules for the appropriate use of MUSC information, computing, and telecommunications resources. Inappropriate use could result in the compromise of individuals’ privacy and exposes MUSC to potential risks including to cyber-attacks, compromise of network systems and services, liability, and other adverse effects to its operations.

    Policy:

    Expectation of Privacy
    1. MUSC respects the privacy of individuals and maintains the privacy of Users’ files, emails, and other communications. However, in MUSC’s effort to ensure the integrity and security of MUSC information, computing, and telecommunications resources and the rights of all Users, MUSC reserves the right to monitor access to and use of such information and resources. Therefore, individuals shall not have an expectation of privacy when using MUSC computing and telecommunications resources or in any data on those resources except for any privilege or confidentiality recognized by law.
    2. Any use may be monitored, intercepted, recorded, read, copied, accessed, or captured in any manner including in real time, and used or disclosed in any manner, by authorized personnel without additional prior notice to individuals.
    3. MUSC may periodically monitor systems, including but not limited to:
      1. All computer files.
      2. Individual log in sessions.
      3. All forms of electronic communication (including email, instant messaging, telephones, computer systems, and other electronic records).
    4. In addition to the notice provided in this policy, MUSC may also display a log in banner notifying of such monitoring and a reminder that unauthorized use of information, computing, and telecommunications resources is not permissible.
    5. MUSC may impose restrictions on the use of IT resources, for example, blocking access to websites or services not serving legitimate business purposes or restricting the ability to attach devices to IT resources (e.g., personal USB drives)
    Acceptable Use
    1. Any individual who is granted access to MUSC information, computing and telecommunications resources (“Users”) shall use only those resources that they are authorized to use and only in the manner and to the extent authorized. Examples of Users include but are not limited to workforce members, third party contractors, students, faculty members, and other affiliates of MUSC. For further clarity, Users do not include the general public (e.g. patients accessing public MUSC websites). The ability to access computing resources does not, by itself, imply authorization to do so.
    2. Users shall comply with all federal, South Carolina, and other applicable laws; and all applicable contracts and licenses. Users who engage in communications with persons in other states or countries or on other systems or networks must be aware that they may also be subject to the laws of those other states and countries and the rules and policies of those other systems and networks.
    3. Users shall be responsible for ascertaining, understanding, and complying with the laws, rules, policies, contracts, and licenses applicable to their particular use.
    4. Users shall only access MUSC computing and telecommunications resources to the extent authorized for a legitimate business, health care, research and/or educational purposes in accordance with principles of minimum necessary/on an as needed basis. Minimum necessary/On an as needed basis means Users should access MUSC information, computing, and/or telecommunications resources only to the extent necessary to accomplish legitimate business, clinical, research, and/or educational purposes.
    5. Users shall be responsible for ascertaining what authorizations are necessary and for obtaining such authorizations prior to accessing any MUSC computing and telecommunications resources.
    6. Accounts and passwords (e.g., NetIDs) shall not, under any circumstances, be shared with, or used by, persons other than those to whom they have been assigned by MUSC.
    7. MUSC provides information, computing and telecommunications resources as resources to Users. It shall be the User's responsibility to comply with MUSC policies and associated standards and procedures applicable to use of such resources.
    8. Users shall be responsible for protecting all MUSC computing and telecommunications resources to which they are granted access from unauthorized use or disclosure by observing authorized levels of access and by utilizing only approved IT technology devices or services.
    9. Use of computing and telecommunications resources owned or operated by MUSC imposes certain responsibilities and obligations. MUSC considers use of resources to be a privilege that is granted on the condition that each user respects the integrity of IT resources and the rights of other users.
    10. Users shall respect the privacy of other users, their data, and their accounts, regardless of whether those accounts are securely protected. The ability to access another person’s accounts does not, by itself, imply authorization to do so.
    11. Users shall immediately report suspected information security incidents or weaknesses to the Information Security Office by sending an email to security-incident@musc.edu and/or calling the MUSC Help Desk at (843) 792-9700.
    12. MUSC recognizes the value of legitimate research projects undertaken by certain User groups such as faculty and students under faculty supervision. MUSC may restrict such activities in order to protect MUSC and individual information and information resources, but in doing so will take into account legitimate academic pursuits.
