Topics Map > Communication & Collaboration > Conferencing > Zoom
How can I protect PHI while using Zoom?
Individuals in a covered component of the University of Illinois Covered Entity may access the HIPAA compliant "UIC PHI" Zoom portal, capable of creating secure meetings for discussing PHI and providing telehealth services.
As Zoom is regularly used as a collaboration tool on campus, the UIC PHI portal will be a separate entity that requires users to agree to the acceptable use standards including reviewing and following the guidance outlined below in the Protecting PHI using Zoom HIPAA Compliant Portal document.
UIC-PHI Security Controls:
Responsibility of Meeting Owner:
- Individuals must read and understand this document before using the Zoom HIPAA Compliant Portal.
- Always ensure that you are using the correct Zoom portal when setting up your meeting, using regular university zoom meetings to discuss PHI is prohibited.
- Ensure that your meeting room is password protected or otherwise limit participant access.
- Ensure when creating meetings that no Protected Health Information is listed in the meeting title such as individual participant names or medical information.
- Technical security measures help protect rooms from access, but meeting hosts should always ensure only appropriate individuals are participating in the meeting.
- Avoid using the internet browser plugins for Zoom to Firefox/Chrome/etc - while these plugins cannot be disabled, their use is not allowed in the PHI portal.
Technical Controls Enabled for Zoom HIPAA Compliant Meetings:
- Additional encryption enabled for all participants to meet HIPAA requirements.
- Cloud and local recordings are disabled.
- Additional device and user information is logged for auditing purposes.
- Encrypted chat is enabled which will secure chat messaging that disables saving of chat and screen captures.
- File transfers with Zoom has been disabled.
Gaining access to the Zoom HIPAA Compliant Portal at the University
- Only employees, volunteers, trainees, and other persons under the direct control of the University are eligible to access the UIC-PHI portal for creating meetings.
- All meeting owners must understand and implement the required security measures discussed above.
- Follow the instructions at How can I use Zoom for PHI? for instructions on accessing the portal.