To request a new institutional storage account, fill out the Institutional storage request form.Īt Indiana University, never store files containing sensitive institutional data, especially protected health information ( PHI) regulated by the Health Insurance Portability and Accountability Act of 1996 ( HIPAA), on your desktop workstation, laptop, USB flash drive, tablet, smartphone, or other mobile device unless the files are properly encrypted on the device, and your senior executive officer or the IU Institutional Review Board (IRB) has given prior written approval. Once a recording is complete, follow HIPAA best practices for storing any recording that contains protected health information (PHI). Attendees can only record with host permission. Hosts with Zoom Health accounts can record Zoom meetings locally to their workstations. Zoom Health accounts do not allow cloud recordings. Attendees cannot save chats from Zoom Health sessions. Chats cannot be saved to Zoom cloud storage. Zoom Health hosts can only save chats from Zoom Health sessions to their local workstations.Users with Zoom Health accounts do not have access to third-party apps offered in the Zoom App Marketplace.If an unexpected attendee attempts to join the meeting, the host can message them while they remain in the waiting room. Waiting rooms are enabled by default for all attendees. Distributed administrative or technical teams working directly with patient data.Clinical researchers interviewing participants or participant teams as part of research projects.Distributed research team working sessions with patient data.Indiana University and Zoom have signed a Business Associates Agreement (BAA) to facilitate private, secure online collaborations for research, teaching, or administration involving the transmission of protected health information (PHI).įollowing are some examples of Zoom collaborations that involve PHI and should be conducted using a Zoom Health account: Physical, and technical safeguards that complement those UITS already has in place.įor guidance on division of responsibility when using a UITS system approved for PHI, see Shared responsibility model for securing PHI on UITS systems. You may use this system or service for work involving data that contain PHI only if you institute additional administrative, However, using this system or service does not fulfill your legal responsibilities for protecting the privacy and security of data that contain PHI. This UITS system or service meets certain requirements established in the HIPAA Security Rule thereby enabling its use for work involving data that contain protected health information ( PHI).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |