Skip to main content

Video Conferencing Guidelines

Conferencing Platforms Vetted and Approved by for Transmitting, Recording, and Sharing Protected Health Information (PHI)

Important! Using a vetted and approved platform for transmitting, recording, and sharing PHI does not mean your specific use case is appropriate. You need to consider all HIPAA guidelines and policies found in the as well as the .

For questions or more information, please contact the School of MedicineInformation Security and Privacy Office by .

Zoom HIPAA Account

Users whose primary affiliation is with the School of Medicine should be placed into a Zoom HIPAA account.

  • Signing Into Your Zoom Account
    • You must sign into your Zoom account with Single Sign-On (SSO), not your email and password.
    • You must be signed in to use the Host controls
    • You can only be signed into one device (e.g., PC, tablet, phone) at a time.
  • If you are not sure if you have a Zoom HIPAA account, you can check by visiting your. The Account Name will display “HIPAA.” Standard (non-HIPAA) Zoom accounts will display “University of North Carolina Chapel Hill” ().
    • If you schedule meetings or assign Alternate Hosts for other account owners, you must be in the same account type (e.g., a account owner cannot schedule a meeting for a HIPAA account owner).
    • If you want to opt out of your HIPAA account for a account, or if you need to be moved to a HIPAA account from your account, please visit our SOM Zoom Support page for instructions.
  • requires all meetings be secured with one security option in your .
    • You can access the Meeting Security settings by clicking “Settings” in the left-side menu, the “Meeting” tab at the top of the page, and “Security” in that section.
      Zoom meeting settings
    • School of Medicine IT recommends enabling Meeting Passcode and Embed passcode in invite link for one-click join.
      Meeting passcode enabled Embed passcode in invite link for one-click join
    • Please note: If you don’t select either Meeting Passcode or Waiting Room, Zoom will select Waiting Room by default.
  • Recording Zoom Meetings
    • Users can record to the Zoom cloud or locally to their computer.
      • Participant reporting and transcription are not available when recording locally.
    • When recordings begin, meeting attendees are prompted to accept being recorded or leave the meeting.
    • If recording locally, recordings containing PHI can be recorded to a School of Medicine managed computer that meets the .
      • It is recommended that local recordings with PHI be uploaded to a vetted and approved storage platform (e.g., OneDrive, Teams) and then deleted from your local computer.
      • Local recordings with no PHI can be uploaded into Panopto* for streaming.
        • *Note: Panopto cannot store or stream recordings with PHI, even with patient authorization.
    • Cloud recordings are stored for 30 days, then moved to the trash for 30 days where they can be recovered if needed, then deleted permanently.
    • Cloud recordings can be downloaded.
      • Recordings containing PHI can be downloaded to a School of Medicine managed computer that meets the .
        • It is recommended that downloaded recordings with PHI be uploaded to a vetted and approved storage platform (e.g., OneDrive, Teams) and then deleted from your local computer.
      • Downloaded recordings with no PHI can be uploaded into Panopto* for streaming
        • *Note: Panopto cannot store or stream recordings with PHI, even with patient authorization.
  • Zoom Webinar
    • The Zoom Webinar feature requires an additional license on your Zoom account, regardless of which account type you have. For assistance, please visit our Classroom Support page and click the Request Help button.
    • Webinar creates separate links for Presenters and Attendees.
      • When you add a Presenter, Zoom will email them their link. Please request that the Presenter not share this link. It is only intended for their use.
      • The Attendee link is the one intended for sharing with your Webinar audience.
  • More detailed Zoom HIPAA information can be found in the .

Microsoft Teams

Please refer to for detailed information.

Other Resources for Sharing PHI

  • Sharing Tier 3 Information Other Than PHI – If you are sharing any Tier 3 information other than PHI (e.g., Social Security numbers, payment card information), please review theڴǰ󲹲Ի.
  • Health employees should follow Health guidelines. All clinical care activities should only use Health tools that are subject to the guidance of Health. Please contact Health Information Services Division (ISD) at for technical assistance.
  • For Security questions or more information, please contact the School of MedicineInformation Security and Privacy Office by .
  • For Video Conferencing support, please click the Request Help or Report Conferencing Issues button on the Video Conferencing home page.

Guidelines for Including Protected Health Information (PHI) and other sensitive information (SI) within a Video Conference

When including patient Protected Health Information (PHI) and other sensitive information (SI) in a video conference, you must adhere to the following guidelines to ensure the security of the information:

  1. You must have patient authorization to share their information and be able to provide documentation if requested.
  2. Only invite attendees or share the conference links with individuals who are authorized to view the content.
  3. The ability to join the conference cannot be made publicly available.
  4. You may not include PHI or SI in the meeting title or in the email invitation.
  5. Limit your data! Only include patient information relevant to the conference meeting.
  6. Emails sent within the Chapel Hill () system or to Health (H) are considered secure.
  7. For emails containing PHI or SI sent outside the system or H, send using the “secure” function in Outlook.  For instructions on how to send secure emails, see the .
  8. If the video conference is recorded, please refer to the Platforms Approved for Sharing PHI tab above.
  9. If you reassign your recordings to another user, the user must be authorized to view the patient or sensitive information and be responsible for managing the recording as stated above.

Policies and Procedures