Arkansas Administrative Code
Agency 016 - DEPARTMENT OF HUMAN SERVICES
Division 14 - Department of Finance (Administrative Services)
Rule 016.14.05-011 - DHHS Policy 5006 - Email Usage
Universal Citation: AR Admin Rules 016.14.05-011
Current through Register Vol. 49, No. 9, September, 2024
5006.0.0 EMAIL USAGE POLICY
5006.0.1 Purpose
The purpose of this policy is to define the terms and conditions under which the Department of Health and Human Services (DHHS) Email system may be utilized. The DHHS Chief Information Officer (CIO), Office of Systems and Technology manages access to DHHS Information Systems, including Email.
5006.0.2 This policy applies to any user of DHHS Information Systems who has a DHHS Email Account.
5006.0.3 Email is provided as a service to DHHS employees and DHHS affiliates for the purpose of supporting the department's mission. Use of Email is encouraged to facilitate communication and the exchange of DHHS business-related information.
5006.1.0 Definitions
5006.1.1
Access -
Upon the presentation of appropriate credentials (User Name and Password),
permission to use DHHS information systems, including the Email system. Access
permissions are granted according to requirements set forth in DHS Policy
5001.
5006.1.2
DHHS
Information Systems - DHHS Network services (Network access,
Email, Internet, etc.) DHHS applications (client-server, web-based, mainframe,
etc.), or any third-party software legally acquired and installed on the DHHS
devices for which it was intended.
5006.1.3
User or End
User - A person who has been granted access to any DHHS
information system. A user may be a DHHS employee or an employee of a DHHS
affiliate.
5006.1.4
DHHS User - A DHHS employee who has been granted
access to any DHHS information system.
5006.1.5
Non-DHHS
User - An employee of a DHHS affiliate who has been granted access
to any DHHS information system.
5006.1.6
Public
Record - As defined in Ark. Code Ann. §
25-19-101, a Public Record may
exist in "any medium" and "all records maintained in public offices or by
public employees within the scope of their employment shall be presumed to be
public records."
5006.2.0 DHHS Email System - Description and Terminology
5006.2.1 Email consists of an evolving and
growing range of network based messaging, calendaring, contact, and other
on-line information management services. An Email system is deployed by an
Email provider through an infra structure of network devices consisting
primarily of Email Services and Email Clients on end user PCs.
5006.2.2 Email Provider - An agent who
deploys and manages an Email system.
5006.2.3 Email Server - Equipment and
software (e.g. Microsoft Exchange) dedicated to providing an Email system for a
population of network user.
5006.2.4 Email Client - The PC and software
(e.g. Microsoft Outlook) utilized by an end user for the purpose of accessing
an Email system.
5006.2.5 Email
Address - The address used by an Email Server to route messages to addressees
(e.g. John Doe or John.Doe@mymail.com).
5006.2.6 Email Record - Recorded user
interaction or transaction history associated with any aspect of the DHHS Email
system is an Email Record. Email records are Public Records subject to rules of
privacy, disclosure and retention. Examples of Email Records: Email messages,
Calendars, Contacts, DHHS Email Addresses.
5006.2.7 DHHS Email Account - Approved users
re assigned a unique Email Account that enables validation of user identity and
authentication of access requests. The DHHS Email Account is a unique
identifier that associates a user with Email activity stored on the Email
Server. Users are responsible for the security of their Email Account as
specified in the User Security Agreement and Confidentiality Statement, Form
DHHS-359, and DHHS Policy 5001.
5006.2.8 Email Mailbox - User activity is
displayed on the Email Client in a virtual Mailbox. The Mailbox is a visual
representation of the types of services offered by an Email Client. These
typically include Inbox, Sent Items, Deleted Items, Calendar, Contacts, etc.
Users are responsible for managing their own Mailbox within limitations
provided for overall account space and size of individual messages.
