Please review the HIPAA Compliance Datasheet document from Zoom regarding HIPAA before using Zoom for any session that might fall under HIPAA regulations.
Storage/Recording
Zoom by default is now HIPAA compliant. It is still your responsibility to be familiar with HIPAA regulations and use of Zoom accordingly. Do not rely on Zoom to prevent you from violating HIPAA regulations. For example, while Zoom allows Cloud Recording, La Salle University Zoom cloud recordings automatically get moved to the Panopto Screen & Video Recording tool, which is not HIPAA compliant. Therefore any Zoom recordings should be done locally and not use the cloud recording feature within Zoom. For cloud recordings, the only way to use Zoom is to make sure you do not have and never create a Panopto account. Panopto accounts are automatically created in Canvas and in other scenarios. Typically, it is more likely rather than not that you either already have a Panopto account or will have one automatically created for you in the future. As such it is best to avoid using the Zoom cloud recording feature for any HIPAA related content.
- Make sure Automatic Recording is disabled in the Recording settings.
- Do not use Cloud Recording.
- Only use Local Recording if you are on a University owned desktop. We do not recommend storing to a University owned laptop due to its portability and therefore ability to be compromised.
- You may use a secure USB called IronKey. You then would need to change the location of the Local Recording location to the USB device. Most regular USB devices, even if they say they are encrypted, etc., would not be compliant. You would need to purchase an IronKey USB to ensure compliance. You may submit a Help Desk ticket if you need advice on which device to purchase and how to use.
End User/Participant Consent
You can turn on a system disclaimer in your profile settings. Not using the app, got to Profile, then Settings.
