Zoom and HIPAA Compliance | Information Technology | University of Pittsburgh
!

Zoom and HIPAA Compliance

Request Access | Verify You're Using the HIPAA Environment | How the HIPAA and Standard Environments Differ | FAQs

 

The University of Pittsburgh’s standard Zoom environment is not HIPAA compliant. However, the University provides access to a separate HIPAA-compliant Zoom environment for those who are conducting tele-medicine appointments or are hosting meetings that discuss protected health information. To use Zoom for HIPAA-related meetings, please follow the steps below. 

 

Request Access

Users need to request access to the University’s HIPAA-compliant Zoom environment. The process depends on whether or not you use Zoom for teaching-related activities.  

  • If you do NOT use Zoom for Canvas or teaching-related activities, contact the 24/7 IT Help Desk and request access to the University’s HIPAA-compliant Zoom environment.  When access is granted, you will be directed to the HIPAA environment when you log in with your primary University Computing Account.
  • If you DO use Zoom for instruction or teaching activities (for example, as part of a course in Canvas), contact your Responsibility Center Administrator to request a sponsored account for hosting HIPAA-compliant Zoom meetings. After your RC Admin creates a sponsored account, contact the 24/7 IT Help Desk and request access to the University’s HIPAA-compliant Zoom environment for the sponsored account.
    • You should use your primary University Computing Account to host Zoom meetings within Canvas.
    • You should use your sponsored account to host HIPAA-safe meetings.
    • Creating a sponsored account is necessary because the HIPAA environment does not integrate with Canvas, which is necessary for teaching-related activities.
    • Students requiring a HIPAA Safe Zoom account should speak with their department to request a sponsored account.  Student primary accounts should not be granted HIPAA safe access because they will no longer have access to the Zoom integration within Canvas.

Once you receive confirmation that your account has been added to the HIPAA environment, you will need to log out of pitt.zoom.us, close your browser, and then log back into pitt.zoom.us using the account credentials for the HIPAA-compliant Zoom environment.  

You may be taken to a verification screen to confirm that you are logging into a different account. Simply follow the prompts to confirm the account change. If this happens, you will also receive a confirmation email; click on the link in the email to confirm the account change.

Verify You Are Using the HIPAA Environment

When you log into pitt.zoom.us, verify that you are using the HIPAA-compliant Zoom environment before hosting or scheduling a meeting.   

  1. Select the “Account Profile” tab from the left-hand menu.

  1. “Account Name” should display “HIPAA”
  2. If the “Account Name” displays “University of Pittsburgh”, do NOT proceed. Your meeting will not be HIPAA compliant.
  3. If you have entered the standard environment, log out and then log back in with the account credentials for your HIPAA environment. Contact the 24/7 IT Help Desk if you continue to experience login difficulties.

How the HIPAA-Compliant and Standard Zoom Environments Differ

The process for logging into Zoom is the same for the standard or HIPAA-compliant environment. Just be sure to use the login credentials for your sponsored account, if applicable. In addition, most of the functionality is identical in both environments.

However, the HIPAA-compliant Zoom environment disables several standard functions that can compromise security and confidentiality, in accordance with HIPAA regulations. The HIPAA environment settings differ from the standard environment as follows:

  • Cloud recordings are not available.
  • Meetings cannot be scheduled using a personal meeting.
  • Personal meeting IDs have been disabled.
  • Participants cannot save the chat.
  • Save captions is turned off.
  • Peer-to-peer connections while in a two-person meeting are turned off.
  • Hosts cannot grant participants permission to record locally (a Host can record locally).
  • If a meeting is being recorded locally by the Host, attendees will be prompted for their consent by a pop-up window.
  • Importing of photos from a photo library on a device is disabled.
  • Some add-ons or integrations may not be approved or available. 
  • Desktop client Chat window (not in-meeting chat) has been deactivated.
  • Use of animated GIFs in the desktop client Chat (not in-meeting chat) is turned off.
  • Company Contacts are not available.

Frequently Asked Questions