Zoom HIPAA Compliant Conferencing Service
Northwestern will be providing a secure HIPAA-compliant service for web conferencing. Please review the differences between northwestern.zoom.us and northwestern-restricted.zoom.us before requesting to switch to the HIPPA conferencing service. To request a HIPAA compliant Zoom account - email consultant@northwestern.edu with your name, email address, netid and request the account. Due to the requirements of converting your existing account to your HIPAA account, a consult is required before the process can be completed. This is to ensure that the impact of changing is clear in how it affects your previous account and how you can use the new HIPAA account.
Request a Zoom HIPAA Account
Each account request will result in a brief consultation to ensure there is a clear understanding of the differences between NU Zoom and NU Zoom HIPAA. Email consultant@northwestern.edu with the request for a Zoom HIPAA account.
After the brief consultation, you will receive an invitation via email to join the HIPAA-compliant version of Zoom. After clicking on the invitation email to confirm the account change, you will be able to login using your Northwester NetID and password to https://northwestern-restricted.zoom.us
This service has not yet launched. If you try logging in before we launch/announce the service and conduct a consultation, the login process will fail.
Benefits
Zoom Meetings for HIPAA provides a secure conferencing service when discussing sensitive patient data while retaining most of the same functionality Zoom Meetings has to offer. Despite using a different URL, Zoom HIPAA is still integrated with your existing Northwestern NetID, eliminating the need to manage additional accounts.
Collaboration DifferencesWhen using a ZOOM HIPAA account on northwestern-restricted.zoom.us, you are no longer in the standard NU Zoom environment and will be unable to:
- be invited as a host by an NU Zoom meeting/webinar organizer
- invite NU Zoom members to your meetings as hosts
Recordings and scheduled meetings will not be carried over to the new HIPAA compliant service. Please download all Zoom recordings (instructions here) and compile a list of meetings that would need to be recreated in the new service.
Limitations
Zoom only permits one email address for your account. An existing NU Zoom account email address cannot exist in both instances at the same time. If you want to keep your existing NU email with the main Zoom instance, you would need a second email account for the HIPAA compliant Zoom service. We will discuss the differences and changes needed to use Zoom HIPAA in detail during the consultation.
HIPAA Compliance
If you require HIPAA-compliant Zoom services, several features are disabled in order to comply with HIPAA standards. There are many services that are different than in the regular NU Zoom environment. Please be aware of the following differences between Zoom Meetings and our HIPAA instance:
| Feature | Description | Status | Reason | Implications |
|---|---|---|---|---|
| Cloud Recordings | Record meetings and automatically process and store them in the cloud. | Disabled | Required by Zoom | Local recordings do not receive the automatic transcript file process. |
| Local Recording permissions (non-Hosts) | Hosts cannot give permission to participants to record locally | Disabled | HIPAA privacy | Hosts recordings would need to provided manually |
Recording Disclaimer | All participants must give consent to be recorded, otherwise they cannot participate in the meeting. | Enabled | Required by Zoom | Refusing consent prevents meeting participation |
| Meeting Passcode | All meeting types and entry points must be passcode protected. Participants joining by phone may enter using either the meeting passcode or their assigned Participant ID number. | Required | Prevent uninvited participants from randomly entering your meeting by ID number | Some participants may need to enter the password when joining without using the one-click join URL. |
| Waiting Room | Guests cannot join a meeting until a host admits them individually from the waiting room. | Required | Prevent unknown guests from joining meetings that may contain sensitive data. | The option for attendees to join the meeting before the host arrives is disabled. |
| Require Encryption for 3rd party endpoints (H.323/SIP) | Zoom requires encryption for all data between the Zoom cloud, Zoom client, and Zoom Room. Require encryption for 3rd party endpoints (H323/SIP). | Required | Required by Zoom | Participants may be unable to join meetings from SIP devices. |
| Personal Meeting ID | A dedicated Meeting ID for each account | Disabled | All meetings must be newly generated meeting ID's | |
| Identify guest participants in meeting/webinar | Guests (someone who does not belong to the BU HIPAA account) will be highlighted in the participants list of a meeting or webinar. | Required | Improved awareness of who is currently in a meeting that may contain sensitive data. | |
| Auto saving chats | Automatically save all in-meeting chats so that hosts do not need to manually save the text of the chat after the meeting starts. | Disabled | Prevent data from being transmitted to or stored on a non-compliant endpoint or environment. | Chats can be saved manually before the meeting ends. |
| Private Chat | Send chat messages in-meeting privately to others | Disabled | Prevent private messages from being sent | Chat is publicly viewable by all participants |
| File Transfer | Hosts and participants can send files through the in-meeting chat. | Disabled | Prevent data from being transmitted to or stored on a non-compliant endpoint or environment. | |
| Live Streaming | Allow hosts to live stream their meetings to Workplace by Facebook or Custom Live Streaming Service. | Disabled | Prevent Restricted Use Data from being transmitted or stored in non-approved environments. | |
| Play sound when participants join/leave | Sound will be heard by host when participants join or leave. | Enabled | Improved awareness of who is currently in a meeting that may contain sensitive data. | |
| Remote Control | During screen sharing, the person who is sharing can allow others to control the shared content. | Disabled | Prevent unauthorized access to endpoints with HIPAA or Restricted Use Data. |
| Far end camera control | Allow another user to take control of your camera during a meeting | Disabled | Prevent unauthorized access to endpoints with HIPAA or Restricted Use Data. |
| Remote Support | Allow meeting host to provide 1:1 remote support to another participant | Disabled | Prevent unauthorized access to endpoints with HIPAA or Restricted Use Data. | |
| Save Captions | Disabled | |||
| Peer to Peer connections | When 2 people are connected, they connect directly to each other instead of through Zoom's cloud service. | Disabled | Full encryption requires |