Harvard Medical School provides email accounts to faculty who have a primary academic appointment in a Basic or Social Science Department, post docs, research associates as well as HMS staff and students with a valid Harvard ID. Usage of the HMS email system indicates that you will abide by this policy. Once your appointment or job at HMS ends, your email and all related services such as mailing lists and remote access will be terminated. All questions or requests regarding this policy should be forwarded to the HMS IT Service Desk: itservicedesk@hms.harvard.edu.

Ownership of Data

Harvard Medical School's students, staff, and faculty are accorded many technical and informational resources for the purpose of performing the work necessary in support of the School's Mission. These resources, including but not limited to computing devices and software, scientific equipment, email accounts, and access to informational systems, are the property of Harvard Medical School and not of the individual student, staff, or faculty member.

For purposes of this policy, "email" is defined to include all offerings encompassing email, calendaring, contacts and contact management, and mailing lists and list management. All information published on these systems is HMS property and not to be used or redistributed for non-business purposes.

Proper Usage

Email is provided as a professional resource to assist HMS students, faculty and staff in fulfilling the educational, research and service goals of HMS. Incidental personal use is permitted as long as it does not have negative effects on any other email account, jeopardize the email system, get in the way of fulfilling your job or violate the law or any other provision of the HMS Electronic Communications Policy or of any other policy or guideline of Harvard University. HMS email is not HIPAA compliant and is not appropriate for clinical patient or clinical research data. Each user is responsible for using the email system in a professional, ethical, and lawful manner.

Material that is fraudulent, harassing, profane, obscene, intimidating, defamatory, or otherwise unlawful or inappropriate may not be sent by email or other forms of electronic communications. HMS reserves the right to revoke email and related privileges from any individual violating these policies.

Disguising and or Impersonating Email Identities; "Spoofing"

Users should not disguise their identity or username while using the HMS email system or alter the From line or any other indications of origin on emails or postings. Behavior of this type violates the guidelines for student and professional conduct and is equivalent to fabricating identities on any other written document.

Chain Email

Users should not initiate or forward chain email. Chain email is a message sent to a number of people asking each recipient to send copies with the same request to a specific number of others.

Sending Unsolicited Email

Users should not send unsolicited non-school related email to persons with whom they do not have a prior relationship.

Computer Resources

Users should not deliberately perform acts that waste or monopolize computer resources. These acts include but are not limited to non-school related mass mailings, spamming, bulk emails, chain letters, subscribing to excessive listservers and mailing lists, or creating excessive unnecessary traffic on the servers.


Email and other services are provided as a professional resource to assist our students, faculty, and staff in fulfilling the educational, research and service goals of the Harvard Medical School.

Each user is responsible for using the email system in a professional, ethical, and lawful manner.

Incidental personal use is permitted as long as it does not have any negative effects on any other email account, jeopardize the email system, interfere with fulfilling your job, or violate the law or any other policy guideline of Harvard Medical School or Harvard University.

Those found to be abusing their HMS email account are subject to the rules and regulations governing the abuse of any school property or resources.

In the event that you wish to report the receipt of abuse email, please forward it to abuse@hms.harvard.edu.

User Names and Passwords

Users are responsible for safeguarding their passwords. Passwords should be obscure and meet the following criteria:

  • The Password must be 8 characters or longer in length.
  • The Password must contain at least one number.
  • The Password must contain at least one uppercase letter.
  • The Password must contain at least one lower case letter.
  • The Password cannot contain your first, middle or last name.
  • The Password cannot contain your HMS account ID.

Passwords should not be printed, stored online or given to others. Email and related Electronic Communications accounts and passwords obtained from HMS IT are solely intended for your individual use and should not be shared. If a user must temporarily share their password with the Postmaster or IT Customer Service Representative (for example, to troubleshoot a problem), then the user should change the password as soon as possible afterward.

Note that passwords should never be shared with anyone claiming to be the Postmaster without positive identification. Electronic Mail users must comply with the Postmaster's request to change their passwords. Whenever possible users should choose their own passwords. We require that users change their email passwords once per year to maximize the protection to their accounts.

Privacy and Monitoring

Members of the HMS community have a reasonable expectation of privacy that will vary from workplace to workplace. The expectation of privacy is not absolute. There may be situations in which supervisors need to gain access to email in a users account that is necessary for the working of the group or department, in which emails are subpoenaed in litigation, and so forth. Any requests to gain access to email information will be directed to the Human Resources Department or the Office of Student Affairs for approval.

The HMS IT department is committed to maintaining the privacy of email and makes no attempt to monitor the content of emails. IT staff protects the confidentiality of users in all matters. But emails that are forwarded to IT staff from other email users that are fraudulent, harassing, profane, obscene, intimidating, defamatory or otherwise possibly unlawful or inappropriate will be sent to the designated office for review.

While public email standards continue to evolve and improve, users should not expect privacy with regards to their Internet emails. Users should be aware that emails are transmitted as clear text through the Internet and can be intercepted at any time by any server through which they are relayed. Emails are frequently incorrectly addressed and when sent correctly can be forwarded to any number of recipients unknown to the originator.


Never send confidential, proprietary or trade secret information via emails without first obtaining the authorization of a supervisor. This type of information is a valuable asset to your lab and or the school and each of us must make sure that it is protected from unauthorized disclosure.

Sensitive patient information should not be exchanged through email since the security of the information cannot be guaranteed. Any clinician using email to communicate with a patient should obtain permission from the patient and explain possible hazards prior to exchanging email messages.


Forwarding email isn't recommended, but not prohibited (except @ the Wyss Institute for Biologically Inspired Engineering and the Harvard School of Dental Medicine.


Sending mail through the HMS email system without authenticating is permitted via an approval process. Relaying is not allowed on individual accounts, but may be permitted for on quad applications and servers. Please contact the IT Service Desk via email or call 617-432-2000 for more information.

Software and Mailing List Distribution Policy

Any software or documentation distributed by, or downloaded from the Department of Information Technology of Harvard Medical School is subject to copyright laws and may not be distributed. This includes but is not limited to all email directories, email mailing lists, bulletin boards, and software applications that are obtained from HMS or its computer servers via the web, email or in disk format. Users willfully violating this policy will be reported to the proper organizations for the appropriate disciplinary action.


Users should not open attachments in email from senders unknown to the user. Attachments can contain dangerous computer viruses, which are frequently spread via email. Anyone suspecting that they have a computer virus should contact the HMS IT Service Desk at itservicedesk@hms.harvard.edu or by phone at 617-432-2000.  

Web Access Policy

Access to Electronic Mail through Web client software is subject to the same policies and guidelines as email obtained via a desktop client.