Six steps to help maximize security on Zoom
The popular teleconferencing platform is making everyone’s work lives easier. Here are a few ways to help keep your sessions private.
As we all adapt to the changes related to our COVID-19 work environment, Zoom® has become a welcomed technology to facilitate USA Health telemedicine, provide virtual education and stay connected to our colleagues.
Carrie Pace, assistant chief HIPAA compliance officer for USA Health, provides some security points for all employees to remember when conducting USA Health business remotely and using the Zoom teleconferencing platform:
- Use the USA Health instance of Zoom. You can do this by accessing usahealthsystem.zoom.us.
- Enable a Zoom meeting password. When the meeting invitation is sent to the participant, your password will be included.
- Do not use a personal meeting ID.
If you have previously used the University of South Alabama version of Zoom (southalabama.zoom.us) you will be prompted to switch your Zoom account. This will require you to acknowledge an email sent from no-reply@zoom.us with a link.
However, healthcare providers are not encouraged to include a password on invitations to patients. We do not want the process to be cumbersome for patients attempting to join Zoom sessions.
Allowing Zoom to generate a new meeting ID for each session ensures that no one can recall your personal meeting ID by entering it on the Zoom website. As a host, Zoom provides security features to govern meeting participation.
• Use the waiting room feature of Zoom to control when participants can join your meeting. This ensures that unknown/unwanted participants cannot access the meeting.
However, healthcare providers are not encouraged to use the waiting room function when providing telemedicine.
• Lock the meeting once all participants have joined.
• Turn off screen sharing by default.
Screen sharing can allow a participant to inadvertently share content they have on their device. By turning off screen sharing by default, the host must allow the participant the ability to share their screen.
“To ensure a strong security posture, all employees working remotely should also remember to turn off their home artificial intelligence devices such as Amazon Echo®, Google Nest®, Apple Home®, etc.,” Pace said. “These devices are designed to actively listen and could easily ‘hear’ USA Health business or a patient’s protected health information.”
Pace stressed that USA Health does not intend to apply security measures that hinder a patient’s ability to connect with healthcare providers. “The general security features of Zoom should coincide with the clinical workflow,” she said. “If you find that you are having issues with this, please reach out to your director of operations, who will work with IT and the Office of HIPAA Compliance to evaluate the most acceptable solution to protect our patient privacy and USA Health.”
More information on Zoom, troubleshooting tips and other useful resources is available on the Innovation in Learning Center’s page.
