Presentation is loading. Please wait.

Presentation is loading. Please wait.

Incorporating HIPAA into your

Published byAmie Maud Sutton Modified over 6 years ago

Similar presentations

Presentation on theme: "Incorporating HIPAA into your"— Presentation transcript:

1 Incorporating HIPAA into your
Wayne J. Fields, MBA Assistant Director, Student Affairs IT Office of Information Technology UCCSC UC Davis

2 Background UCCSC UC Davis

3 Where do Zoom & HIPAA intersect? What is the process to get setup?
Key Discussion Points What is Zoom? What is HIPAA? Where do Zoom & HIPAA intersect? What is the process to get setup? UCCSC UC Davis

4 is a meeting solutions (web conferencing) software platform.
What is Zoom? is a meeting solutions (web conferencing) software platform. Gartner peer insights Meeting solutions are real-time collaboration tools that support interactions over a network between participants for team work, presentations, training and webinars. Enterprise offerings in this market perform equally well for workers in meeting spaces, at their desks or when mobile, with integrated voice, video, screen sharing, messaging and content sharing. UCCSC UC Davis

5 Who are Zoom’s competitors?
UCCSC UC Davis

6 Why use Zoom? HD Video & Audio conferencing Screen Sharing
Video Breakout Rooms Co-Annotation Multi-Sharing Recording of Sessions / Classes Any Device Closed Captioning Group Messaging Polling Dashboards /Management Tools LTI REST API Easy User Management / SSO Security Complete End-to-End 256-bit AES encryption Zoom for Education data sheet UCCSC UC Davis

7 As of July 2016, the UC-wide ReadyTalk agreement expired.
Alternatively, UC entered into a new agreement with Zoom which provided EDU (PRO) licenses at a cost of $9.99 per user / per year. In Oct 2017, due to increased deployment across all UC locations, license counts jumped into a higher tier resulting in an immediate 10% price reduction to $8.99 per user / per year. UCCSC UC Davis

8 What is HIPAA? HIPAA (Health Insurance Portability and Accountability Act of 1996) is legislation that provides data privacy and security provisions for safeguarding medical information. The Act contains 5 sections or titles. Title I: HIPAA Health Insurance Reform Title II: HIPAA Administrative Simplification Title III: HIPAA Tax-Related Health Provisions Title IV: Application and Enforcement of Group Health Plan Requirements Title V: Revenue Offsets National Provider Identity Transactions and Code Sets HIPAA Privacy Rule HIPAA Security Rule HIPAA Enforcement Rule UCCSC UC Davis

9 Who must enforce HIPAA compliance?
HIPAA-covered entities include health plans, clearinghouses, and certain health care providers. Providers are defined as those entities who submit HIPAA transactions, such as claims, electronically are covered. These providers include, but are not limited to: Doctors Clinics Psychologists* Dentists Chiropractors Nursing homes Pharmacies Student Health Centers * Even though the Counseling Center does not file claims, the standard of care is to protect the privacy of patient records. HIPAA has really gone beyond the scope for which it was originally written and is now far more encompassing. UCCSC UC Davis

10 How does Zoom enable HIPAA compliance?
In terms of video conferencing, the solution and security architecture must provide end-to-end encryption and meeting access controls so data in transit cannot be intercepted. The general requirements of HIPAA Security Standards state that covered entities must: 1. Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity creates, receives, maintains, or transmits. 2. Protect against any reasonably-anticipated threats or hazards to the security or integrity of such information. 3. Protect against any reasonably-anticipated uses or disclosures of such information that are not permitted or required under the privacy regulations. 4. Ensure compliance by its workforce. UCCSC UC Davis

11 How does Zoom enable HIPAA compliance?
Example: Security and Encryption Only members invited by account administrators can host Zoom meetings. The host controls attendance through the use of meeting IDs and passwords. Each meeting has only one host. The host can screen share or lock screen sharing. Zoom employs industry-standard end-to-end Advanced Encryption Standard (AES) encryption using 256-bit keys to protect meetings. * UCCSC UC Davis

12 How does Zoom enable HIPAA compliance?
Example: Screen Sharing in Healthcare Medical professionals and authorized healthcare partners can use Zoom to meet with patients and other healthcare professionals to screen-share health records and other resources. Zoom does not distribute the actual patient data. Screen sharing transmits encrypted screen capture along with mouse and keyboard strokes only, not the actual data. UCCSC UC Davis

