Skip to main content
Return to Campus Tech Tips

Video Conferencing Policies & Guidelines

Conferencing Platforms Vetted and Approved by UNC for Transmitting, Recording, and Sharing Protected Health Information (PHI)

Important! Using a UNC vetted and approved platform for transmitting, recording, and sharing PHI does not mean your specific use case is appropriate. You need to consider all HIPAA guidelines and policies found in the Privacy of Protected Health Information Policy, as well as the Information Security Controls Standard.

For questions or more information, please contact the School of Medicine Information Security and Privacy Office by opening a Help Request.

Zoom HIPAA Account

Users whose primary affiliation is with the School of Medicine should be placed into a Zoom HIPAA account.

  • Signing Into Your Zoom Account
    • You must sign into your Zoom account with Single Sign-On (SSO), not your email and password.
    • You must be signed in to use the Host controls
    • You can only be signed into one device (e.g., PC, tablet, phone) at a time.
  • If you are not sure if you have a Zoom HIPAA account, you can check by visiting your Zoom Account Profile page. The Account Name will display “HIPAA.” Standard (non-HIPAA) Zoom accounts will display “University of North Carolina Chapel Hill” (UNC).
    • If you schedule meetings or assign Alternate Hosts for other account owners, you must be in the same account type (e.g., a UNC account owner cannot schedule a meeting for a HIPAA account owner).
    • If you want to opt out of your HIPAA account for a UNC account, or if you need to be moved to a HIPAA account from your UNC account, please visit our SOM Zoom Support page for instructions.
  • UNC requires all meetings be secured with one security option in your Zoom account.
    • You can access the Meeting Security settings by clicking “Settings” in the left-side menu, the “Meeting” tab at the top of the page, and “Security” in that section.
      Zoom meeting settings
    • School of Medicine IT recommends enabling Meeting Passcode and Embed passcode in invite link for one-click join.
      Meeting passcode enabled Embed passcode in invite link for one-click join
    • Please note: If you don’t select either Meeting Passcode or Waiting Room, Zoom will select Waiting Room by default.
  • Recording Zoom Meetings
    • Users can record to the Zoom cloud or locally to their computer.
      • Participant reporting and transcription are not available when recording locally.
    • When recordings begin, meeting attendees are prompted to accept being recorded or leave the meeting.
    • If recording locally, recordings containing PHI can be recorded to a School of Medicine managed computer that meets the Information Security Control Standard.
      • It is recommended that local recordings with PHI be uploaded to a vetted and approved storage platform (e.g., OneDrive, Teams) and then deleted from your local computer.
      • Local recordings with no PHI can be uploaded into Panopto* for streaming.
        • *Note: Panopto cannot store or stream recordings with PHI, even with patient authorization.
    • Cloud recordings are stored for 30 days, then moved to the trash for 30 days where they can be recovered if needed, then deleted permanently.
    • Cloud recordings can be downloaded.
      • Recordings containing PHI can be downloaded to a School of Medicine managed computer that meets the Information Security Controls Standard.
        • It is recommended that downloaded recordings with PHI be uploaded to a vetted and approved storage platform (e.g., OneDrive, Teams) and then deleted from your local computer.
      • Downloaded recordings with no PHI can be uploaded into Panopto* for streaming
        • *Note: Panopto cannot store or stream recordings with PHI, even with patient authorization.
  • Zoom Webinar
    • The Zoom Webinar feature requires an additional license on your UNC Zoom account, regardless of which account type you have. For assistance, please visit our Classroom Support page and click the Request Help button.
    • Webinar creates separate links for Presenters and Attendees.
      • When you add a Presenter, Zoom will email them their link. Please request that the Presenter not share this link. It is only intended for their use.
      • The Attendee link is the one intended for sharing with your Webinar audience.
  • More detailed Zoom HIPAA information can be found in the Zoom HIPAA Compliance Datasheet.

Microsoft Teams

Please refer to UNC Storage Offerings for detailed information.

Other Resources for Sharing PHI

  • Sharing Tier 3 Information Other Than PHI – If you are sharing any Tier 3 information other than PHI (e.g., Social Security numbers, payment card information), please review the Information Classification Standard beforehand.
  • Virtual Care Operations should be performed under the guidance of UNC Health. Please refer to the VCC intranet site for updates and resources.
  • For Security questions or more information, please contact the School of Medicine Information Security and Privacy Office by opening a Help Request. 
  • For Video Conferencing support, please click the Request Help or Report Conferencing Issues button on the Video Conferencing home page.

Guidelines for Including Protected Health Information (PHI) and other sensitive information (SI) within a Video Conference

When including patient Protected Health Information (PHI) and other sensitive information (SI) in a video conference, you must adhere to the following guidelines to ensure the security of the information:

  1. You must have patient authorization to share their information and be able to provide documentation if requested.
  2. Only invite attendees or share the conference links with individuals who are authorized to view the content.
  3. The ability to join the conference cannot be made publicly available.
  4. You may not include PHI or SI in the meeting title or in the email invitation.
  5. Limit your data! Only include patient information relevant to the conference meeting.
  6. Emails sent within the UNC Chapel Hill (UNC) system or to UNC Health (UNCH) are considered secure.
  7. For emails containing PHI or SI sent outside the UNC system or UNCH, send using the “secure” function in Outlook.  For instructions on how to send secure emails, see the UNC Encrypted Email (Encryption) help article.
  8. If the video conference is recorded, please refer to the Platforms Approved for Sharing PHI tab above.
  9. If you reassign your recordings to another user, the user must be authorized to view the patient or sensitive information and be responsible for managing the recording as stated above.

UNC Policies and Procedures