Office 365 Use Guidelines

Email Services Terms of Use

  • Washington University in St. Louis (WUSTL) provides email services to faculty, staff, and students through the Microsoft Office 365 program
  • This service is primarily intended to enable University communications and communication among WUSTL faculty, students, and staff for academic and research purposes
  • WUSTL will provide for the delivery of messages to the Office 365 email service – those that direct delivery of University email mail to an outside service do so at their own risk
  • Autoforwarding WashU E-mail accounts containing protected information to any external mail service (Google, Yahoo, etc.) is not permitted
  • Personal use of the email service is allowed but must not interfere with the operation of the email service for academic purposes
  • Any use of the email service must comply with all WUSTL and Microsoft policies

Please familiarize yourself with these policies:

The guidelines below help to summarize the policies, but they are not intended to replace, contradict or fully represent the full policies:

  • OBEY THE LAW. Use of the email service for illegal or harassing activities is prohibited.
  • PROTECT YOUR ACCOUNT. You are responsible for all emails sent from your account. Don’t share your password.
  • PROTECT CONFIDENTIAL AND PERSONAL DATA. Emails, attachments and user profiles are not completely private. Any electronic information passes through many servers and network devices and is subject to interception at any point, although this is generally not the case. While the WashU Office of General Council has deemed Office 365 HIPAA compliant and acceptable for sending sensitive data, messages containing sensitive data that are sent outside of the organization should use encryption.
  • BE RESPECTFUL OF OTHERS. Unauthorized access to other users’ accounts or activities that deny access or resources to any other authorized user of the service is prohibited.
  • VERIFY RECEIPT. Email delivery is not guaranteed. In rare cases emails are lost or delayed. You may send an email to the wrong address. When it is critical that your email arrive by a deadline, allow adequate delivery time and follow-up with the recipient.
  • DON’T SPAM. Do not send unsolicited bulk messages, chain letters or commercial messages.
  • DON’T TAMPER WITH THE SERVICE. You may not initiate programs or take actions that intentionally interfere with normal operations of the email service.
  • DON’T USE THE SERVICE FOR NON-WUSTL BUSINESSES. You may not use the email service to operate, promote, advertise or otherwise support non-WUSTL related businesses.

Compliance Framework

Please reference the table below for guidance on what Office 365 services can be used for what types of protected data.  Note that only services listed in Tier 3 and 4 are protected by a HIPAA Business Associates Agreement and FERPA compliance guarantees.

Tier 1Tier 2Tier 3Tier 4
Privacy, Security, and Compliance Committments: No mining of customer data for advertising; No voluntary disclosure of customer data to law enforcement agenciesPrivacy, Security, and Compliance Committments: Tier 1 plus: ISO 27001, ISO 27018, EU Model Clauses (EUMC)Privacy, Security, and Compliance Committments: Tier 2 plus: HIPAA Business Associate Agreement, SSAE 16 SOC 1 & SOC 2 ReportsPrivacy, Security, and Compliance Committments:Tier 3 plus: Fed RAMP, IRS 1075, UK Official (IL2) Health Information Trust Alliance (HITRUST)
Covered Services: Power BI for Office 365 Outlook Mobile for iOS and Android Sunrise for iOS and Android Office 365 Advanced Security ManagementCovered Services: Power BICovered Services: Microsoft Dynamics CRM Online Management Office 365, Video, Microsoft Intune, Sway, Yammer, Enterprise Bookings Planner, Microsoft TeamsCovered Services:
Exchange Online, SharePoint Online, OneDrive for Business, Project Online, Azure Active Directory, Exchange Online Protection, Access Online, Office Online, Office 365 ProPlus, Microsoft Graph, Office Delve

Back to Email & Calendars page.