Using Zoom for transmitting HIPAA information

Zoom encryption fully complies with HIPAA Security Standards to ensure the security and privacy of patient data. The company employs industry standard end-to-end Advanced Encryption Standard (AES) encryption using 256bit keys to help protect meetings. However, while ZOOM is configured for HIPAA compliance, you should use thoughtfulness in the type of data shared and how the data is shared (same university HIPAA policies and procedures apply).

If your Zoom presentation contains HIPAA data, please use the following guidance:

• Make sure to use proper handling of links and do not share using unsecure means.
  • All patient information is considered highly confidential and only the information needed for the intended purpose should be used by, and disclosed to, covered members who have a “need to know” (Minimum Necessary).

• Treat your Zoom meeting links as you would HIPAA data.
  • Do not send email unencrypted. Click on the Sending Encrypted Email link below for more information.
  • Invite only those allowed to view HIPAA data. (Minimum Necessary)

HIPAA compliance depends on ALL of us

Please review the following information:

• Policies and Procedures
• Data Classification & Impact
• Sending Encrypted Email
• Safeguards – to Protect the Privacy of PHI
• Data Integrity
• Security of ePHI on Home Computers

If you have any questions regarding this service, please contact the CU Denver | Anschutz Medical Campus OIT Service Desk at 303.724.4357.