HIPAA-Compliant Zoom Meetings

HIPAA-Compliant Zoom Meetings
The HIPAA Zoom instance allows you to use the service in a HIPAA-compliant manner. You must still follow all HIPAA rules and regulations to ensure compliance.

Overview

The Tufts HIPAA Zoom service is a special version of the Tufts Zoom service that has enhanced security features and modified settings to make it HIPAA-compliant, allowing it to be used by members of the medical community and others who work with sensitive information, including Protected Health Information (PHI).

Examples of Zoom meetings that may require use of the HIPAA-compliant instance of the Tufts Zoom service may include, but are not limited to:

  • Telehealth appointments at Tufts University clinics, such as the Dental clinics or University Health Services.
  • Classes where HIPAA-protected information is shared with students, such as patient cases.
  • Educational experiences where students participate in telehealth or clinic group activities.

Using the Tufts HIPAA Zoom Service

In order to use the service, you must first be granted a special Tufts HIPAA Zoom license that is different from your regular Tufts Zoom license. You can then schedule HIPAA-compliant Zoom meetings through a dedicated Tufts HIPAA Zoom website. You must also sign in to the Zoom desktop client using your Tufts HIPAA Zoom license. You will still have access to your regular Tufts Zoom license, which can be used for meetings that do NOT require HIPAA compliance.

Please review the sections below for information on how to obtain and use a Tufts HIPAA Zoom license.

The HIPAA-compliant instance of Zoom is intended for specific use cases and requires a special license to access. Once granted a license, you will be assigned a special “+thz@tufts.edu” account address.

You will still have access to the regular (“academic”) version of Zoom. These two instances of Zoom are accessed in different ways and have different features.

  Regular "Academic" Zoom HIPAA-Compliant Zoom
Web portal URL tufts.zoom.us tufts-hipaa.zoom.us
Sample account address John.Jumbo@tufts.edu John.Jumbo+thz@tufts.edu
Some key differences in features
  • Cloud recording enabled
  • Personal Meeting ID (PMI) available
  • Join before host option available
  • Meeting passcodes recommended
  • Alternative hosts must have @tufts.edu addresses
  • Integrated with Canvas
  • Cloud recording disabled
  • Personal Meeting ID (PMI) disabled
  • Join before host option disabled
  • Meeting passcodes required
  • Alternative hosts must have +thz@tufts.edu addresses
  • No Canvas integration

 

Access to the Tufts HIPAA Zoom service is available to members of the following groups:

  • Tufts University School of Medicine
  • Tufts University School of Dental Medicine
  • Tufts University Health Services
  • Tufts Health Sciences Institutional Review Board (HS IRB)
  • Certain staff members in Human Resources

To obtain a Tufts HIPAA Zoom license, you need to log in to the Tufts HIPAA website. You will be granted a license when you log in for the first time. See directions below.

Logging in to the Tufts HIPAA Zoom Website

  1. Visit tufts-hipaa.zoom.us.
  2. Click Sign in.Tufts HIPAA Zoom website sign in page
  3. Log in with your Tufts username (e.g. jjumbo01) and password. You may also have to complete DUO two-factor authentication.
  4. An email with a confirmation link will be sent to your "@tufts.edu" address. Check your email and click on the link to confirm your account setup. This may take a few minutes.

    Note: If you never received the confirmation email and are having trouble accessing your Tufts HIPAA Zoom account, please email it@tufts.edu.

Managing account settings, scheduling meetings, and performing other tasks related to your Tufts HIPAA Zoom license must be done through the dedicated Tufts HIPAA Zoom website. If you are logged in to the regular Tufts Zoom site, you will need to log out before you can log in to the Tufts HIPAA Zoom site. Similarly, when you are done, you must log out of the HIPAA-specific site in order to log back in to the regular Tufts Zoom website.

Logging out of the Regular Tufts Zoom Website

  1. Click on your profile icon toward the top right of the page.
  2. Select SIGN OUT.Signing out of regular Tufts Zoom website

Logging in to the Tufts HIPAA Zoom Website

  1. Visit tufts-hipaa.zoom.us.
  2. Click Sign in.Tufts HIPAA Zoom website sign in page
  3. Log in with your Tufts username (e.g. jjumbo01) and password. You may also have to complete DUO two-factor authentication.

How Can You Tell That You are Logged in to the Tufts HIPAA Zoom Website?

