KUMC Appropriate Use of Information Systems
The University of Kansas Medical Center provides computing, networking, and information resources to its students, faculty, and staff, in support of the University's mission of teaching, research, and public service.
The University of Kansas Medical Center expects all members of its community to use its computing and network resources in a responsible and ethical manner. Information technology equipment and resources at KUMC are owned by the State of Kansas and administered by the Information Resources Department. Open access to these resources is a privilege subject to appropriate use.
For guidelines which apply specifically to the appropriate use of Internet Resources provided by the University of Kansas Medical Center, refer to the Internet Use Policy.
For guidelines which apply specifically to the appropriate use of the Electronic Mail system provided by the University of Kansas Medical Center, refer to the Electronic Mail Policy.
The University of Kansas Medical Center seeks to enforce its policies regarding harassment and the safety of individuals; to protect itself against seriously damaging or legal consequences; to prevent the posting of proprietary software or the posting of electronic copies of literary works in disregard of copyright restrictions or contractual obligations; and to safeguard the integrity of computers, networks, and data, either at the University of Kansas Medical Center or elsewhere.
Individuals and Groups Covered By This Policy
- Full-time, part-time and volunteer faculty, administrative and support staff
- Emeritus faculty
- Full-time and part-time students
- Affiliated campus corporations or non-profit groups
- Other groups and organizations relying on kumc.edu as a host through contractual relationships.
The University of Kansas Medical Center encourages the use of its computing and network resources by students, faculty and staff to further its mission:
- the highest quality instruction
- high levels of research productivity
- excellence in patient care
- service to Kansas, the nation, and the world through research, teaching, and the preservation and dissemination of knowledge
- preparation of its students for lives of learning and for the challenges that educated citizens will encounter in an increasingly complex and diverse global community
- fostering a multicultural environment in which the dignity and rights of the individual are respected, and in which intellectual diversity, integrity, and disciplined inquiry into the search for knowledge are of paramount importance.
I. General Computer and Network Resources Access Rules
Access to the University's computing and network resources is provided for use in activities relating to instruction, research, and public service. Limited personal use is also permitted provided that such use does not:
- interfere with University of Kansas Medical Center operations.
- generate incremental identifiable costs to the University of Kansas Medical Center.
- negatively impact the user's job performance.
- involve other employment, the operation of a personal business, or other similar commercial or business activities without prior approval by the Executive Vice Chancellor (EVC) or the EVC's designate
- violate the University codes of conduct, regulations, policies, or laws.
- violate Federal or State laws.
- display, print, store, or transmit electronic information (text, images, video or sound) that could be offensive to a reasonable person and could create a potentially hostile environment for employees or visitors except as may be appropriate in the educational, research, or clinical contexts.
Users must respect the rights of other users and the integrity of the systems and related physical resources. Users must also respect intellectual property, ownership of data, software licensing and contractual obligations, system security mechanisms, and individuals' rights to privacy and freedom from harassment.
II. Specific Examples of Inappropriate Use
Examples of inappropriate use include, but are not limited to:
- Using University computer and network resources for illegal activities. (May include obscenity, child pornography, threats, harassment, copyright infringement, defamation, theft.)
- Using a University computer account without authorization (attempting to access or accessing another's account, private files, or e-mail without the owner's permission.)
- Obtaining a password for a University computer account without the consent of the account owner.
- Intentionally creating, modifying, or copying files to or from areas to which the user has not been granted access.
- Allowing access to University owned computer resources by unauthorized users.
- Altering system software or hardware configurations without authorization.
- Using University computer and network resources to gain unauthorized access to computer facilities off-campus.
- Knowingly interfering with the normal operation of computers, terminals, peripherals, or networks. This includes but is not limited to loading programs known as computer viruses, Trojan horses, and worms.
- Intentionally using an abnormally large amount of resources, such as processing time or disk space, without prior permission.(e.g. sending campus wide broadcast e-mail.)
- Attempting to circumvent data protection schemes or uncover security loopholes.
- Violating terms of applicable software licensing agreements or copyright laws (installing, copying, distributing or using software in violation of copyright and/or software agreements.)
- Downloading or sharing with others, whether through "peer-to-peer" software or other means, copyrighted movies, music, or other copyrighted multimedia material.
- Masking the identity of an account or machine.( Disguising ones identity in any way, including the sending of falsified messages, removal of data from system files, and the masking of process names.)
- Posting materials on electronic bulletin boards that violate existing laws or the University's regulations.
- Using University computer and network resources for commercial or profit-making purposes without written authorization from the University.
- Failing to adhere to individual departmental or unit lab system policies, procedures, and protocol.
NOTE: Activities will not be considered misuse when authorized by appropriate University officials for security, performance testing or research, or when conducted in an educational, research or clinical context.
Reporting Alleged Appropriate Use Policy Violations
To report a suspected violation of this policy, contact the Information Resources Department Security Administrator. Employees who, in the course of their routine duties, encounter clear evidence of use of university equipment for illegal activities are obligated to report that activity to their managers.
Suspected or known misuse of computing, network or information resources will be reported to the appropriate University officials, and may result in:
- Loss of computing privileges.
- Accountability for conduct under any applicable University or campus policies, procedures, or collective bargaining agreements.
- Prosecution under applicable statutes.
Suspected or known violations of University regulations and/or State and Federal law will be processed by the appropriate University authorities and/or law enforcement agencies.
For information on this policy, please contact:
Associate Vice Chancellor for Information Resources
Chief Information Officer
University of Kansas Medical Center
2100 West 39th
Kansas City, Kansas 66160
Director of Information Security
Department of Information Resources
University of Kansas Medical Center
1020 Taylor, 3901 Rainbow Blvd
Kansas City, Kansas 66160
Computing and Network Resources: Any information service, system, or access software and hardware that enables computer access by multiple users to a server, a service or system that provides access to the Internet and such systems operated or services offered by the University of Kansas Medical Center.
2014-07-17: Updated contact information.
2014-02-28: Reviewed and move into KU Policy Library.
2013-04-18: Reviewed with no changes.
2012-04-27: Reviewed with no changes.
2011-09-21: Revised to include references to ITEC Policy 1200.