Zoom is an enterprise videoconferencing service with real-time messaging and content sharing. A specialized configuration of Zoom for use with Protected Health Information (PHI)—called Zoom for Health at U-M—is provided to all members of the U-M community who report up to the Vice President for Medical Affairs (this includes all Michigan Medicine faculty, staff, students, and sponsored affiliates), as well as those in the School of Dentistry, the School of Nursing, and the College of Pharmacy. These people are automatically directed to Zoom Health when they log in to Zoom.
Other members of the U-M community who need to use Zoom for Health can switch from Zoom at U-M to Zoom for Health at U-M at Zoom for Health Opt-In.
U-M has signed a Business Associate Agreement (BAA) with Zoom, which allows for use of Zoom for Health at U-M with Protected Health Information (PHI, regulated by HIPAA). Zoom for Health at U-M provides end-to-end encryption at the start of every Zoom for Health session, strong access controls, and other IT security measures. You are responsible for using Zoom for Health at U-M appropriately with sensitive university data.
Some of the standard Zoom features have been modified, limited, or disabled for users of Zoom for Health at U-M:
Meeting Control and Privacy
- Meetings are not listed publicly.
- The Live Transcription feature is not currently available. See U-M Accessibility: Live Captioning for alternate options.
- Meeting access is password-protected.
- During a meeting, you will be able to share your screen (whether PHI is included or not).
- Screen sharing transmits encrypted data related to the screen sharing, including mouse and keyboard strokes.
Capturing and Recording
- Cloud recording is disabled. When recording a meeting, you are only allowed to record to your local device.
- The ability to take screen captures of a meeting is disabled.
- During a meeting, you will be able to see each attendee’s name or Internet Protocol (IP) address. When the meeting has ended, you will no longer have the ability to see attendee names or IP addresses.
- After a meeting has ended, you will only be able to see:
- The time the meeting took place.
- The name/title of the meeting.
- The time each attendee joined the meeting.
- All chat messages are encrypted.
- Chat messages are not saved after a meeting ends.
IMPORTANT: Zoom for Health at U-M does not distribute patient data.
For additional ways to secure your Zoom meetings, see How to Secure Meetings in Zoom.
Additional Precautions When Using Zoom for Health with PHI
- For use in telemedicine or telehealth. You must consult Virtual Care at TelehealthTeam@med.umich.edu or Michigan Medicine Virtual Care.
- Secure your space. Make sure documents or other materials with visible PHI in the area around you are hidden before opening a video connection.
Requirements When Using Zoom for Health with Sensitive Data (data classified as High or Restricted)
- Do NOT use the recording feature unless it is required for a specific institutional purpose and, as necessary, you have obtained permission from data stewards or participants.
Live streaming. You may use Zoom webinars for live streaming public events. Zoom meetings cannot be livestreamed.
- Live stream public events only.
- No sensitive data can be included in live streamed webinars.
- Live streaming may not be used for teaching, learning, or research activities.
- If any individuals might appear in the live stream (video and/or audio), those individuals:
- Must be notified in advance that the event will be livestreamed.
- Given the option to opt-out.
Restricted countries. People in some countries are unable to access Zoom for regulatory reasons. See Zoom: Restricted countries or regions.