This chapter covers campus-wide policies, regulations, and requirements for the ISMMS Graduate School of Biomedical Sciences. Students can find the following information in this chapter.

• Rules of Conduct

• Student Behavior

• Faculty, Staff, and Student Relations

• FERPA

• ISMMS Social Media Guideline

• Acceptable Use of Technology Policy

  • Use of Hardware and Software

  • Web, Data, and Cloud Storage

  • Email and Collaboration Technology Usage

  • Protected Health Information and Other Confidential Information

  • Secure Messaging and Encryption

• ISMMS Policy on Business Conflicts of Interest

• Student Intellectual Property

Just as students are expected to behave in an appropriate and professional manner at all times, so also are faculty, staff, and other employees. Any allegations concerning harassment, abuse, or inappropriate professional behavior should be brought directly to the attention of one of the Associate Deans of the Graduate School or to a member of the Harassment Committee and Grievance Board.

The Executive Faculty has approved the following statement of principles concerning interactions among faculty, house staff, and students.

All interpersonal interactions at ISMMS will be conducted in an atmosphere of respect and concern for the dignity of every individual. Under no circumstances will patients, students, faculty, or staff of Mount Sinai be treated, spoken to, or spoken about in a demeaning manner. Insulting language or behavior must not be tolerated. Faculty, house staff, and students are encouraged to speak up directly and immediately against unacceptable behavior or speech. If a student feels that it would be unwise to pursue such a matter directly, she/he/they should discuss the issue promptly with an appropriate academic supervisor, administrative supervisor, or dean.

Following are recommendations regarding the implementation of these principles:

• Chairs of all departments will address these issues at a departmental administrative meeting or grand rounds every year

• Directors of training and course directors are encouraged to discuss (in a non-threatening format), with faculty and house staff, the etiology of inappropriate behavior and engage their collaboration in developing and implementing improvements

• Directors of training and course directors will ask for student evaluations of this aspect of their experience as part of their evaluations with every group of students

• Faculty and house staff will be advised that while appropriate personal behavior is absolutely necessary, it is insufficient. It is also required that inappropriate behavior or language on the part of others must not go without comment

• The Dean will issue an advisory regarding this policy to all faculty, house staff, and students. New members of the faculty, house staff and student body will be given copies of this advisory.

• The Executive Curriculum Committee will periodically assess students' experiences to gauge the effectiveness of this initiative.

The Family Educational Rights and Privacy Act (FERPA) of 1974 and its subsequent amendments afford students certain rights with respect to their educational records.

As detailed below, students have the right to:

• Inspect and review their education records.

• Seek amendment of their education records if they believe them to be inaccurate, misleading, or otherwise in violation of their privacy rights.

• Consent to certain disclosures of personally identifiable information contained in their education records.

• File complaints with the Department of Education concerning any alleged failure to comply with FERPA’s requirements.

For more information on institution’s FERPA policy, consult the .

Social media are internet-based applications, which support and promote the exchange of user-developed content. Some current examples include Facebook, Twitter, Wikipedia, TikToK, and YouTube. Posting personal images, experiences and information on these kinds of public sites poses a set of unique challenges for all members of the Mount Sinai community, including employees, faculty, house staff, fellows, volunteers and students (collectively “Personnel”). All personnel have responsibility to the institution regardless of where or when they post something that may reflect poorly on Mount Sinai. Mount Sinai is committed to supporting students' right to interact knowledgeably and socially; however, these electronic interactions have a potential impact on patients, colleagues, Mount Sinai, and future employers’ opinions. The principal aim of this Guideline is to identify student responsibilities to Mount Sinai in relation to social media and to help students represent themselves and Mount Sinai in a responsible and professional manner. The full Guideline may be found here.

The administration and faculty of the School are committed to providing a safe and healthy learning environment for all students. Students should conduct themselves appropriately everywhere on the campus of ISMMS, and at affiliated institutions. Appropriate behavior is mandatory when participating in patient care or attending any functions at which patients may be present. In small group seminars, as well as during clinical activities, students are evaluated not only on their fund of knowledge and ability to use this knowledge but also on their responsibility, dependability, reliability, maturity, motivation, attitude, honesty, integrity, and ability to relate and interact effectively with others.

