Web, Data, and Cloud Storage

Access to the Internet is provided as a communications tool and an information resource to facilitate the performance of job- or academic-related functions. This policy applies to any Internet service accessed on or from a Mount Sinai Health System facility, provided by the school, accessed using school-owned equipment, or used in a manner that identifies the individual with the ISMMS or Mount Sinai Health System. The Mount Sinai Health System reserves the right to review any information, files, or communications sent, stored, or received on its computer systems.

Inappropriate use of the Internet may result in loss of access privileges and in disciplinary action up to and including dismissal. Students, faculty, and employees are prohibited from using Mount Sinai Health System-provided Internet services in connection with any of the following activities:

• Engaging in illegal, fraudulent, or malicious conduct

• Working on behalf of organizations without a professional or business affiliation with the Mount Sinai Health System

• Sending, receiving, or storing offensive, obscene, or defamatory materials

• Obtaining unauthorized access to any computer system

• Using another individual’s account or identity without explicit, written authorization

• Attempting to test, circumvent, or defeat the security or crediting systems of the Mount Sinai Health System or any other organization without prior authorization from Information Management Systems and Services/Security and Corporate Data Administration (IMSS/SACDA) or ISMMS IT

• Any use or activity that impedes Mount Sinai Health System operations

Users of school-provided cloud services, such as Google Apps for Education and Box.com, have the ability to share files with colleagues within or outside the Mount Sinai Health System for academic collaboration purposes. Students, faculty, and employees must not, under any circumstances, share unencrypted files containing PHI or other confidential information with colleagues outside the Mount Sinai Health System. As mentioned, compliance begins by being aware of the data that one is generating and by following appropriate steps to secure such content if it contains protected or other confidential information.