Zoom and HIPAA Compliance
The University of Pittsburgh’s standard Zoom environment is not HIPAA compliant. However, the University provides access to a separate HIPAA-compliant Zoom environment for those who are conducting tele-medicine appointments or are hosting meetings that discuss protected health information. To use Zoom for HIPAA-related meetings, please follow the steps below.
Users need to request access to the University’s HIPAA-compliant Zoom environment. The process depends on whether or not you use Zoom for teaching-related activities.
- If you do NOT use Zoom for Canvas or teaching-related activities, contact the 24/7 IT Help Desk and request access to the University’s HIPAA-compliant Zoom environment. When access is granted, you will be directed to the HIPAA environment when you log in with your primary University Computing Account.
- If you DO use Zoom for instruction or teaching activities (for example, as part of a course in Canvas), contact your Responsibility Center Administrator to request a sponsored account for hosting HIPAA-compliant Zoom meetings. After your RC Admin creates a sponsored account, contact the 24/7 IT Help Desk and request access to the University’s HIPAA-compliant Zoom environment for the sponsored account.
- You should use your primary University Computing Account to host Zoom meetings within Canvas.
- You should use your sponsored account to host HIPAA-safe meetings.
- Creating a sponsored account is necessary because the HIPAA environment does not integrate with Canvas, which is necessary for teaching-related activities.
- Students requiring a HIPAA Safe Zoom account should speak with their department to request a sponsored account. Student primary accounts should not be granted HIPAA safe access because they will no longer have access to the Zoom integration within Canvas.
Once you receive confirmation that your account has been added to the HIPAA environment, you will need to log out of pitt.zoom.us, close your browser, and then log back into pitt.zoom.us using the account credentials for the HIPAA-compliant Zoom environment.
You may be taken to a verification screen to confirm that you are logging into a different account. Simply follow the prompts to confirm the account change. If this happens, you will also receive a confirmation email; click on the link in the email to confirm the account change.
Verify You Are Using the HIPAA Environment
When you log into pitt.zoom.us, verify that you are using the HIPAA-compliant Zoom environment before hosting or scheduling a meeting.
- Select the “Account Profile” tab from the left-hand menu.
- “Account Name” should display “HIPAA”
- If the “Account Name” displays “University of Pittsburgh”, do NOT proceed. Your meeting will not be HIPAA compliant.
- If you have entered the standard environment, log out and then log back in with the account credentials for your HIPAA environment. Contact the 24/7 IT Help Desk if you continue to experience login difficulties.
How the HIPAA-Compliant and Standard Zoom Environments Differ
The process for logging into Zoom is the same for the standard or HIPAA-compliant environment. Just be sure to use the login credentials for your sponsored account, if applicable. In addition, most of the functionality is identical in both environments.
However, the HIPAA-compliant Zoom environment disables several standard functions that can compromise security and confidentiality, in accordance with HIPAA regulations. The HIPAA environment settings differ from the standard environment as follows:
- Cloud recordings are not available.
- Meetings cannot be scheduled using a personal meeting.
- Personal meeting IDs have been disabled.
- Participants cannot save the chat.
- Save captions is turned off.
- Peer-to-peer connections while in a two-person meeting are turned off.
- Hosts cannot grant participants permission to record locally (a Host can record locally).
- If a meeting is being recorded locally by the Host, attendees will be prompted for their consent by a pop-up window.
- Importing of photos from a photo library on a device is disabled.
- Some add-ons or integrations may not be approved or available.
- Desktop client Chat window (not in-meeting chat) has been deactivated.
- Use of animated GIFs in the desktop client Chat (not in-meeting chat) is turned off.
- Company Contacts are not available.
Frequently Asked Questions
How do I verify that the meeting I’m joining is HIPAA compliant?
An easy way to verify that the meeting you plan to join is HIPAA compliant is to look at the meeting link in the invitation. If the meeting is HIPAA-compliant, the URL will use the following format: https://hipaa-pitt.zoom.us/#########. To ensure that you are creating a HIPAA-compliant meeting, see above (Verify You Are Using the HIPAA Environment).
How do I set or change the compliance level of a meeting?
HIPAA compliance is determined by the account settings of the Host at the time a meeting is created. Only meetings scheduled and hosted by someone within the HIPAA environment will be HIPPA compliant.
- Joining someone else’s meeting from a compliant account does not change the compliance level of the meeting.
- Being promoted to a Co-Host of a meeting that was originally scheduled by someone not in the HIPAA environment will not change the compliance level of the meeting.
- If you create a meeting in the standard environment, you cannot make it HIPAA compliant. Instead, you’ll need to reschedule the meeting in the HIPAA environment.
- Participation in a HIPAA-compliant meeting by someone in a standard Zoom environment will not affect the compliance level of the meeting. It will still be HIPAA compliant if was created and hosted by someone in the HIPAA environment.
Can I use Zoom with Canvas while using the HIPPA-compliant environment?
The Zoom integration inside of Canvas is not available when using the HIPAA-compliant Zoom environment. However, you can still log into Canvas if your primary or sponsored University Computing Account has access to these services