13 How does Zoom enable HIPAA compliance?
Business Associate Agreement (BAA) Zoom acknowledges: Will keep patient information secure Will report any security breaches involving PHI DO NOT have access to any PHI Will protect and encrypt all audio, video and screen sharing data UCCSC UC Davis

14 How does Zoom enable HIPAA compliance?
Key Takeaways: UCOP executed a BAA with Zoom on behalf of the entire UC system! There is no need for each individual campus to execute a separate agreement. UCCSC UC Davis

15 HIPAA settings are applied by Zoom on the account level!
Key Takeaways: HIPAA settings are applied by Zoom on the account level! If certain users require HIPAA settings and others do not, you WILL need separate accounts You do have the ability to move users / licenses between the accounts if needed This is done through the use of Zoom Master / Sub Accounts UCCSC UC Davis

16 UCCSC UC Davis

17 Key Takeaways: If you decide to setup any sub accounts, your master account will be converted to a bulk license account only. Therefore, licenses can only be added in bulk by the Zoom Account Representative. Once an account (master or sub) is setup, you need to request that Zoom apply the HIPAA settings to your account. Users can be added to the HIPAA compliant account after the settings have been applied. UCCSC UC Davis

18 Key Takeaways: It is still possible for HIPAA Rules to be violated using the Zoom platform, so users must be aware of their responsibilities with respect to patient privacy, and must only share or communicate PHI with individuals authorized to receive the information. It is the responsibility of the covered entity to ensure Zoom is used correctly and HIPAA Rules are always followed. UCCSC UC Davis

19 BAA Security Settings for Zoom Meetings
All the following features are required to be enabled/disabled on the backend for BAA customers during provisioning process.  All features must be set and the customer does not have an option to pick which feature they want enabled/disabled, except for IM/Presence.  IM/Presence is enabled by default in a BAA account, but the customer can request to have the feature disabled.   Once a BAA is signed with Zoom, the following will be enacted on your Zoom account MEETING FEATURES ENABLED/DISABLE: 1.     End-To-End Encryption will be enabled for all meetings 2.     In-Meeting File Transfer will be disabled 3.     Cloud Recording will be disabled. 4.     Remove device/user information in logging and all reporting (i.e. meeting history reports will NOT include attendee information) 5.     Encrypted Chat will be enabled. Please note if chat has been disabled, please submit a request to have it enabled. ENCRYPTED CHAT FEATURES: 1.     Text messages will be encrypted 2.     Off-line messages will only be available after all parties initiate a key exchange 3.     Disable file sharing 4.     Disable screen capture 5.     Disable sending images UCCSC UC Davis

20 HIPAA Business Associates Agreement Zoom HIPAA Compliancy Guide
For additional Zoom HIPAA and Security Information, please see the following: HIPAA Business Associates Agreement Zoom HIPAA Compliancy Guide Zoom Security Guide Michele Fairbank Senior Sales Executive - Education Zoom Video Communications Call    I  Click zoom.us  I  Zoom  UCCSC UC Davis

21 Where do Zoom & HIPAA intersect? What is the process to get setup?
Review What is Zoom? What is HIPAA? Where do Zoom & HIPAA intersect? What is the process to get setup? UCCSC UC Davis

22 QUESTIONS UCCSC UC Davis

23 Contact Information UCCSC UC Davis

Download ppt "Incorporating HIPAA into your"

Similar presentations

HIPAA AWARENESS TRAINING

HIPAA AWARENESS TRAINING
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Westbrook Technologies from Document Management’s Role in HIPAA.

Westbrook Technologies from Document Management’s Role in HIPAA.
 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”

 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”
 The Health Insurance Portability and Accountability Act of 1996.  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Health Insurance Portability & Accountability Act (HIPAA)

Health Insurance Portability & Accountability Act (HIPAA)
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
HIPAA – Health Insurance Portability & Accountability Act and the Privacy Act MSgt Nechele M. Chambers Senior Enlisted Liaison TRICARE Area Office-Europe.

HIPAA – Health Insurance Portability & Accountability Act and the Privacy Act MSgt Nechele M. Chambers Senior Enlisted Liaison TRICARE Area Office-Europe.
© 2011 Verizon. All Rights Reserved. Reserved Net Conference for Cisco WebEx Event Center Presenter Name Presenter Title Month XX, 2013.

© 2011 Verizon. All Rights Reserved. Reserved Net Conference for Cisco WebEx Event Center Presenter Name Presenter Title Month XX, 2013.
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.

Similar presentations

Ads by Google