When you are logged in to the Tufts HIPAA Zoom website, a Tufts Health Sciences logo will appear in the top left corner of the page. You can also click on your profile icon in the top right corner and look at the email address that is listed. If you see an address that ends in “+thz@tufts.edu” (e.g. John.Jumbo+thz@tufts.edu), you are in the HIPAA-compliant instance. If you see your normal @tufts.edu address (e.g. John.Jumbo@tufts.edu), you are NOT in the HIPAA-compliant instance.

labeled screenshot that shows how you can tell that you are using the Tufts HIPAA Zoom website

Logging out of the Tufts HIPAA Zoom Website

  1. Click on your profile icon toward the top right of the page.
  2. Select SIGN OUT.Signing out of the Tufts HIPAA Zoom website

Your special Tufts HIPAA Zoom account can be used in the regular Zoom desktop client. You do not need to download a separate application. (Note: If you do not already have it, you can download the Zoom desktop client here: https://zoom.us/download)

However, in order to use the desktop client with your Tufts HIPAA Zoom license, you must log out of your regular Tufts Zoom account and log in to your Tufts HIPAA Zoom account.

Logging out of Your Regular Tufts Zoom Account in the Desktop Client

  1. Click on your profile icon in the top right corner.
  2. Select Sign Out.Signing out of a regular Tufts Zoom account in the desktop client

Logging in to Your Tufts HIPAA Zoom Account in the Desktop Client

  1. Open the Zoom desktop application.
  2. Click Sign In.Zoom desktop client Sign In Option
  3. Select Sign in with SSO.Sign in with SSO option
  4. When prompted for your company domain, enter “tufts-hipaa” so the entire domain reads “tufts-hipaa.zoom.us”. Then, click Continue.Entering "tufts-hipaa.zoom.us" as the domain when signing in to the desktop client
  5. A new page will open in your browser (e.g. Chrome or Firefox) with a Tufts login window. Log in with your Tufts username (e.g. jjumbo01) and password. You may also have to complete DUO two-factor authentication.Tufts login window
  6. A popup message will appear. Click Open zoom.us to launch the Zoom desktop application.Launching the Zoom desktop application

How Can You Tell That You are Logged in with Your Tufts HIPAA Zoom Account?

  1. Click on the profile icon in the top right corner.
  2. Click the Show email button (Show email button).Revealing email address in the Zoom desktop client
  3. If you are logged in to the desktop client with your Tufts HIPAA Zoom account, a “+thz@tufts.edu” address (e.g. John.Jumbo+thz@tufts.edu) will be listed. If you see your regular @tufts.edu email address (e.g. John.Jumbo@tufts.edu), you are still logged in with your regular Tufts Zoom license.

Logging out of Your Tufts HIPAA Zoom Account in the Desktop Client

  1. Click on the profile icon in the top right corner.
  2. Select Sign Out.Signing out of a Tufts HIPAA account in the Zoom desktop client

Q: Do I need to download a separate desktop application to use my Tufts HIPAA Zoom license?

NO. You do not need to download a separate Zoom desktop application. However, the process for signing in to the Zoom desktop application with your Tufts HIPAA Zoom license is different. Please see the directions above.

Q: Can I still use my regular Tufts Zoom account?

YES. You will still have access to the regular Tufts Zoom website. You can also log into the Zoom desktop application with the regular “tufts.zoom.us” domain. However, you should only use the regular Tufts Zoom service for meetings that do not require HIPAA compliance. See the directions above on how to sign in/out of the regular and HIPAA-compliant Tufts Zoom services.

Q: If I schedule/host a meeting using the Tufts HIPAA Zoom service, do my meeting attendees also need a special license?

NO. When you are scheduling and hosting meetings through the Tufts HIPAA Zoom service, your meeting participants do not also need to have a special license.

Q: If I want to schedule a meeting with an alternative host, does the alternative host also need a Tufts HIPAA Zoom license?

YES. The alternative host must also have a Tufts HIPAA Zoom license. When listing the alternative host(s) in the scheduler, you must use their “+thz@tufts.edu” address (e.g. John.Jumbo+thz@tufts.edu).

Q: I recorded a meeting that I hosted through my Tufts HIPAA Zoom account and now I need to store/share it. Is there a way to store/share the recording that is also HIPAA-compliant?

YES. The Tufts Box cloud storage service is HIPAA-compliant. For more guidance, refer to the links below.

Q: Do I need to be logged in to the Tufts VPN to use the HIPAA-compliant version of Zoom?

NO.

Q: Is there anything else I should consider for HIPAA-compliant Zoom meetings?

YES. The Tufts HIPAA Zoom service gives members of the Tufts community a way to schedule and host virtual meetings that are HIPAA-compliant, but the rest is up to you as the host and your participants. Please take the appropriate steps to ensure that information is shared appropriately before, during, and after meetings.