Zoom HIPAA Compliant Conferencing Service

Northwestern will be providing a secure HIPAA-compliant service for web conferencing. Please review the differences between northwestern.zoom.us and northwestern-restricted.zoom.us before requesting to switch to the HIPPA conferencing service. To request a HIPAA compliant Zoom account - email consultant@northwestern.edu with your name, email address, netid and request the account. Due to the requirements of converting your existing account to your HIPAA account, a consult is required before the process can be completed. This is to ensure that the impact of changing is clear in how it affects your previous account and how you can use the new HIPAA account.

Request a Zoom HIPAA Account
Each account request will result in a brief consultation to ensure there is a clear understanding of the differences between NU Zoom and NU Zoom HIPAA. Email consultant@northwestern.edu with the request for a Zoom HIPAA account.

After the brief consultation, you will receive an invitation via email to join the HIPAA-compliant version of Zoom. After clicking on the invitation email to confirm the account change, you will be able to login using your Northwester NetID and password to https://northwestern-restricted.zoom.us 

This service has not yet launched. If you try logging in before we launch/announce the service and conduct a consultation, the login process will fail. 


Benefits
Zoom Meetings for HIPAA provides a secure conferencing service when discussing sensitive patient data while retaining most of the same functionality Zoom Meetings has to offer. Despite using a different URL, Zoom HIPAA is still integrated with your existing Northwestern NetID, eliminating the need to manage additional accounts.

Collaboration DifferencesWhen using a ZOOM HIPAA account on northwestern-restricted.zoom.us, you are no longer in the standard NU Zoom environment and will be unable to:
  • be invited as a host by an NU Zoom meeting/webinar organizer
  • invite NU Zoom members to your meetings as hosts
Recordings and scheduled meetings will not be carried over to the new HIPAA compliant service. Please download all Zoom recordings (instructions here) and compile a list of meetings that would need to be recreated in the new service.

Limitations
Zoom only permits one email address for your account. An existing NU Zoom account email address cannot exist in both instances at the same time. If you want to keep your existing NU email with the main Zoom instance, you would need a second email account for the HIPAA compliant Zoom service. We will discuss the differences and changes needed to use Zoom HIPAA in detail during the consultation.

HIPAA Compliance
If you require HIPAA-compliant Zoom services, several features are disabled in order to comply with HIPAA standards. There are many services that are different than in the regular NU Zoom environment. Please be aware of the following differences between Zoom Meetings and our HIPAA instance:


FeatureDescriptionStatusReasonImplications
Cloud RecordingsRecord meetings and automatically process and store them in the cloud.DisabledRequired by ZoomLocal recordings do not receive the automatic transcript file process.
Local Recording permissions
(non-Hosts)
Hosts cannot give permission to participants to record locallyDisabled HIPAA privacyHosts recordings would need to provided manually

Recording Disclaimer

All participants must give consent to be recorded, otherwise they cannot participate in the meeting.EnabledRequired by ZoomRefusing consent prevents meeting participation
Meeting PasscodeAll meeting types and entry points must be passcode protected. Participants joining by phone may enter using either the meeting passcode or their assigned Participant ID number.
Required
Prevent uninvited participants from randomly entering your meeting by ID numberSome participants may need to enter the password when joining without using the one-click join URL.
Waiting RoomGuests cannot join a meeting until a host admits them individually from the waiting room.
Required
Prevent unknown guests from joining meetings that may contain sensitive data.The option for attendees to join the meeting before the host arrives is disabled.
Require Encryption for 3rd party endpoints (H.323/SIP)Zoom requires encryption for all data between the Zoom cloud, Zoom client, and Zoom Room. Require encryption for 3rd party endpoints (H323/SIP).
Required
Required by ZoomParticipants may be unable to join meetings from SIP devices.
Personal Meeting IDA dedicated Meeting ID for each account
Disabled

All meetings must be newly generated meeting ID's
Identify guest participants in meeting/webinarGuests (someone who does not belong to the BU HIPAA account) will be highlighted in the participants list of a meeting or webinar.
Required
Improved awareness of who is currently in a meeting that may contain sensitive data.
Auto saving chatsAutomatically save all in-meeting chats so that hosts do not need to manually save the text of the chat after the meeting starts.
Disabled
Prevent data from being transmitted to or stored on a non-compliant endpoint or environment.Chats can be saved manually before the meeting ends.
Private ChatSend chat messages in-meeting privately to others
Disabled
Prevent private messages from being sentChat is publicly viewable by all participants
File TransferHosts and participants can send files through the in-meeting chat.
Disabled
Prevent data from being transmitted to or stored on a non-compliant endpoint or environment.
Live StreamingAllow hosts to live stream their meetings to Workplace by Facebook or Custom Live Streaming Service.
Disabled
Prevent Restricted Use Data from being transmitted or stored in non-approved environments.
Play sound when participants join/leaveSound will be heard by host when participants join or leave.
Enabled
Improved awareness of who is currently in a meeting that may contain sensitive data.
Remote ControlDuring screen sharing, the person who is sharing can allow others to control the shared content.
Disabled
Prevent unauthorized access to endpoints with HIPAA or Restricted Use Data.
Far end camera controlAllow another user to take control of your camera during a meeting
Disabled
Prevent unauthorized access to endpoints with HIPAA or Restricted Use Data.
Remote SupportAllow meeting host to provide 1:1 remote support to another participant
Disabled
Prevent unauthorized access to endpoints with HIPAA or Restricted Use Data.
Save Captions
Disabled

Peer to Peer connections When 2 people are connected, they connect directly to each other instead of through Zoom's cloud service.DisabledFull encryption requires 

 




Keywords:HIPAA privacy secure Zoom videoconferencing   Doc ID:106002
Owner:Michael C.Group:Northwestern
Created:2020-09-18 16:08 CSTUpdated:2020-11-12 00:38 CST
Sites:Northwestern
Feedback:  1   1