CIO'S MESSAGE - June 16, 2020

Tips for Handling HIPAA Information While Using Zoom

Dear Faculty and Staff,

The Health Insurance Portability and Accountability Act (HIPAA) lays out privacy and security standards that protect the confidentiality of patient health information.  Zoom enables HIPAA Compliance, meaning the company is responsible for keeping patient information secure.  Zoom does not have access to identifiable health information and protects and encrypts all audio, video, and screen sharing data.  Zoom has signed a Business Associates Agreement with the University that certifies that they are HIPAA compliant.

When using video conferencing, you are responsible for taking the precautions with sensitive data in the manner which is detailed in the Data Classification Standard and Confidentiality of Medical Information.  Depending on your campus role, the University provides two separate Zoom chiclets, Zoom Video Conferencing and Zoom Telehealth.

Image
Zoom SSO

Below are privacy and security considerations when using Zoom.

  • If you interact with Level 1 and Level 2 data, including medical information, use the Zoom Telehealth chiclet.
  • Even if you may not interact with medical information or other Level 1 and Level 2 data types, it is still important to maintain privacy while using Zoom.
  • You can find a full list of controls enabled for Zoom for Healthcare in the HIPAA Compliance Guide.
  • Zoom is provided as a tool for University related activities only.  Do not use Zoom for activities that are not related to University work. 
  • Secure your physical space or work area where others cannot hear your conversations.
  • Before a Zoom meeting, check what is visible in the work area around you.  This could include documents on your desk or items behind you.  Clear anything that you would not want the people in your Zoom meeting to see.
  • Secure your virtual space by closing your browser tabs before you begin your meeting, so that only the window you want to share is visible.
  • Turn off email and chat room notifications, so that they do not appear while you are sharing your screen.

For additional information on using Zoom, refer to the ATS Zoom website.

Cuc Du
Information Security Officer