Zoom HCC Disclaimer

When using Zoom you have the potential to discuss sensitive data, including personal health information (PHI).  Zoom is a secure tool, but you must use it appropriately to ensure HIPAA compliance.

Secure Your Space Before Your Meeting

BEFORE your meeting:

  • Check the area around you for visible PHI. This could include documents on your desk or items behind you.

  • Ensure your online meeting takes place in a secure area where other people cannot overhear you discuss PHI.

  • Close all other computer windows before you begin your meeting so that only the window you want to share is visible.

PHI must not be recorded

  • Faculty and staff can record Zoom meetings to their local computer.  If you are recording a meeting or webinar, it is your responsibility to make sure your presentation materials are free of any PHI before the event begins. Students in the HCC do not have the ability to record meetings.

  • Do NOT record meetings if you are discussing specifics with or about:   

    • Patients

    • Research study participants involving any kind of health information  

  • If you make someone the host or co-host, remind them not to record PHI.

  • If you have questions about whether or not you can record a meeting, email the Health Information Compliance & Privacy Office at [email protected]

Interactive tools must not transmit PHI

You have access to various tools in Zoom’s online meetings and webinars:

  • Chat

  • Polls

  • Question and Answer tools  

While these tools make meetings and webinars more interactive for your participants, they must not be used to transmit PHI.

Be aware of who is in your meeting

Inviting people to your Zoom meeting is as easy as sharing a link.  Always be aware of who is in your meetings by reviewing the list of participants.

Schedule Zoom meetings without PHI

Zoom and Google Calendar make scheduling online meetings easy, but don’t forget to check for PHI.  Review meeting titles and descriptions and verify that they don’t contain PHI (remember, even initials of patient or participant names are PHI!)

If you have a specific situation that isn’t covered here, or if you need some guidance, please reach out to us at [email protected].

Mitigating factors and controls

Learn more about features that are unavailable, or have been modified to help you mitigate risks surrounding the potential exposure of PHI.

 

 

Created on: 3/27/19