Information Technology Policy
Information technology IT continues to expand in use and importance throughout Global Health College (GHC). It is an indispensable tool for education, research, and clinical care, and plays a central role in the overall life of the institution. The uses of information technology have changed dramatically over the last twenty years, and it is likely that the rate of change will accelerate in the future. For these reasons, it is critical that GHC articulate a clear statement regarding the appropriate uses of our information technology resources and institute safeguards to ensure that our technology is secure, reliable, and available for the entire Global Health College community.
The policies set forth have three primary purposes:
- To ensure compliance with all applicable federal, state, and local laws
- To safeguard and protect all IT resources from anything other than authorized and intended use
- To provide protection to academic, clinical, financial, research, and all other systems that supports the mission and functions of Global Health College.
E-mail and user accounts and their contents are generally considered private by GHC but neither this policy nor present technology is able to guarantee security, privacy or confidentiality. It is not the routine policy of GHC IT administrators to view or disclose the content of others’ electronic files, but GHC reserves the right, and may be legally required, to access, copy, examine, and/or disclose all files stored or transmitted on, across or through GHC IT resources. However there are a number of circumstances that arise, where an account or accounts may be entered including: safety, security, and/or legal purposes; as needed to maintain or protect its personnel, facilities and not-for-profit status; as necessary to maintain network services; or in order to protect GHC’s rights or property. For these reasons, there should be no presumption of privacy or confidentiality concerning information stored on or transmitted across GHC IT resources.
Certain information (such as protected patient health information; sensitive information regarding students or staff; and other information protected by the attorney-client privilege) is protected by law, and persons with access to such information are expected to be aware of and comply fully with the laws protecting such information. Nothing in these policies is intended to affect in any way the confidentiality or protection of such information.
GHC complies fully with all federal, state, and local laws, including the Digital Millennium Copyright Act. Except as required for IT security and functionality, access for the GHC community to resources through computer networks should be governed by the standards and principles of intellectual and academic freedom characteristic of a college.
Acceptable use of IT resources is use that is consistent with Global Health College’s missions of education, research, service, and patient care, and is legal, ethical, and honest. Acceptable use must respect intellectual property, ownership of data, system security mechanisms, and individuals‘ rights to privacy and freedom from intimidation, harassment, and annoyance. Further, it must show consideration in the consumption and utilization of IT resources, and it must not jeopardize GHC’s status. Incidental personal use of IT resources is permitted if consistent with applicable GHC and divisional policy, and if such use is reasonable, not excessive, and does not impair work performance or productivity.
- Unacceptable use of IT resources includes, but is not limited to:
- Unauthorized access to or unauthorized use of GHC’s IT resources
- Use of IT resources in violation of any applicable law
- Harassing others by sending annoying, abusive, profane, threatening, defamatory, offensive, or unnecessarily repetitive messages, or by sending e-mails that appear to come from someone other than the sender
- Any activity designed to hinder another person‘s or institution‘s use of its own information technology resources
- Privacy violations (e.g., disclosure or misuse of private information of others)
- Installation of inappropriate software or hardware on IT resources (e.g., network or password-sniffing software or hardware, offensive applications, and malicious software).
- Any use of copyrighted materials in violation of copyright laws or of vendor licensing agreements (e.g., illegal downloading and/or sharing of media files or computer software)
- Intentional, non-incidental acquisition, storage, and/or display of sexually explicit images, except for acknowledged, legitimate medical, scholarly, educational, or forensic purposes. Exposure and/or display of such material may be offensive, constitute sexual harassment or create a hostile work environment
- Security breaches, intentional or otherwise, including improper disclosure of a password and negligent management of a server resulting in its unauthorized use or compromise
- Commercial use of IT resources for business purposes not related to Global Health College
- Use, without specific authorization, to imply GHC support (as opposed to personal support) for any position or proposition
- Use to engage in activities, including for example certain political activities, prohibited to nonprofit or personal organizations or that otherwise may result in a hostile work environment.
The GHC e-mail systems are used to support Global Health College’s mission and to allow effective communication between faculty, staff, students, and business associates. These systems vary substantially in size, scope and sophistication. Policies and procedures regarding e-mail storage, back-up and archiving also vary substantially across GHC. To ensure security there is no single e-mail archive system for the entire institution.
Back-up, storage and archiving of important e-mail messages are the responsibility of each individual user.
E-mail transmission over the Internet is inherently insecure and subject to security breaches that include message interception, message alteration, and spoofing. Users of GHC e-mail systems should not assume the confidentiality or integrity of any message that is sent or received via the Internet. While the transmission and receipt of e-mail messages is generally reliable, timely delivery of time- sensitive information cannot be guaranteed.
Acceptable use of e-mail is use that is consistent with the Use of IT resources Policy.
