As a user of the University Zoom service for teleconferencing or tele-practicing, and as someone handling health information, it’s critical that you play your part in ensuring the privacy and security of patient/client health information.
NOTE: The portal to access the HIPAA compliant Zoom service for the University is the same portal as the regular user access. Please contact the Information Security Office (ISO) at security@fredonia.edu if you need access to the University HIPAA compliant Zoom service for tele-practice. Users will not know that they are currently in the HIPAA Zoom service as the only indication is that they will not be permitted to record their video sessions in the cloud. "Record on this Computer" will be the only option for the HIPAA Zoom service.
...
- Zoom can potentially be abused by hackers through a technique known as “Zoombombing”, which is possible if you run a public meeting and the meeting link becomes known to the attacker. Make sure that even if an attacker obtains a link, they cannot interfere with your meetings or observe client sessions.
- Some groups are handling health information that does not qualify as HIPAA PHI however, those groups are still required to store their videos locally in a University approved encrypted location such as the U:\ or M:\ drive.
- All recorded tele-practice sessions and any PHI should always be stored on the University's M:\ Drive or the U:\ Drive. PHI should never be stored in non-university storage.
- By default, Zoom meeting hosts do not need to grant screen share access for another participant to share their screen. By default, any participant in a meeting can share their video, screen, and audio.
Required Accounts Settings
The University have taken steps to mitigate the key points above by changing the default settings in the HIPAA Zoom service. Users who plan to discuss, provide, or interact with health data on Zoom are required to make sure the following account settings are still in place when scheduling a meeting in Zoom.
...