    Unacceptable Use
    1. Users of MUSC computing and telecommunications resources shall not attempt to gain unauthorized access to another user’s individual account, service, or personal information through hacking, password mining, or any other means except as explicitly authorized by MUSC Policies, standards, and/or procedures. Furthermore, the use of tools such as network scanners, vulnerability scanners, and penetration testing tools are prohibited except as explicitly authorized by MUSC Policies, standards, and/or procedures.
    2. Users shall not use MUSC computing and telecommunications to disclose to unauthorized recipients personal, private, sensitive, and/or confidential information that is protected under confidentiality, privacy, or other applicable laws.
    3. Users shall not forward non-Public (e.g., internal, confidential, restricted) information (unless personal to the User) to a personal email address.
    4. Users shall not use MUSC computing and telecommunications resources to infringe on copyrighted material (video, movies, music, audio, images, documents, software, text, etc.) by downloading, accessing, copying, posting, using, displaying, or transmitting material that is protected under intellectual property or other applicable laws without authorization.
    5. Users shall not download, install, or use unauthorized or malicious software or obtain unauthorized data or software from external networks.
    6. Users shall not use MUSC computing and telecommunications resources to access, distribute, post, transmit, or store any content that is threatening, harassing, defamatory, discriminatory, illegal, intentionally false or inaccurate, abusive, invasive of privacy, hateful, incites an illegal act and/or violence, or is otherwise in a manner that is contrary to MUSC’s Code of Conduct any applicable laws and regulations.
    7. Users shall not post, use, or transmit content that contains software viruses, or any other computer code, files or programs designed to interrupt, destroy, or limit the functionality of any computer software or hardware or telecommunications equipment or otherwise interfere with or disrupt such resources.
    8. Users shall not connect unapproved devices to MUSC’s network or to any MUSC IT resource, medical device, or other electronic device.
    9. Users shall not modify or install computing or telecommunications resources which removes, circumvents, disables, damages, or otherwise circumvents any IT security controls. This includes the use of unauthorized remote access tools (e.g., TeamViewer).
    10. Users shall not misrepresent or willfully conceal their identity at any point on the MUSC network.
    11. Unless authorized by MUSC, Users shall not store non-public MUSC data (e.g., personally identifiable information, Protected Health Information, etc…) on non-organization-issued devices, nor with a third-party file storage service not approved by MUSC.
    12. Users shall not use MUSC’s computing and telecommunications resources to post, transmit, or circulate unsolicited or unauthorized content for non-organizational purposes including religious, political, or not-for- profit entities, including:
      • Advertising or promotional materials
      • Junk mail
      • Spam
      • Fraudulent mass mailings
      • Chain letters
      • Pyramid schemes
      • Political campaign promotional material
      • Any other form of unsolicited or unwelcome solicitation or advertising
    13. Users shall not use MUSC’s computing and telecommunications resources to impersonate another person or entity, nor to represent the organization in matters unrelated to official authorized job duties or responsibilities.
      14. Affiliation with MUSC does not, by itself, imply authorization to speak on behalf of MUSC.
    14. Users may not use MUSC information, computing and/or telecommunication resources to create the appearance that MUSC is endorsing, affiliated with, or otherwise supporting any organization, product, service, candidate, or position except as expressly authorized by MUSC Policies.
    15. Users shall not use third party services for MUSC business or handling MUSC data without a completed Information Security Assessment. Examples are but not limited to, third party email systems, calendars, project management, task management, and instant messaging (including Apple iMessage).
    16. MUSC Users shall not use third party services for MUSC business or handling MUSC data without a completed Information Security Assessment. Examples include but are not limited to, third party email systems, calendars, project management, task management, and instant messaging (including Apple iMessage).
    17. Users shall not use cellular text messaging to transmit MUSC confidential or restricted data.
    Personal Use
    1. Occasional, incidental, and necessary personal use of MUSC computing and telecommunications resources shall be permitted, provided such use meets the following conditions:
      1. Is otherwise consistent with this policy and does not create non-compliance with other MUSC policies or applicable laws.