Unacceptable use of Global Health College e-mail systems includes, but is not limited to:
- Harassing others by sending annoying, abusive, profane, threatening, defamatory, offensive, or unnecessarily repetitive messages
- Sending/receiving individually identifiable health information, social security numbers, passwords, or any other Confidential information via the Internet without making reasonable accommodation for the security of such information
- Sending e-mail messages from a personal e-mail account that is not owned by the sender without prior approval of the owner
- Concealing the identity of the sender, impersonating another, or representing that the sender is someone other than the actual sender
- Using GHC e-mail to assert or imply that personal views or opinions are the institutional views or opinions of GHC
- Using GHC e-mail systems or address information for any commercial purpose not related to GHC
- Broadcasting e-mail communications to users or GHC e-mail systems without the proper institutional or divisional approval. Such communications are subject to approval by designated GHC officials
- Intentional distribution of messages that contain viruses, worms, or other malicious code.
Electronic viruses, worms, and malicious software are constant threats to the security and safety of computer networks and computing environments. These threats can be minimized by using protected equipment and practice of safe computer habits.
All devices vulnerable to electronic viruses must be appropriately safeguarded against infection and retransmission. Global Health College has licensed anti-virus software for use by faculty, staff, and students. It is the responsibility of every user to ensure that anti-virus protection is current. Infected devices may be blocked and/or removed from the GHC Network Administrator.
Effective anti-virus protection includes, but is not limited to:
- Installing anti-virus software on all vulnerable devices.
- Configuring anti-virus software to provide real-time protection.
- Updating anti-virus software with new virus definition files as soon as available.
- Utilizing automated anti-virus updates.
- Executing virus scans on a frequent schedule.
- Refraining from opening e-mail attachments from unknown, suspicious, or untrustworthy sources.
- Refraining from downloading files from unknown or suspicious sources.
- Avoiding direct disk sharing with read/write access unless there is a business requirement to do so.
- Scanning removable media for viruses before use.
From Web Development
We protect our records in accordance with our obligations as defined by applicable Virginia statutes, including, but not limited to, the Virginia Privacy Protection Act of 1976, the Virginia Freedom of Information Act, and by any applicable U.S. federal laws.
Links to Other Web Sites
Our web site includes links to external sites. GHC is not responsible for the privacy practices of these outside sites. Although these sites have been evaluated, it is recommended that users read the individual policy statements of each web site when they leave a GHC server.
Information We Collect
When you access our web site, the routing, or client, information and the essential and nonessential technical information listed below is automatically collected. No other information is collected through our website except when you deliberately decide to send it to us (for example, by clicking on a link to send us an e-mail). The information you might choose to send us is listed below as “optional information.” GHC bears no responsibility for material presented that is unrelated to the College’s mission.
- Routing, or client, information: the Internet domain and Internet address of the computer you are using.
- Essential technical information: identification of the page or service you are requesting, type of browser and operating system you are using; and the date and time of access.
- Nonessential technical information: the Internet address of the website from which you linked directly to our website, and the “cookie information” as described below.
- Optional information: when you send us an email, your name, email address, and the content of your email; when you fill out online forms, all the data you choose to fill in or confirm; when you use Administrative Systems, user ID and passwords are encrypted before being transmitted across the network, and data that you choose to send is stored in a secure environment, protected from unauthorized access or disclosure. For those applications that process credit card payments, credit card number and expiration date are encrypted using a secure server for maximum security. Credit card numbers are not stored on servers accessible from the internet.
- Cookies: Our website may place a “cookie” on your computer, unless your browser is set to reject cookies. These cookies enable our website to recognize you when you return to the website at a later date or time and enables us to personalize the website with preferences or information you have provided during prior sessions. The cookie information placed on your computer could include the following: IP address, browser type, operating system, the date and time, whether or not you have visited a website before, where you went when you visited that website, and any preferences or customization that you might have set (including username and passwords).
How the Collected Information Is Used
Routing information is used to route the requested web page to your computer for viewing. We send the requested web page and the routing information to our Internet service provider or other entities involved in transmitting the requested page to you. We do not control the privacy practices of those entities. Essential and nonessential technical information helps us respond to your request in an appropriate format (or in a personalized manner) and helps us plan web site improvements.
Optional information enables us to provide services or information tailored more specifically to your needs or to forward your message or inquiry to another entity that is better able to do so, and also allows us to plan web site improvements.
We may keep your information indefinitely, but we ordinarily delete the transaction routing information from our web server within 60 days after the web page is transmitted and do not try to obtain any information to link it to the individuals who browse our web site. However, on rare occasions when a “hacker” attempts to breach computer security, logs of routing information are retained to permit a security investigation, and in such cases may be forwarded together with any other relevant information in our possession to law enforcement agencies. We use this transaction routing information primarily in a statistical summary type format to assess site content and server performance. We may share this summary information with our business partners when needed.
Optional information is retained in accordance with the records retention schedules at the Library of Virginia.
Under the Virginia Freedom of Information Act, any records in our possession at the time of a Freedom of Information Request might be subject to being inspected by or disclosed to members of the public. However, all identifiable confidential/personal information will be removed prior to releasing the routing information.
Choice to Provide Information
There is no legal requirement for you to provide any information at our website. However, our website will not work without routing information and the essential technical information. Failure of your browser to provide nonessential technical information will not prevent your use of our website, but may prevent certain features from working. Failure to provide optional information will mean that the particular feature or service associated with that part of the web page will not be available to you.