MUSCMedical LinksCharleston LinksArchivesMedical EducatorSpeakers BureauSeminars and EventsResearch StudiesResearch GrantsCatalyst PDF FileCommunity HappeningsCampus News

Return to Main Menu

New policy includes network monitoring

by George Spain
CCIT Technical Publisher
A revised MUSC Computer Use Policy (CUP) puts more emphasis on personal responsibility, advises users that their computer use may be audited or monitored, and warns them that “the confidentiality of their electronic communications cannot be guaranteed by the university.”

“While some might perceive these provisions as less than collegial, they are really just an acknowledgement of what has evolved over the past several years with the technology and the law,” said Richard Gadsden, CCIT’s director of security.

Gadsden and C. Frank Starmer, Ph.D., associate provost for information technology, were the main architects of the policy that was adopted by the MUSC Board of Trustees on Oct. 12, after review by the SGA and the Faculty Senate. It replaces the previous policy established back in 1996, when the Internet and the World Wide Web were still fairly new.

The new CUP can be found on the Web http://www.musc.edu/ccit/cup/cup2001.html. Some highlights follow…

Personal responsibility
It’s up to you to refrain from accessing confidential information you’re not authorized to access, and to protect the confidentiality of any information which you do access (Section V, part B., number 1). It is up to you to make sure you do not misrepresent or willfully conceal your identity on the MUSC network (Section V, part C., number 1). It is up to you to make sure you respect the legal rights of copyright holders when you access or share copyrighted materials (Section V, part E, number 1), and that you do not make unauthorized copies of licensed software (Section V, part F, number 2). And finally, it’s up to you to maintain the security of any computers you are responsible for, keeping virus protection software and other critical system components up to date (Section V, part D., number 4).

Monitoring your computer use
The policy reminds users that the “…university reserves the right to monitor user activities on all university computer systems, and to monitor communications utilizing the university network, to ensure compliance with university policy, and with federal, state and local law.” However, the policy also assures users that “…monitoring shall be performed only by individuals who are specifically authorized, and only the minimum data necessary to meet institutional requirements shall be collected.” (Section II, paragraph 4).

One example of network monitoring can be found in the electronic medical record (EMR) process. 

In response to the Health Insurance Portability and Accountability Act (HIPPA) and MUHA patient confidentiality policy, audits are conducted on a regular basis to see who’s accessing patient data, said Sharon Knowles, MUHA’s information security officer.

“Right now, the audits are only being conducted on the EMR’s of employees who are also inpatients here,” Knowles said. “Employees who are patients have the same privacy rights that any other patients have,” she said. “The electronic medical record displays an excellent picture of whose record and what information was accessed using the OACIS web interface.”

Consequences of policy violations
Breaches of this policy are “treated as violations of the applicable university ethics policies…” (Section VI, paragraph 1) which can lead to disciplinary action. “Violations of public law which involve university computer and communication systems may be subject to prosecution by local, state or federal authorities” (paragraph 2). 

In addition, “University faculty, students, or staff who knowingly violate copyright and/or license terms (for example, by making or using an unauthorized copy of a copyrighted or licensed software product) may be personally liable for their actions.” (paragraph 3).

“We spelled this out in detail because we want people to know that they can be held accountable for their actions on the campus network,” Gadsden said. “In general, we do not go looking for trouble, but when suspected misuse of the network is reported, we are required to provide any relevant evidence to the appropriate authorities.”
 

New version of GroupWise released

As of Wednesday morning a new version (6.01) of the GroupWise e-mail client has been in operation. The upgrade self-installed the first time you opened you GroupWise mail.

The new version contains several enhancements along with bug fixes. Read more about this at its Web site http://www.musc.edu/groupwise/NewGroupWise.htm
To get the process started, users should have logged out and then logged back in Wednesday morning.

This upgrade will not cause any e-mail loss.

You didn't notice any change if you were a member of CCIT, the Digestive Disease Center, or the Institute of Psychiatry—departments whose e-mail had already been updated.

The most noticeable and important change was to the “Notify” feature. “Notify” no longer is a separate program, but is built into the GroupWise e-mail client. “Notify” is launched from within the GroupWise client (if you chose to do so).

If you haven’t done it already, enable “Notify” by launching Groupwise 6.01, then go under the menu items: Tools >Options >Environment, then select >Launch Notify at startup.

From then on, when you start GroupWise, “Notify” will run. Important: When you close GroupWise, you also close “Notify.”

If you had any problems with this process, contact the Help Desk at 792-9700.