Body
A small number of Dartmouth staff and faculty, in the course of their work or research at Dartmouth, may need to use Zoom to transmit personal health information (PHI) in accordance with HIPAA guidelines.
If you need to use Zoom to transmit PHI in accordance with HIPAA guidelines, then you need to contact the Service Desk to update your Dartmouth Zoom account to be HIPAA compliant.
Examples of the need for a HIPAA compliant Zoom account are below.
- You provide telehealth services.
- You administer health insurance benefits.
- Your research data use agreement (DUA) specifies that you must comply with HIPAA.
- You entered in to a business associate agreement (BAA) with a HIPAA covered entity.
To request a HIPAA compliant Zoom account, please submit a service request here.
Please be aware that configuring your account enables Zoom to be used as a communication channel for transmission of PHI in accordance with HIPAA guidelines. However, you remain responsible to ensure you are using the Zoom in compliance with HIPAA, DUA and any applicable laws, regulations, and institutional policies.
Once you have been added to Dartmouth's Zoom HIPAA sub-account you will notice that some of its features are different, in order to comply with HIPAA. Examples of differences include:
- Cloud recordings and local recordings are both unavailable.
- You cannot add alternate hosts from outside the HIPAA sub-account, and vice versa. A meeting host from Dartmouth's main Zoom account cannot add alternate hosts from within Dartmouth's Zoom HIPAA sub-account.
To learn more about Zoom and HIPAA compliance, see Zoom's HIPAA Compliance Guide.