Equally important, however, is the realization that one's responsibilities do not end with individual behavior but also include not tolerating inappropriate behavior among others. While formal mechanisms, outlined in other sections, exist to provide due process for any specific allegations of inappropriate behavior, general issues should be able to be discussed freely among peers, faculty, and administration. Concerns requiring confidentiality should be discussed with the Dean of Graduate School, individual faculty advisors, or through the School’s Ombudsman Program.

All members of the School community, including faculty, students, organizations, members of the staff of the School, and all visitors and other licensees and invitees, are expected to obey all national, state and local laws.

All members of the School community are prohibited from conduct which is proximate cause of or does unreasonably and unduly impede, obstruct or interfere with the orderly and continuous administration and operation of the School in the use of its facilities and the achievement of its purposes as an educational institution, or in its rights as a campus proprietor. Such conduct shall include, but is not limited to, that which is the actual or proximate cause of any of the following:

• Unreasonable interference with the rights of others

• Intentional injury to School property

• Unauthorized occupancy of classrooms, laboratories, libraries, faculty and administrative offices, patient care facilities, auditoriums, public halls and stairways, recreational areas and any other facilities used by the School (unauthorized occupancy being defined as failure to vacate any such facility when duly requested by the Dean, an Associate Dean, Assistant Dean, Hospital Administrator of similar responsibility or chair of a department of the School)

• Malicious use of or intentional damage to personal property, including records, papers and writings of any member of the School community

• Any action or situation which recklessly or intentionally endangers the mental or physical health or involves the forced consumption of liquor or drugs for the purpose of initiation into or affiliation with any organization

Violations of these policies and regulations by students shall be referred to the Dean of the Graduate School. Students in violation may be expelled in addition to any other criminal or civil penalties.

Nothing contained in any of the foregoing Rules and Regulations is intended to nor shall it be construed to limit or restrict freedom of speech or of peaceful assembly, or other individual rights guaranteed by the Constitution.

ISMMS expects that all persons who use school computing hardware, software, networking services, or any property related or ancillary to the use of these facilities will abide by the following policy statement:

School information technology resources are provided with the expectation that the school community will use them in a spirit of mutual cooperation. Resources are limited and must be shared. Everyone will benefit if users avoid activities that cause problems for others who use the same system.

Any access to or sharing of protected or confidential information must comply with Mount Sinai Health System policies, including HIPAA, the Family Education Rights and Privacy Act, and the appropriate use of technology guidelines defined in this document. Remember that compliance begins by being aware whether your communication could contain protected or other confidential data and by taking the appropriate steps to secure such content. Your responsibilities within the Mount Sinai Health System extend to a variety of other forms of daily communication, including public areas, telephone use, texting, and social media technologies.

All hardware, software, and related services are supplied by the school for the sole purpose of supplementing and reinforcing the school’s educational, research, and clinical goals as set forth in the student and faculty handbooks and other mission statements of the school. These documents may be found elsewhere.

All students, faculty, and employees should use only the provided hardware, software, or services which they are authorized to use.

All hardware devices using school or hospital email, file, or collaboration services, including personal laptops, must be encrypted, while ActiveSync must be installed and enabled for personal smartphones. Thumb drives or any storage devices that contain protected health information (PHI) or other confidential information must also be encrypted. For more information or support, please contact the Academic IT Support Center (1.212.241.7091, email: ASCIT@mssm.edu).

Individuals may not extend their use of the resources described for any purpose beyond their intended use or beyond those activities sanctioned in school policy statements.

In particular, no one may use hardware and software:

• To acquire personal profit or gain

• To harass, threaten, or otherwise invade the privacy of others

• To initiate or forward email chain letters

• To cause breaches or disruptions of computer, network, or telecommunications systems

• To initiate activities which unduly consume computing or network resources

• To transmit sensitive or proprietary information to unauthorized persons or parties

It is a specific violation of these guidelines to provide account passwords to individuals who are not the owners of the accounts or to obtain passwords to or use others’ accounts.

