United States Department of Health and Human Services
Decorative bullet image: Home

HHS Home
Decorative bullet image: Questions?

Questions?
Decorative bullet image: Contact Us

Contact HHS
Decorative bullet image: Site Map

Site Map
HHS Logo Bottom
spacer image
    

HHS IRM Policy for Personal Use Of Information Technology Resources

January 8, 2001

HHS-IRM-2000-0003

TABLE OF CONTENTS


  1. Purpose
  2. Background
  3. Scope
  4. Policy

1. Purpose

The purpose of this Department of Health and Human Services (HHS) document is to establish policy for limited acceptable personal use of HHS owned information technology (IT) resources by staff and contract personnel. This policy establishes new privileges and additional responsibilities for employees in HHS. It recognizes these employees as responsible individuals who are the key to making government more responsive to its citizens. It allows employees to use HHS IT resources for non-government purposes when such use involves minimal additional expense to the government, is performed on the employee’s non-work time, does not interfere with the mission or operations of HHS and does not violate the Standards of Ethical Conduct for Employees of the Executive Branch.

This policy does not supercede or replace policies, procedures and responsibilities which encourage the utilization of the Internet to acquire information that will enable employees to achieve the Department’s mission, nor does it supersede existing agreements concerning the use of voice communications devices. This policy does not supersede any other applicable law or higher level agency directive, policy guidance, or existing labor management agreement in affect as of the effective date of this policy.

2. Background

The Executive Branch of the Federal Government serves the American people through hundreds of thousands of employees located in offices across the nation. Increasingly, the Government is called upon to deliver more and better services to a growing population that continues to expect ever-increasing improvements in service delivery. Much of this productivity increase has come about through the use of modern information technology such as computers, facsimile machines, and the Internet. This technology has raised new opportunities for its use by employees to live their lives more efficiently in balance with the overriding imperative that American taxpayers receive the maximum benefit for their tax dollars.

Taxpayers have the right to depend on their Government to manage their tax dollars wisely and effectively. Public confidence in the productiveness of government is increased when members of the public are confident that their government is well managed and assets are used appropriately. The relationship between the Executive Branch and the employees who administer the functions of the Government is one based on trust. Consequently, employees are expected to follow rules and regulations and to be responsible for their own personal and professional conduct. The Standards of Conduct states "Employees shall put forth honest effort in the performance of their duties" [Section 2635.101 (b)(5)].

HHS employees shall be provided with a professional supportive work environment. They shall be given the tools needed to effectively carry out their assigned responsibilities. Allowing limited personal use of these tools helps enhance the quality of the workplace and helps the Government to retain highly qualified and skilled workers.

This policy is based on a model policy adopted by the Chief Information Officers Council for the Executive Branch.

3. Scope

This policy applies to all Departmental Operating Divisions, including the Office of the Secretary, and organizations conducting business for and on behalf of the Department through contractual relationships when using HHS IT resources. The policies contained in this HHS document apply to all HHS IT activities including the equipment, procedures and technologies that are employed in managing these activities. The policy includes teleworking, travel and other off-site locations as well as all of the office locations of the Department. This policy does not supersede any other applicable law or higher level agency directive or policy guidance. Agency officials shall apply this policy to contractor personnel, interns, and other non-government employees through incorporation by reference in contracts or memorandums of agreement as conditions for using Government provided IT resources.

This policy supersedes the memorandum on "Limited Personal Use Policy of Government Equipment," dated August 5, 1999.

4. Policy

The following policies shall be in effect for each Operating Division unless the Operating Division adopts a more restrictive set of personal use policies or existing labor management agreements preclude one or more if the policies listed below.

      4.1 Employees are permitted limited personal use of HHS IT resources. This personal use shall not result in loss of employee productivity, interference with official duties or other than "minimal additional expense" to HHS in areas such as:

      • communications costs for voice, data, or video image transmission;
      • use of consumables in limited amounts (e.g., paper, ink, toner);
      • general wear and tear on equipment;
      • data storage on storage devices; and
      • transmission impacts with moderate e-mail message sizes, such as e-mails with small attachments.

      4.2 Employees have no inherent right to employ HHS IT resources for personal use.

      4.2 Unauthorized or inappropriate use of HHS IT resources could result in loss of use or limitations on use of equipment, disciplinary or adverse actions, criminal penalties and/or employees or other users being held financially liable for the cost of inappropriate use.

