Using Zoom in HIPAA Compliant Settings

Owned by Eric Zematis
Last updated: Sep 18, 2024 by Trevor Kanhoye
2 min read

HIPAA compliance at Lehigh University is limited to a few specific areas on campus. If Zoom is used in these sensitive areas then these settings are mandatory and must be configured by the individual user.

Individual responsibilities for Zoom configuration in HIPAA-Compliant Settings Only:

  1. Open Web Browser → Video Conferencing, Web Conferencing, Webinars, Screen Sharing

    1. Enter the following for company domain: lehigh

    2. Enter username and password credentials and click Login

  2. Located on the left menu pane: select Settings

    1. Navigate to security: select "Waiting Room". This will allow users to enable a virtual staging area that prevents people from joining a meeting until the host is ready. Meeting host(s) can then admit people in the Waiting Room individually or all at once. This reduces the risk of unauthorized participant(s) from joining the meeting.

    2. Scroll down within security section and enable the following: "Allow use of end-to-end encryption". Click Enable.

    3. Scroll down to "Default encryption type" and select the following: End-to-end encryption. Click Save.

    4. Scroll down to "Only authenticated meeting participants and webinar attendees can join meetings and webinars" and select to enable authentication functionality.

    5. Scroll down to "Only authenticated users can join meetings from Web client" and select to enable reinforce web authentication functionality.

    6. Scroll down to "Block users in specific domains from joining meetings and webinars" and enable functionality. Add domains and click Save.

    7. Scroll down to "Meeting chat" and disable (e.g., select slider) to not allow meeting participants to send chat messages. Click Disable.

Disabling_Chat_Messages.png
Disable Meeting Chat

  1. Scroll down to "Screen sharing" and disable functionality.

  2. In an Active Meeting Only: Click on Host tools and select Lock Meeting feature in order to prevent any other participants from joining the meeting. See screenshot below.

Lock_Meeting.png
Active Meeting Only: Lock Meeting Feature

  1. HIPAA-Best Practice: Adopt and follow as a best practice limiting the transmission of ePHI data to a minimum.

  2. Two-Factor Authentication Verification Only: Verify with your organization (e.g., LTS IS) that Zoom’s Two-Factor Authentication is enabled to protect users against security breaches.

Â