It is against this policy to copy or reproduce any licensed software or media, except as expressly permitted by the license. Unauthorized use or distribution of software, media, or digital content is a violation of this policy.

Individuals who violate the aims of this policy will be subject to disciplinary action or to referral to law enforcement authorities without prior notification of those who have sent or received such messages. ISMMS IT personnel are authorized to monitor suspected violations and to examine items stored on any school storage medium by individuals suspected of violating this policy.

Access to the Internet is provided as a communications tool and an information resource to facilitate the performance of job- or academic-related functions. This policy applies to any Internet service accessed on or from a Mount Sinai Health System facility, provided by the school, accessed using school-owned equipment, or used in a manner that identifies the individual with the ISMMS or Mount Sinai Health System. The Mount Sinai Health System reserves the right to review any information, files, or communications sent, stored, or received on its computer systems.

Inappropriate use of the Internet may result in loss of access privileges and in disciplinary action up to and including dismissal. Students, faculty, and employees are prohibited from using Mount Sinai Health System-provided Internet services in connection with any of the following activities:

• Engaging in illegal, fraudulent, or malicious conduct

• Working on behalf of organizations without a professional or business affiliation with the Mount Sinai Health System

• Sending, receiving, or storing offensive, obscene, or defamatory materials

• Obtaining unauthorized access to any computer system

• Using another individual’s account or identity without explicit, written authorization

• Attempting to test, circumvent, or defeat the security or crediting systems of the Mount Sinai Health System or any other organization without prior authorization from Information Management Systems and Services/Security and Corporate Data Administration (IMSS/SACDA) or ISMMS IT

• Any use or activity that impedes Mount Sinai Health System operations

Users of school-provided cloud services, such as Google Apps for Education and Box.com, have the ability to share files with colleagues within or outside the Mount Sinai Health System for academic collaboration purposes. Students, faculty, and employees must not, under any circumstances, share unencrypted files containing PHI or other confidential information with colleagues outside the Mount Sinai Health System. As mentioned, compliance begins by being aware of the data that one is generating and by following appropriate steps to secure such content if it contains protected or other confidential information.

In addition to ensuring that one's device is encrypted, students must select an email encryption option if sending PHI or other confidential information to an external recipient.

To activating the email encryption option:

• Microsoft Exchange users should include the word [secure] within square brackets in the subject line of the message. The recipient will be asked to self-enroll when the message is opened. The secure send mechanism can be used in any email client (e.g., Outlook, Outlook Web Access, smartphone).

• Google Apps users should install the Virtru add-on to the browser and/or device (go to http://www.virtru.com for instructions). When composing a message, select the “Virtru Protection is on” option.

Spam and Inappropriate Use of Messaging Tools

ISMMS systems, including email, are intended for official business use. Inappropriate use may result in disciplinary actions and loss of access privileges. Unsolicited mass emailing of materials not related to school business is considered spam and may result in the loss of access privileges.

Student Privacy, Secure Email, and Phishing

Students should remember to take care when opening attachments or following links contained in email messages. Students should verify with the sender of the message if receiving an unexpected attachment or an email that contains suspicious links. Students should be especially cautious of emails that have been quarantined. Unless one is expecting a quarantined message, students should not release the email.

Students should also take care with any messages that ask you to provide private information (e.g., birthdays, social security number, credit card numbers, user account passwords). These messages might actually be phishing attempts by persons pretending to be from legitimate companies or organizations. When in doubt, students should contact the party requesting the information for confirmation. Users should not rely on the contact information contained in the email but use the contact information typically found on the company website or on the back of a bank or credit card.

All hardware devices, including students' own devices and personal laptops, on which school email, file, or collaboration services are used must be encrypted. AirWatch MDM must be enabled for personal smartphones. Thumb drives or any storage devices that contain PHI data must also be encrypted. For more information or support, students should contact the Academic IT Support Center (1.212.241.7091, email: ASCIT@mssm.edu). Students, faculty, and employees are responsible for ensuring that their devices are password enabled and encrypted.