      4.4 Employees are expected to conduct themselves professionally in the workplace and to refrain from using government office equipment for activities that are inappropriate. Misuse or inappropriate personal use of HHS IT resources includes:

      • any personal use that could cause congestion, delay, or disruption of service to any HHS IT resource. For example, greeting cards, video, sound or other large file attachments can degrade the performance of the entire network as does some uses of "push" technology, such as audio and video streaming from the Internet.
      • the intentional creation, downloading, viewing, storage, copying or transmission of sexually explicit or sexually oriented materials;
      • the intentional creation, downloading, viewing, storage, copying or transmission of materials related to gambling, illegal weapons, terrorist activities, and any other illegal activities or activities otherwise prohibited;
      • use for commercial purposes or in support of "for-profit" activities or in support of other outside employment or business activity (e.g. consulting for pay, sales or administration of business transactions, sale of goods or services);
      • engaging in any outside fund-raising activity, including non-profit activities, endorsing any product or service, participating in any lobbying activity, or engaging in any prohibited partisan political activity;
      • posting agency or personal information to external newsgroups, bulletin boards or other public forums without authority, including information which is at odds with Departmental missions or positions. This includes any use that could create the perception that the communication was made in one’s official capacity as a Federal Government employee, unless appropriate Agency approval has been obtained;
      • establishing personal, commercial and/or non-profit organizational web pages on government owned machines;
      • use of HHS systems as a staging ground or platform to gain unauthorized access to other systems;
      • the creation, copying, transmission, or retransmission of chain letters or other unauthorized mass mailings regardless of the subject matter;
      • use of HHS IT resources for activities that are illegal, inappropriate, or offensive to fellow employees or the public. Such activities include, but are not limited to: hate speech, or material that ridicules others on the basis of race, creed, religion, color, age, sex, disability, national origin, or sexual orientation;
      • the addition of personal IT resources to existing HHS IT resources without the appropriate management authorization, including the installation of modems on HHS data lines and reconfiguration of systems;
      • use that could generate more than minimal additional expense to the government;
      • the intentional unauthorized acquisition, use, reproduction, transmission, or distribution of any controlled information including computer software and data that includes information subject to the Privacy Act, copyrighted, trade marked or material with other intellectual property rights (beyond fair use), proprietary data, or export controlled software or data; and
      • use or creation of unauthorized list servers or the distribution of unauthorized newsletters;
      • using another person’s digital authentication;
      • sending anonymous messages; and
      • avoiding established security procedures.

      4.6 Operating Divisions may adopt policies that are more restrictive than those contained in this Departmental policy.

      4.7 Future labor management agreements shall comply with this policy.

      4.8 Any use of HHS IT resources, including e-mail, is made with the understanding that such use may not be secure, is not private, is not anonymous an may be subject to disclosure under the Freedom of Information Act (FOIA). HHS employees do not have a right to, nor shall they have an expectation of, privacy while using HHS IT resources at any time, including accessing the Internet through HHS gateways and using e-mail, which may be subject to release pursuant to the Freedom of Information Act. To the extent that employees wish that their private activities remain private, they shall avoid making personal use of HHS IT resources.

      4.9 Electronic data communications may be disclosed within the Department to employees who have a need to know in the performance of their duties (e.g., with manager approval technical staff may employ monitoring tools in order to maximize the utilization of their resources, which may include the detection of inappropriate use).

      4.10 The privacy rights of an individual may not be violated.


      5. Roles and Responsibilities

      5.1 The OPDIV CIOS

      Operating Division CIOs are responsible for:

      5.1.1. the dissemination of this policy to all employees within their respective organizations;

      5.2.2. developing and maintaining the OPDIV personal use policy if, and only if, the OPDIV develops more restrictive policy.

      5.2 Management Officials

      5.2.1. Management officials, in their supervisory role, are responsible for:

      5.2.1.1. informing users of their rights and responsibilities, including the dissemination of the information in this policy to individual users;

      5.2 1.2. addressing inappropriate use by employees who report to them;

      5.2.1.3. receiving reports of inappropriate use from IT resource management officials and sharing these reports, as appropriate, within their own management structure; and

      5.2.1.4. notifying, when appropriate, law enforcement officials.

      5.2.2. Managers of HHS IT resources may use system monitoring software in order to improve the performance of the resource. When a resource manager identifies an inappropriate use, he/she shall notify the Operating Division CIO through the normal chain of command and, as appropriate, terminate the access of the individual(s) to the IT resource after informing the Operating Division CIO of the action to be taken.

      5.3 HHS Employees and Users of HHS IT Resources

      Users, including employees, and contractors when using HHS IT equipment, are responsible for:

      5.3.1. seeking guidance from their supervisors when in doubt about the implementation of this policy;

      5.3.2. ensuring that they are not giving the false impression that they are acting in an official capacity when they are using HHS IT resources for non-government purposes. If there is expectation that such a personal use could be interpreted to represent an agency, then an adequate disclaimer shall be used. For example:

        "The contents of this message are mine personally and can not be construed to be endorsed (inferred or implied) by the Government nor by my agency."

      5.3.3. following policies and procedures in their use of IT Resources (e.g., Internet and e-mail) and refraining from any practices which might jeopardize HHS computer systems and data files, including but not limited to virus attacks, when downloading files from the Internet;

      5.3.4 learning about Internet etiquette, customs and courtesies, including those procedures and guidelines to be followed when using remote computer services and transferring files from other computers (e.g., IETF RFC 1780);

      5.3.5. familiarizing themselves with any special requirements for accessing, protecting and utilizing data, including Privacy Act requirements, copyright requirements, and procurement sensitive data; and

      5.3.6 adhering to all conditions set forth in section 4.5.

