DHHS Home Page NC DHHS On-Line Manuals  
     DHHS Manual Home Manual Admin Letters Change Notices Archive Search Index Help Feedback

Table of ContentsNext Page


Section VIII:

Security and Privacy


Security Manual


Acceptable Use for DHHS Resources

Current Effective Date:


Original Effective Date:



This policy defines the information system security responsibilities and acceptable use rights for employees, volunteers, guests, vendors and contractors (hereinafter, “Users”) of North Carolina Department of Health and Human Services (“DHHS”, or alternatively, the “Department”) resources.

Resources include all platforms (i.e. operating systems), all digital devices (e.g. computers, smart phones, tablets, mainframes, switches, routers, etc.), equipment (e.g. faxes, copiers, phones, etc.), network connections, applications (both developed in-house and acquired from third parties) and the data used, created by or contained within them.

Communications include but are not limited to: faxes, printed documents, recordings, phone calls, social media (e.g. Facebook, Google+, Twitter, Blogs YouTube, Instagram, etc.) and email.

This policy document includes an agreement form that, once signed, certifies the user’s understanding and affirmation of the policy.


Each DHHS Division/Office shall be responsible for ensuring that every individual seeking access to DHHS network and/or information systems reviews this policy and signs an acceptable use agreement based upon the terms specified in this policy. Users must sign the agreement form included herein before permission is granted to use the DHHS systems.

DHHS Divisions/Offices may require additional agreements or policies regarding the confidentiality of specific types of information (e.g. medical records, client case files, personnel records, financial records, etc.). Such supplements may be more restrictive than this policy.



Rights of Information Ownership

The Department and its Divisions/Offices retain the rights of ownership to all resources and communications including but not limited to data, and related documentation developed by Users on behalf of the Department, regardless of location or resources used. All Department information resources remain the exclusive property of the State of North Carolina (NC) or the Department, unless otherwise prescribed by other contractual agreements.

Your Role and Responsibilities

All information and data resources to which users are given access are to be used only to conduct the activities authorized by the Department. The use of these resources must be conducted according to the policies, standards, and procedures instituted by the Department or on its behalf. All individuals with access to state-owned data are responsible for the protection and confidentiality of such data. The unauthorized use or disclosure of information provided by these data processing systems may constitute a violation of Department, state, or federal laws which will result in disciplinary action consistent with the policies and procedures of the Department.

Users have a responsibility to ensure, to the best of their ability, that all public information disseminated via Departmental resources and communications is accurate. Users shall provide in association with such information the date at which it was current and a method by which the recipient can contact the staff responsible for making the information available in its current form.

Users are responsible for:

Rules of Acceptable Use

The resources provided by DHHS are to be utilized both responsibly and professionally; just because an action is technically possible does not mean that it is appropriate. Based on the following principles for acceptable use of Department resources, Users are:

Prohibited Uses

Users may not:


User Privacy

All users of the department’s information systems are advised that their use of these resources and certain communications may be subject to monitoring and filtering. DHHS reserves the right to monitor – randomly or systematically – the use of Internet and DHHS information systems connections and traffic. Any activity conducted using the state’s information systems (including but not limited to computers, networks, e-mail, etc.) may be monitored, logged, recorded, filtered, archived, or used for any other purposes, pursuant to applicable departmental policies and state and federal laws or rules. The department reserves the right to perform these actions with or without specific notice to the user.

Software License Agreements

All computer software, including software obtained from sources outside the department, is subject to license agreements that may restrict the user’s right to copy and use the software. Software distributed on a trial basis, even via the Internet, does not suggest that the software is free or that it may be distributed freely.

The theft of software is illegal. The department does not require, request, or condone unauthorized use of software by its employees, volunteers, and contractors. The department enforces Federal Public Law 102-561, which strictly prohibits any violation of copyright protection. Violation of copyright protection is considered a felony and is punishable by up to five (5) years in prison and/or fines up to $250,000 for all parties involved.

DHHS information system hardware and software installations and alterations are handled by authorized DHHS employees or contractors only. Users shall not install new or make changes to existing software unless specifically approved by the User’s supervisor and the designated IT personnel.

Downloading audio or video stream for a work-related webinar or audio conference is permissible without prior authorization, provided it is limited to the minimum amount of time necessary.


For enforcement questions or clarification on any of the information contained in this policy, please contact the DHHS Privacy and Security Office. For general questions about department-wide policies and procedures, contact the DHHS Policy Coordinator.


I certify that I am an employee, volunteer, guest, vendor or contractor working for or on behalf of the Department of Health and Human Services and that I have read this “Acceptable Use Policy” and understand my obligations as described herein. I understand that this policy was approved by the Secretary of the Department of Health and Human Services and these obligations are not specific to any individual division or office of the department, but are applicable to all employees, volunteers, and contractors of the department. I understand that failure to observe and abide by these obligations may result in disciplinary action, which may include dismissal and/or contract termination. I also understand that in some cases, failure to observe and abide by these obligations may result in criminal or other legal actions. Furthermore, I have been informed that the department will retain this signed agreement on file for future reference. A copy of this agreement shall be maintained in the personnel file and/or in the contract administration file.


Print Name


___________________________________________________________ _______________

Employee, Volunteer, Guest, Vendor or Contractor Signature                                     Date


___________________________________________________________ _______________

Supervisor’s Signature                                                                                               Date

Top Of PageNext Page

  For questions or clarification on any of the policy contained in these manuals, please contact the DHHS Division of Human Resources  

     DHHS Manual Home Manual Admin Letters Change Notices Archive Search Index Help Feedback

1 Information on the Digital Millennium Copyright Act can be found at: http://www.copyright.gov/legislation/dmca.pdf and the Copyright Act at: http://www.copyright.gov/title17/.