Reminder Regarding Prohibitions on Password Sharing

The University of Michigan (U-M) has a strict policy against password sharing to ensure the security and integrity of its electronic systems and data. According to U-M's Information Assurance policies:

• Individual Responsibility: Each individual is responsible for all activities that occur under their personal university credentials, such as passwords.
• No Sharing: Passwords and other authentication credentials must not be shared with anyone, including supervisors, colleagues, or family members.
• Consequences: Sharing passwords can lead to security breaches, unauthorized access to sensitive information, and potential disciplinary actions under university policies.

Many of our sponsors have similar restrictions in relation to their electronic systems used to support sponsored awards. A good reminder of the importance of password management practices came recently when the U.S. Attorney's Office, Northern District of Ohio, announced that the Cleveland Clinic Foundation (CCF) will pay $7.6 million to settle allegations that it violated the False Claims Act by not disclosing current and ongoing financial research support in a Principal Investigator's federal grant applications and reports to the NIH. 

Of note, the settlement addressed claims that CCF violated NIH password policies by allowing employees to share passwords, which led to false disclosures about the Principal Investigator’s foreign grant support and false statements related to three federal grants. 

U-M provides tools and resources to help manage and protect passwords. For more detailed information, refer to the University of Michigan's Standard Practice Guide (SPG) 601.07 on “Responsible Use of Information Resources” and other related guidelines on the Information Assurance page of the U-M website.