Zoom HIPAA Compliant Conferencing Service

Northwestern will be providing a secure HIPAA-compliant service for web conferencing. Please review the differences between northwestern.zoom.us and northwestern-restricted.zoom.us before requesting to switch to the HIPPA conferencing service. To request a HIPAA compliant Zoom account - email consultant@northwestern.edu with your name, email address, netid and request the account. Due to the requirements of converting your existing account to your HIPAA account, a consult is required before the process can be completed. This is to ensure that the impact of changing is clear in how it affects your previous account and how you can use the new HIPAA account.

Request a Zoom HIPAA Account
Each account request will result in a brief consultation to ensure there is a clear understanding of the differences between NU Zoom and NU Zoom HIPAA. Email consultant@northwestern.edu with the request for a Zoom HIPAA account.

After the brief consultation, you will receive an invitation via email to join the HIPAA-compliant version of Zoom. After clicking on the invitation email to confirm the account change, you will be able to login using your Northwester NetID and password to https://northwestern-restricted.zoom.us 

This service has not yet launched. If you try logging in before we launch/announce the service and conduct a consultation, the login process will fail. 

Zoom Meetings for HIPAA provides a secure conferencing service when discussing sensitive patient data while retaining most of the same functionality Zoom Meetings has to offer. Despite using a different URL, Zoom HIPAA is still integrated with your existing Northwestern NetID, eliminating the need to manage additional accounts.

Collaboration DifferencesWhen using a ZOOM HIPAA account on northwestern-restricted.zoom.us, you are no longer in the standard NU Zoom environment and will be unable to:
  • be invited as a host by an NU Zoom meeting/webinar organizer
  • invite NU Zoom members to your meetings as hosts
Recordings and scheduled meetings will not be carried over to the new HIPAA compliant service. Please download all Zoom recordings (instructions here) and compile a list of meetings that would need to be recreated in the new service.

Zoom only permits one email address for your account. An existing NU Zoom account email address cannot exist in both instances at the same time. If you want to keep your existing NU email with the main Zoom instance, you would need a second email account for the HIPAA compliant Zoom service. We will discuss the differences and changes needed to use Zoom HIPAA in detail during the consultation.

HIPAA Compliance
If you require HIPAA-compliant Zoom services, several features are disabled in order to comply with HIPAA standards. There are many services that are different than in the regular NU Zoom environment. Please be aware of the following differences between Zoom Meetings and our HIPAA instance:

Cloud RecordingsRecord meetings and automatically process and store them in the cloud.DisabledRequired by ZoomLocal recordings do not receive the automatic transcript file process.
Local Recording permissions
Hosts cannot give permission to participants to record locallyDisabled HIPAA privacyHosts recordings would need to provided manually

Recording Disclaimer

All participants must give consent to be recorded, otherwise they cannot participate in the meeting.EnabledRequired by ZoomRefusing consent prevents meeting participation
Meeting PasscodeAll meeting types and entry points must be passcode protected. Participants joining by phone may enter using either the meeting passcode or their assigned Participant ID number.
Prevent uninvited participants from randomly entering your meeting by ID numberSome participants may need to enter the password when joining without using the one-click join URL.
Waiting RoomGuests cannot join a meeting until a host admits them individually from the waiting room.
Prevent unknown guests from joining meetings that may contain sensitive data.The option for attendees to join the meeting before the host arrives is disabled.
Require Encryption for 3rd party endpoints (H.323/SIP)Zoom requires encryption for all data between the Zoom cloud, Zoom client, and Zoom Room. Require encryption for 3rd party endpoints (H323/SIP).
Required by ZoomParticipants may be unable to join meetings from SIP devices.
Personal Meeting IDA dedicated Meeting ID for each account

All meetings must be newly generated meeting ID's
Identify guest participants in meeting/webinarGuests (someone who does not belong to the BU HIPAA account) will be highlighted in the participants list of a meeting or webinar.
Improved awareness of who is currently in a meeting that may contain sensitive data.
Auto saving chatsAutomatically save all in-meeting chats so that hosts do not need to manually save the text of the chat after the meeting starts.
Prevent data from being transmitted to or stored on a non-compliant endpoint or environment.Chats can be saved manually before the meeting ends.
Private ChatSend chat messages in-meeting privately to others
Prevent private messages from being sentChat is publicly viewable by all participants
File TransferHosts and participants can send files through the in-meeting chat.
Prevent data from being transmitted to or stored on a non-compliant endpoint or environment.
Live StreamingAllow hosts to live stream their meetings to Workplace by Facebook or Custom Live Streaming Service.
Prevent Restricted Use Data from being transmitted or stored in non-approved environments.
Play sound when participants join/leaveSound will be heard by host when participants join or leave.
Improved awareness of who is currently in a meeting that may contain sensitive data.
Remote ControlDuring screen sharing, the person who is sharing can allow others to control the shared content.
Prevent unauthorized access to endpoints with HIPAA or Restricted Use Data.
Far end camera controlAllow another user to take control of your camera during a meeting
Prevent unauthorized access to endpoints with HIPAA or Restricted Use Data.
Remote SupportAllow meeting host to provide 1:1 remote support to another participant
Prevent unauthorized access to endpoints with HIPAA or Restricted Use Data.
Save Captions

Peer to Peer connections When 2 people are connected, they connect directly to each other instead of through Zoom's cloud service.DisabledFull encryption requires 


Keywords:HIPAA privacy secure Zoom videoconferencing   Doc ID:106002
Owner:Michael C.Group:Northwestern
Created:2020-09-18 16:08 CSTUpdated:2020-11-12 00:38 CST
Feedback:  1   1