5006.2.9 Email Authoring - Authoring includes
drafting, sending, replying or forwarding an Email message. See Section 5006.4
for rules pertaining to responsibility for authorship.
5006.2.10 Email Possession - A user is in
possession of an Email message when the Email Server delivers it to the user's
Email Client. See Section 5006.4 for rules pertaining to responsibility for
possession.
5006.2.11 Email Client
Features - For the purpose of determining responsibility for authorship or
possession of any given message, the content and transaction of the following
typical Email Client features should be evaluated: Message Authoring; Message
Received; Message Reply; Message Forward; Sent Message; Message Read, Opened or
Previewed, Message Headers; Message Internet Headers Message Body, Personal
Folders (a term used by Microsoft Outlook to identify file space on a local PC
where Mailbox items can be stored).
5006.3.0 General Provisions
5006.3.1 The DHHS Email system and all
associated Email Records, DHHS Email Addresses, and DHHS Email Accounts and
Mailboxes are the property of the state of Arkansas.
5006.3.2
Service Restrictions
A. Users are expected to utilize Email
responsibly, to comply with laws, policies, and regulations governing the use
of Email, and to exercise professional and personal courtesy in the use of
Email.
B. Access to the DHHS Email
system is a privilege that may be wholly or partially restricted without prior
notice.
C. Users may hold to no
expectation of privacy in the use of DHHS Network services, including
Email.
D. DHHS reserves the right
to monitor all aspects of Email usage.
5006.3.3
Misuse:
A. Evidence of misuse may result in
termination of access to DHHS Network services without prior notice. Theft or
abuse of DHHS Information Systems, including the Email system, is subject to
penalties imposed by law and DHHS policies.
B. Misuse includes, but is not limited to:
1. Theft, unauthorized disclosure,
unauthorized destruction of Email Records
2. Unauthorized entry, use, transfer, and
tampering with one's own Email account or the accounts and Email Records of
others
3. Interference with others'
work in the use of DHHS Information Systems
4. Failure to comply with rules of privacy
and disclosure
5. Failure to comply
with the rules of allowable use, as provided in Section 5006.7.
5006.3.4
Disclaimers:
DHHS cannot protect users from receiving Email they may find offensive. DHHS cannot guarantee protection from Email messages containing Viruses, Worms, malicious attachments or malicious code. DHHS cannot guarantee that any Received Message was in fact sent by the purported sender. DHHS cannot assure that original content in any Forwarded Message, or message Replied To, had not been modified.
5006.4.0 Responsibility for Authorship or Possession
5006.4.1
Responsibility: A user may be held accountable for authorship or
for possession of an Email message. Responsibility applies to two types of
messages - those authored by the user and those received by the user.
5006.4.2
Responsibility for
Messages Authored: A user assumes authorship responsibility
for (1) the content of any Email message authored by the user, and (2) for user
authored revisions in messages replied to or forwarded. A user assumes no
authorship responsibility for messages sent by a third party, in the user's
name, and without the user's knowledge.
5006.4.3 Responsibility for Messages
Received:
A. When the Email server delivers an
Email message to the user's Mailbox, the user is considered to be in possession
of the received message, but is held accountable only for those portions of the
received message that may have been authored or revised by the user.
B. An Email user assumes responsibility for
possession of messages delivered to the user's Mailbox under the following
circumstances:
1. When the user effectively
exercises control of authorship of a received message. Control of authorship
includes but is not limited to forwarding or replying to a received message
(whether or not the original message is modified);
2. When the user exercises control over the
storage of a received message, Received messages deleted from a user's Mailbox,
and not stored, are not considered to be the user's responsibility if such
messages were not authored by the user;
3. Exercising control of the storage of a
message includes, but is not limited to: Saving the message anywhere on the
Email Server; saving the message to any medium off the Email Server (examples:
CD, Hard Drive, storage device, server share, etc.), moving the message to
Personal Folders.