      6. Applicable Laws/Guidance

      Generally, HHS employees may use HHS IT resources for authorized purposes only. As set forth below, limited personal use of the government office equipment by employees during non-work time is considered to be an "authorized use" of Government property. Authority for this policy is 5 U.S.C. sec 301, which provides that the head of an executive department or military department may prescribe regulations for the use of its property; and Executive Order 13011, Federal Information Technology, section 3(a)(1), which delineates the responsibilities of the Chief Information Officer (CIO) Council by providing recommendations to agency heads relating to the management and use of information technology resources. Other authorities include:

      • Computer Security Act of 1987, PL 100-235, 101 Stat. 1724
      • The Privacy Act
      • The Hatch Act (Standards of Conduct)
      • The Freedom of Information Act
      • OMB Circular A-130, "Management of Federal Information Resources"
      • Standards of Ethical Conduct for Employees of the Executive Branch" promulgated by the Office of Government Ethics
      • IETF RFC 1780 J. Postel, "Internet Official Protocol Standards," March 28, 1995

      7. Information and Assistance

      Direct questions, comments, suggestions or requests for further information to the Deputy Assistant Secretary for Information Resources Management, (202) 690-6162.

      8. Effective Date/Implementation

      The effective date of this policy is the date the policy is approved.

      These policies and procedures will not be implemented in any recognized bargaining unit until the union has been provided notice of the proposed changes and given an opportunity to fully exercise its representational rights.

      The HHS policies contained in this issuance shall be exercised in accordance with Public Law 93-638, the Indian Self-Determination and Education Assistance Act, as amended, and the Secretary's policy statement dated August 7, 1997, as amended, titled "Department Policy on Consultation with American Indian/Alaska Native Tribes and Indian Organizations." It is

      HHS' policy to consult with Indian people to the greatest practicable extent and to the extent permitted by law before taking actions that effect these governments and people; to assess the impact of the Department's plans, projects, programs and activities on tribal and other available

      resources; and to remove any procedural impediments to working directly with tribal governments or Indian people.

      9. Approved

      ____/s/______________________________ 01/08/01

      John J. Callahan
      Assistant Secretary for Management and Budget

      Glossary

      • Browser - a software tool used to locate and view data in standardized formats on other computers.
      • Employee non-work time - times when the employee is not otherwise expected to be addressing official business. Employees may, for example, use government office equipment during their own off-duty hours such as before or after a workday (subject to local office hours), lunch periods, authorized breaks, or weekends or holidays (if their duty station is normally available at such times).
      • HHS Information Technology resources - includes but is not limited to: personal computers and related peripheral equipment and software, network and web servers, telephones, facsimile machines, photocopiers, Internet connectivity and access to internet services, e-mail and, for the purposes of this policy, office supplies. It does not include data stored in or transported by such resources.
      • Information technology - any equipment or interconnected system or subsystem of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data.
      • Internet - a worldwide electronic system of computer networks which provides communications and resource sharing services to government employees, businesses, researchers, scholars, librarians and students as well as the general public.
      • Minimal additional expense - the employee’s personal use of HHS IT resources is limited to those situations where the government is already providing equipment or services and the employee’s use of such equipment or services shall not result in any additional expense to the government or the use will result in only normal wear and tear or the use of small amounts of electricity, ink, toner or paper. Examples of minimal additional expenses include making a few photocopies, using a computer printer to printout a few pages of material, making occasional brief personal phone calls (within agency policy and 41 CFR 101-35.201), infrequently sending personal e-mail messages, or limited use of the Internet for personal reasons.
      • Personal use - activity that is conducted for purposes other than accomplishing official or government business. HHS employees are specifically prohibited from using government office equipment to maintain or support a personal private business. Examples of this prohibition include employees using a government computer and Internet connection to run a travel business or investment service. The ban on using government office equipment to support a personal private business also includes employees using HHS IT resources to assist relatives, friends, or other persons in such activities. Employees may, however, make limited use under this policy of government office equipment to, for example but not limited to, check their Thrift Savings Plan or other personal investments, or to seek employment, or communicate with a volunteer charity organization.
      • Privilege - in the context of this policy, that HHS is extending the opportunity to its employees to use HHS IT resources for personal use in an effort to create a more supportive work environment. However, this policy does not create the right to use HHS IT resources for non-government purposes. Nor does the privilege extend to modifying such equipment, including loading personal software or making configuration changes.
      • Shared HHS IT resource - any HHS IT resource that is managed by one HHS organization but used by many (e.g., the PSC Network).
      • World-wide Web (WWW) - The collection of web pages (documents) which are developed in accordance with the HTML (hypertext) Web format standard and may be accessed via Internet connections using a WWW browser.

Last revised: November 13, 2003

HHS Home | Questions? | Contact HHS | Site Map | Accessibility | Privacy Policy | Freedom of Information Act | Disclaimers

The White House | FirstGov

U.S. Department of Health & Human Services · 200 Independence Avenue, S.W. · Washington, D.C. 20201