The key points of the above policies are as follows:

• Students may use only an ISMMS email account to communicate protected or confidential information. Emails containing PHI, financial information, or other confidential ISMMS information and/or social security numbers may not be sent or redirected to non-ISMMS email accounts.

• The minimum necessary amount of PHI should be disclosed via email. When at all possible, student should use the Medical Record number, rather than the patient name, as the patient identifier.

• Messages that leave the Mount Sinai Health System network and contain PHI or other confidential information must be encrypted using the ISMMS IT-approved solution described as follows.

• Messages sent within the Mount Sinai Health System network are automatically encrypted.

• Encryption will not prevent misdirection or unintended forwarding of a previous string of emails. Extreme caution must be exercised to prevent such risks. Students should be aware of their generated content.

Email and collaboration technologies, including Google Apps for Education, are provided to assist and facilitate scholarly communication and collaboration. These technologies are provided for official business and educational use in the course of assigned duties. The school reserves the right to access and disclose all messages sent over its electronic mail systems for the purposes of monitoring security breaches and investigating inappropriate usage as defined in this policy. The Mount Sinai Health System is obligated to comply with legal subpoenas, court orders, and similar lawful requests from external regulators or authorities.

Inappropriate use of email and/or collaboration technology may result in loss of access privileges and disciplinary action up to and including dismissal. Inappropriate use includes but is not limited to:

• Unauthorized attempts to access others’ email accounts

• Transmission of protected and/or confidential information to unauthorized persons or other organizations

• Transmission of obscene or harassing messages to any other individual

• Transmission of offensive material, solicitations, or proselytization for commercial ventures, religious or political causes, or other non-job-related solicitations

• Any illegal, unethical, or other activity that could adversely affect the Mount Sinai Health System

Mount Sinai Medical Center has an obligation to ensure that its trustees, faculty, employees and other staff and students adhere to the highest standards of ethical conduct free from any improper external influence or any appearance of impropriety. Situations can occur in which an independent observer might reasonably conclude that the potential for individual or institutional conflict could influence the manner in which individuals carry out their responsibilities or the decisions made by the institution. Even in the absence of an actual conflict of interest, such situations may require actions to minimize the appearance of a conflict.

At the same time, Mount Sinai understands that such individuals and their close family members may have relationships that could raise perceived or actual conflicts of interest, but could benefit Mount Sinai if carefully examined and properly managed.

In order to safeguard the integrity of both Mount Sinai and its constituents, Mount Sinai has adopted a rigorous conflicts policy predicated on full disclosure and appropriate management of any possible conflict of interest. This Policy on Business Conflicts of Interest (the “Policy”) identifies those persons or entities covered by this Policy, sets out the requirements for disclosing potential business conflicts of interest, and specifies the procedures for reviewing such disclosures and determining what measures, if any, should be instituted to manage the conflict.

This Policy is intended to cover conflicts that arise out of business relationships. Mount Sinai has related policies that cover other types of conflicts, such as Mount Sinai’s Policy on Financial Conflicts of Interest in Research. For more information, please review the Financial Relationships with Outside Entities, found in the drop-down menu on the corresponding webpage.

The Mount Sinai Health System (“MSHS”) engages in basic and applied research for the purpose of advancing healthcare and wellbeing, to further understanding of the mechanisms of disease, and to improve the diagnosis, prevention, prognosis, and treatment of disease. MSHS encourages members of its community to publish, disclose, and discuss the results of such research to serve the public interest and advance knowledge in their respective fields. Prompt and open dissemination of research findings is essential to the fulfillment of the MSHS's commitment to excellence in education, research, and patient care.

If intellectual property is developed by an employee of Mount Sinai or invented at Mount Sinai facilities under the supervision of Mount Sinai personnel, the intellectual property is owned by Mount Sinai. Each inventor must assign his or her rights in the intellectual property to Mount Sinai. This includes all faculty, staff, fellows, trainees, post-docs, and graduate students who have an appointment at Mount Sinai. Please review Mount Sinai’s IP policy for more information.