Service Description
Zoom is an enterprise video conferencing service with real-time messaging and content sharing. Zoom at U-M is available to faculty, staff, students, and sponsored affiliates on the UM-Ann Arbor, UM-Dearborn, UM-Flint, and Michigan Medicine campuses.
The Zoom for Health at U-M service previously provided to members of the Michigan Medicine, Pharmacy, Nursing, and Dentistry communities was retired on January 3, 2021.
Compliance
Zoom at U-M provides appropriate security and compliance assurances that allows it to be used for a wide variety of use cases, including teaching and learning. It provides encryption at the start of every Zoom session, strong access controls, and other IT security measures. Recommendations for securing your Zoom meetings are at ITS: How to Secure Meetings in Zoom. You are responsible for using Zoom appropriately with sensitive university data.
Recording
When using Zoom with sensitive data (data classified as High or Restricted),
- Do NOT use the recording feature unless it is required for a specific institutional purpose and, as necessary, you have obtained permission from data stewards or participants. Zoom collects and maintains data related to the date, time, and attendees of a meeting. Actual video or audio content is only stored by Zoom if the meeting host turns on the recording feature.
Live Streaming
You may use Zoom webinars for live streaming public events. Zoom meetings cannot be live streamed.
- Live stream public events only.
- No sensitive data can be included in live streamed webinars.
- Live streaming may not be used for teaching, learning, or research activities.
- If any individuals might appear in the live stream (video and/or audio), those individuals:
- Must be notified in advance that the event will be live streamed.
- Given the option to opt-out.
Zoom and PHI
Additional precautions are needed when using Zoom with Protected Health Information (PHI). Zoom at U-M includes the safeguards required by HIPAA. Accordingly, you may use it to maintain Protected Health Information. Complying with HIPAA's requirements is a shared responsibility. Users sharing and storing PHI in Zoom at U-M are responsible for complying with HIPAA safeguards, including the following:
- Use and disclose only the minimum necessary PHI for the intended purpose.
- Obtain all required authorizations for using and disclosing PHI.
- Ensure that PHI is seen only by those who are authorized to see it.
Secure your space. Make sure documents or other materials with visible PHI in the area around you are hidden before opening a video connection. - For use in telemedicine or telehealth. You must consult Virtual Care at [email protected] or Michigan Medicine Virtual Care.
- Follow any additional steps required by your unit to comply with HIPAA.
Restricted Countries
People in some countries are unable to access Zoom for regulatory reasons. See Zoom: Restricted countries or regions.