5006.5.0 Security and Confidentiality
5006.5.1 Email Records are subject to the
same rules, with respect to employee responsibilities for safeguarding privacy
and preventing unauthorized disclosure, as DHHS records created in any other
communication medium.
5006.5.2
Email Records are subject to DHHS Policies and statutes pertaining to HIPAA.
Users are subject to penalties for violation of HIPAA rules and for violations
of related Arkansas laws and DHHS policies.
5006.5.3 Confidentiality of Email cannot be
assured. Email security should always be assumed to be reactive rather than
preventive of potential malicious intrusions.
Extreme caution should be exercised in using Email for confidential or sensitive matters.
5006.5.4 Email's ease of distribution and its
unrestricted copying and forwarding features make its use highly susceptible to
breaches of confidentiality. Email intended for one person may be widely
forwarded to others, may be posted to bulletin boards or subscription services,
may be attached for other messages, may be saved in other users' mailboxes, and
Email may persist in system backups and archives.
5006.5.5 Email Records are subject to
disclosure in response to Freedom of Information Act requests, subpoenas for
legal and administrative hearings, and client requests for access to pertinent
case records. Before releasing information in such cases, related DHHS policies
should be consulted and guidance obtained from the Office of Chief
Counsel.
5006.6.0 Archiving and Retention
Arkansas law pertaining to records retention does not distinguish between media with regard to the definition of Public Record. Email Records are subject to the provisions of Arkansas records and retention statutes and subject to retention requirements specified in regulations governing conduct of programs administered by DHHS.
5006.7.0 Allowable Use of the DHHS Email System
5006.7.1
Allowable
Use: Email is provided as a service to DHHS employees and DHHS
affiliates for the purpose of supporting the department's mission. Use of Email
is encouraged to facilitate communication and exchange of DHHS business related
information.
5006.7.2
Restrictions: The DHHS Email system may not be used for:
A. Any activity in violation of local, state,
or federal laws or regulations
B.
Sending or disseminating proprietary data or other confidential or sensitive
information in violation of state or federal law, proprietary agreements, or
DHHS policy
C. Commercial or
fund-raising purposes not under the auspices of DHHS
D. Operating or promoting a business or
soliciting for personal gain
E.
Promoting any political campaign
F.
Transmitting offensive or harassing materials disparaging others on the basis
of race, national origin, sex, sexual orientation, age, disability, religious
or political beliefs
G. Engaging in
any activity in violation of DHHS Policy 1085, Minimum Conduct
Standards
H. Sending Email messages
under the following conditions: Anonymous authoring, employing a false
identity, misrepresenting oneself as a state agency, as the Legislature, as a
legislator, falsely representing oneself as a state employee or as an agent of
the state
I. Interfering or causing
excessive load on DHHS Information Systems or the disrupting of others' use of
the Email system. Such uses include, but are not limited to: sending or
forwarding of chain letters, Spam, hoaxes, mass mailings not related to DHHS
business, introducing worms, viruses or messages containing malicious
code
J. Personal use inconsistent
with provisions of this section.
5006.7.3
Personal Use: Email may
be occasionally used for personal purposes provided that such use does not:
A. Interfere with DHHS Information Systems or
the DHHS Email System
B. Burden
DHHS with added administrative or incremental Email System cost
C. Interfere with the user's employment
responsibilities and duties
5006.8.0 Disciplinary Action for Violation of Policy:
DHHS employees are subject to disciplinary action for violations of this policy s provided in DHHS Policy 1084, Employee Discipline.
5006.9.0 Originating Section Department Contact:
Chief Information Officer Office of Systems and Technology 1st Floor, Donaghey Plaza North P.O. Box 1437, SlotNlOl Little Rock, AR 72203-1437 Telephone: 501-682-0032
Disclaimer: These regulations may not be the most recent version. Arkansas may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google
Privacy Policy and
Terms of Service apply.