      2. Does not include the activities specified Section 12 of Unacceptable Use.
      3. Is limited in amount and duration.
      4. Does not interfere with the performance of the user’s job or other MUSC’s responsibilities and duties.
      5. Does not unreasonably interfere with the activity of other users.
      6. Does not unreasonably consume MUSC resources and respects the finite capacity of those resources (including bandwidth, disk space, and CPU time).
    2. Personal use of MUSC computing and telecommunication resources shall comply with State law and MUSC policy. Users shall not use MUSC’s computing and telecommunications resources for personal commercial purposes or for personal financial or other gain, except as permitted by MUSC policy and State law. Under South Carolina State Law, Section 8-13-700(A) of the South Carolina Ethics Code reads as follows:
      “No public official, public member, or public employee may knowingly use his official office, membership or employment to obtain an economic interest for himself, a member of his immediate family, an individual with whom he is associated, or a business with which he is associated. This prohibition does not extend to the incidental use of public materials, personnel, or equipment, subject to or available for a public official's, public members, or public employee's use which does not result in additional public expense.”
    3. Additional restrictions on personal use may be imposed in accordance with normal management or departmental responsibilities.
    4. MUSC may revoke or limit personal use at any time without notice.
    5. Users shall not provide unauthorized third parties, including family and friends, access to MUSC’s computing and telecommunications resources for personal use.
    6. Users shall not use MUSC demographic data, including the MUSC email address, for personal use (register for software, complete a web form, etc.) nor use a personal email account to conduct MUSC business.
    7. Users shall not use MUSC information or computing and telecommunications resources for non-MUSC commercial or personal purposes, including in support of "for-profit" activities or in support of other outside employment or business activity (consulting for pay, business transactions, etc.).
    8. Users accessing non-publicly accessible MUSC computing and/or telecommunications resources through personal devices shall only do so using authorized access mediums (e.g. a mobile devices enrolled in mobile device management) and in accordance with MUSC Policies and procedures.
    Email Communications
    Users may be provided with an MUSC email address. This address is considered their official MUSC email account and all MUSC business conducted via email must use the MUSC email account and email system. Confidential or sensitive information should not be sent through e-mail or exposed to public networks such as the Internet unless adequately secured against unauthorized access and encrypted in transit. Email sent from one musc.edu email address to another musc.edu email address using the MUSC email system is considered secure and no additional steps are needed to encrypt the message.
    User Responsibilities for Protecting Computing and Telecommunications Resources
    1. Users shall ensure that all MUSC computing and telecommunications resources are attended at all times or physically secured.
    2. Users shall log-off computing and telecommunications resources when the session is finished (not just switch off the screen or device).
    3. Users shall safeguard unattended information system output on copiers, printers, and facsimile machines to prevent unauthorized individuals from obtaining the output.
    4. MUSC computing and telecommunications resources must be immediately returned upon request or at the time a workforce member is separated from the organization in accordance with applicable policies and procedures.
    5. Users shall immediately report MUSC computing and telecommunications resources that are lost, stolen, or destroyed to the Information Security Office
      1. MUSC may require Users to provide a written report of the circumstances surrounding the incident.
      2. Users may be subject to disciplinary action which may include repayment of the replacement value of the equipment.
      3. MUSC reserves the right to not re-issue computing and telecommunications resources to Users who repeatedly lose or damage such resources.
    Password Management
    1. Users are required to follow good security practices in the selection and use of passwords.
    2. Users shall keep passwords confidential.
    3. Users shall not store personal, shared, or service account passwords in plain text in locations (physical or electronic) that may be accessed by unauthorized parties.
    4. Users shall change passwords whenever there is an indication of password or system compromise.
    5. Users shall not share individually assigned passwords and accounts without approval.
    6. Unless specifically authorized, Users shall not use another person’s user account and password at any time.
    7. Users shall not use the same passwords for MUSC business and non-business purposes.
    8. Users shall select quality, complex passwords in accordance with the Identification and Authentication Policy. We recommend using passphrases such as “1st wealth is health”

Your Agreement: By clicking the check box labeled, "Yes, I have read, understand and agree to adhere to the MUSC Acceptable Use Policy" when you first access the Service, you acknowledge and confirm that you have reviewed the policies and accept them.

Enter your NetID: