Email Terms of Use

HMS Information Technology

More... Share to Twitter Share to Facebook
HMS Email Terms of Use

Harvard Medical School provides email accounts to quad based faculty, all staff and all HMS students with a valid Harvard ID. Usage of the HMS email system indicates that you will abide by this policy. Once your appointment or job at HMS ends, your email and all related services such as mailing lists and remote access will be terminated.  All questions or requests regarding this policy should be forwarded to the HMS IT Service Desk:

Ownership of Data

Harvard Medical School's students, staff and faculty are accorded many technical and informational resources for the purpose of performing the work necessary in support of the School's Mission. These resources, including but not limited to computing devices and software, scientific equipment, email accounts, and access to informational systems, are the property of Harvard Medical School and not of the individual student, staff, or faculty member.

For purposes of this policy, "email" is defined to include all offerings encompassing email, calendaring, contacts and contact management, and mailing lists and list management. All information published within these systems is HMS property and not to be used or redistributed for non-business purposes.

Proper Usage

Email is provided as a professional resource to assist HMS students, faculty and staff in fulfilling the educational, research and service goals of HMS. Incidental personal use is permitted as long as it does not have negative effects on any other email account, jeopardize the email system, get in the way of fulfilling your job or violate the law or any other provision of the HMS Electronic Communications Policy or of any other policy or guideline of Harvard University. Each user is responsible for using the email system in a professional, ethical, and lawful manner.

Material that is fraudulent, harassing, profane, obscene, intimidating, defamatory, or otherwise unlawful or inappropriate may not be sent by email or other form of electronic communications. HMS reserves the right to revoke email and related privileges from any individual violating these policies.

Disguising and or Impersonating Email Identities; "Spoofing"

Users should not disguise their identity or user name while using the HMS email system or alter the From: line or any other indications of origin on emails or postings. Behavior of this type violates the guidelines for student and professional conduct and is equivalent to fabricating identities on any other written document.

Chain Email

Users should not initiate or forward chain email. Chain email is a message sent to a number of people asking each recipient to send copies with the same request to a specific number of others.

Sending Unsolicited Email

Users should not send unsolicited non-school related email to persons with whom they do not have a prior relationship.

Computer Resources

Users should not deliberately perform acts that waste or monopolize computer resources. These acts include but are not limited to non-school related mass mailings, spamming, bulk emails, chain letters, subscribing to excessive listservers and mailing lists, or creating excessive unnecessary traffic on the servers.


Email and other services are provided as a professional resource to assist our students, faculty and staff in fulfilling the educational, research and service goals of the Harvard Medical School.

Each user is responsible for using the email system in a professional, ethical, and lawful manner.

Incidental personal use is permitted as long as it does not have any negative effects on any other email account, jeopardize the email system, interfere with fulfilling your job, or violate the law or any other policy guideline of Harvard Medical School or Harvard University.

Those found to be abusing their HMS email account are subject to the rules and regulations governing the abuse of any school property or resources.

In the event that you wish to report the receipt of abuse email, please forward it to

Mailbox Management

It is expected that each person will self-manage his or her email account with regard to the amount of mail stored on the server (limit 2 GB). Individual increases in mail storage space may be granted upon request. Harvard Medical School is transitioning to Office 365. 50 GB of storage is allocated to Office 365 mailbox. 

Folder and message management are crucial to the overall performance of the email server. HMS Email policy follows Microsoft's recommendations for their Exchange 2007 Server. These limits are:

For IMAP accounts:

  • Fewer than 10,000 items in any folder synchronized with the Exchange (email) server

For Exchange (MAPI) accounts:

  • Fewer than 5,000 items in the Calendar and Contacts folders
  • Fewer than 20,000 messages in the Inbox, Sent Items and Deleted Items folders

There are simple steps you can take to keep your email folders within these limits. Follow one or more of the suggestions below. If you need personal assistance, please contact the HMS IT Service Desk or your departmental Client Services Representative.

Create Folders
Simply create subfolders in your email account and move messages into those folders. You can create folders based on job functions, projects, chronologically or whatever suits your needs.

Deleted Unneeded Items
Still keeping Quad Bulletin messages from 2009? Search for acknowledgement messages (such as "thank you") or outdated announcements and delete them.

Empty your Deleted Items Folder
The Deleted Items folder does not automatically empty itself. You can set a schedule by which messages are deleted when you exit your email program, or permanently delete messages more than a specified number of days old. If you've flagged messages for deletion, make sure to follow through and clear the Deleted Items folder on a regular basis.

Review your Sent Items Folder
Check for acknowledgement messages, meeting cancellations or recurring announcements/sent reports. File them for future use if needed. If not needed, delete them and empty your Deleted Items folder.

User Names and Passwords

Users are responsible for safeguarding their passwords. Passwords should be obscure and
contain the following criteria:

1. The Password must be 8 characters or longer in length.
2. The Password must contain at least one number.
3. The Password must contain at least one upper case letter.
4. The Password must contain at least one lower case letter.
5. The Password cannot contain your first, middle or last name.
6. The Password cannot contain your eCommons Id.

They should not be printed, stored online or given to others. Email and related Electronic Communications accounts and passwords obtained from HMS IT are solely intended for your individual use and should not be shared. If a user must temporarily share his or her password with the Postmaster or IT Customer Service Representative (for example, to troubleshoot a problem), then the user should change the password as soon as possible afterward by going to

Note that passwords should never be shared with anyone claiming to be the Postmaster without positive identification. Electronic Mail users must comply with the Postmaster's request to change their passwords. Whenever possible users should choose their own passwords. We require that users change their email passwords once per year to maximize the protection to their accounts.

Privacy and Monitoring

Members of the HMS community have a reasonable expectation of privacy that will vary from workplace to workplace. The expectation of privacy is not absolute, however there may be situations in which supervisors need to gain access to email in a users account that is necessary for the working of the group or department, in which emails are subpoenaed in litigation, and so forth. Any requests to gain access to email information will be directed to the Human Resources Department or the Office of Student Affairs for approval.

The HMS IT department is committed to maintaining the privacy of email and makes no attempt to monitor the content of emails. IT staff protects the confidentiality of users in all matters. But emails that are forwarded to IT staff from other email users that are fraudulent, harassing, profane, obscene, intimidating, defamatory or otherwise possibly unlawful or inappropriate will be sent to the designated office for review.

While public email standards continue to evolve and improve, users should not expect privacy with regards to their Internet emails. Users should be aware that emails are transmitted as clear text through the Internet and can be intercepted at any time by any server through which they are relayed. Emails are frequently incorrectly addressed and when sent correctly can be forwarded to any number of recipients unknown to the originator.


Never send confidential, proprietary or trade secret information via emails without first obtaining the authorization of a supervisor. This type of information is a valuable asset to your lab and or the school and each of us must make sure that it is protected from unauthorized disclosure.

Sensitive patient information should not be exchanged through email since the security of the information can not be guaranteed. Any clinician using email to communicate with a patient should obtain permission from the patient and explain possible hazards prior to exchanging email messages.


While there is no security policy that prohibits automatic forwarding of email to an outside account, there are a number of risks inherent in doing so. Please review the Risks and Recommendations of Forwarding Email.


Sending mail through the HMS email system without authenticating is permitted via an approval process. Relaying is not allowed on individual accounts, but may be permitted for on quad applications and servers. Please contact the IT Service Desk via email or call 617-432-2000 for more information.

Software and Mailing List Distribution Policy

Any software or documentation distributed by, or downloaded from the Department of Information Technology of Harvard Medical School is subject to copyright laws and may not be distributed. This includes but is not limited to all email directories, email mailing lists, bulletin boards, and software applications that are obtained from HMS or its computer servers via the web, email or in disk format. Users willfully violating this policy will be reported to the proper organizations for the appropriate disciplinary action.


Users should not open attachments in email from senders unknown to the user. Attachments can contain dangerous computer viruses, which are frequently spread via email. Anyone suspecting that they have a computer virus should call 617-432-2000 for help.

Web Access Policy

Access to Electronic Mail through Web client software is subject to the same policies and guidelines as email obtained via a desktop client.