Re: Telehealth with Zoom or Teams

[Scott Norton <dsnorton () UW EDU>]

They have not relaxed the requirements, only the enforcement; and therefor lowered your risk for the rapid deployments 
or temporary stop gap uses of non-compliment solutions.
That does not mean you might not have other risks around a breach of privacy. Just, not from them.
The biggest thing folks need to pay attention to,I think, is not digging themselves a whole so deep they can’t climb 
out of it when enforcement comes back into place.


________________________________
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Kimmitt, Jonathan 
<jonathan-kimmitt () UTULSA EDU>
Sent: Monday, March 23, 2020 7:54:37 AM
To: SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Telehealth with Zoom or Teams


Hi all,



  Thank you for the responses!  I very much appreciate them….



-Jonathan









From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Pardonek, Jim
Sent: Monday, March 23, 2020 9:46 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Telehealth with Zoom or Teams



We initially did not require a separate license for Zoom because we did not provide telehealth.  Now that we are all in 
our homes, we are taking advantage of the relaxed requirements and allowing our wellness center to use Zoom.  They are 
well aware of the security provisions and are not, for example, recording any sessions.  We will re-evaluate once 
things return to normal.



Jim



James Pardonek, MS, CISSP, CEH, GSNA

Associate Director

Chief Information Security Officer
Loyola University Chicago
1032 W. Sheridan Road | Chicago, IL  60660

•: (773) 508-6086



Loyola University Chicago will never ask you for your username or password.

For the latest information security news at Loyola, please follow us online,

Twitter: @LUCUISO

Facebook: 
https://www.facebook.com/lucuiso/<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2Flucuiso%2F&data=02%7C01%7Cdsnorton%40uw.edu%7C6e457c984b1b4e45c8a108d7cf3a22a3%7Cf6b6dd5bf02f441a99a0162ac5060bd2%7C1%7C0%7C637205720908605983&sdata=9V4%2Ff2Z6uwXoU4jSZRsJx140qMzdmTvj8Y1OE0EGNLo%3D&reserved=0>

Our Blog 
http://blogs.luc.edu/uiso/<https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fblogs.luc.edu%2Fuiso%2F&data=02%7C01%7Cdsnorton%40uw.edu%7C6e457c984b1b4e45c8a108d7cf3a22a3%7Cf6b6dd5bf02f441a99a0162ac5060bd2%7C1%7C0%7C637205720908605983&sdata=kIR7oLvMSGG1pf9T6PRoSBB3BYch3BwKiqhFjNULvMI%3D&reserved=0>



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Ted Wilder
Sent: Monday, March 23, 2020 9:41 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Telehealth with Zoom or Teams



An important recent change to HIPAA enforcement to be aware of:  
https://www.hhs.gov/hipaa/for-professionals/special-topics/emergency-preparedness/notification-enforcement-discretion-telehealth/index.html<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.hhs.gov%2Fhipaa%2Ffor-professionals%2Fspecial-topics%2Femergency-preparedness%2Fnotification-enforcement-discretion-telehealth%2Findex.html&data=02%7C01%7Cdsnorton%40uw.edu%7C6e457c984b1b4e45c8a108d7cf3a22a3%7Cf6b6dd5bf02f441a99a0162ac5060bd2%7C1%7C0%7C637205720908615980&sdata=EYWsWv3EqkqKUX12tn5s1YtNZbwr3RlJ7idtuWOI7P0%3D&reserved=0>

> From the HHS post: "OCR will exercise its enforcement discretion and will not impose penalties for noncompliance with 
> the regulatory requirements under the HIPAA Rules against covered health care providers in connection with the good 
> faith provision of telehealth during the COVID-19 nationwide public health emergency.  This notification is effective 
> immediately."



Before this new guidance, Macalester established a HIPAA-complaint Zoom sub account in our education/enterprise account.



Ted Wilder

He/Him/His

Associate Director

Information Technology Services

(651) 696-6623<tel:(651)+696-6623> | twilder () macalester edu<mailto:twilder () macalester edu>



1600 Grand Avenue

Saint Paul, MN 55105 USA



[https://lh4.googleusercontent.com/obELs00iWj6jy-wH62oQF6jiSFGFHVK213J_zBRbavAWG10TmnTbM7oGaqA6bLNEjN1N_KB1t7kNUgWUBAepMliAEcJAA45PceJCsPsw0_LVsuL6rh8ZNqokqLg5rNeE3DGpXahX]<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.macalester.edu%2F&data=02%7C01%7Cdsnorton%40uw.edu%7C6e457c984b1b4e45c8a108d7cf3a22a3%7Cf6b6dd5bf02f441a99a0162ac5060bd2%7C1%7C0%7C637205720908615980&sdata=qSyF1VUsyEexEzlVDFo%2FHaNMKvI3XoMgB82xoeeNi%2F4%3D&reserved=0>





On Mon, Mar 23, 2020 at 7:57 AM Kimmitt, Jonathan <jonathan-kimmitt () utulsa edu<mailto:jonathan-kimmitt () utulsa 
edu>> wrote:

Hi all,



  Does anybody have any checklists that you use or give to your users to ensure HIPAA compliance on Teams or Zoom?



Specifically, things like where to store recordings, specific settings for remote computers, etc….



We have some clinics on campus that are jumping into Telehealth, and I’m needing a quick start into things to think 
about for them…



Thanks all!



I hope everyone is at home, healthy and safe!



-Jonathan





~

Jonathan Kimmitt

CISSP, PCIP, CEH, CIPM,

GPEN, CIPT, CIPP/E, GSNA

Chief Information Security Officer

Information Technology

The University of Tulsa

918.631.2743

jonathan-kimmitt () utulsa edu<mailto:jonathan-kimmitt () utulsa edu>



**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cdsnorton%40uw.edu%7C6e457c984b1b4e45c8a108d7cf3a22a3%7Cf6b6dd5bf02f441a99a0162ac5060bd2%7C1%7C0%7C637205720908625969&sdata=i75x%2Fm7en2DxsTieABO%2FE49a8Um4qsd9YUsw5U%2BEcfk%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cdsnorton%40uw.edu%7C6e457c984b1b4e45c8a108d7cf3a22a3%7Cf6b6dd5bf02f441a99a0162ac5060bd2%7C1%7C0%7C637205720908625969&sdata=i75x%2Fm7en2DxsTieABO%2FE49a8Um4qsd9YUsw5U%2BEcfk%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cdsnorton%40uw.edu%7C6e457c984b1b4e45c8a108d7cf3a22a3%7Cf6b6dd5bf02f441a99a0162ac5060bd2%7C1%7C0%7C637205720908635960&sdata=BFx5hPDausANKZNZOBrPcOGfFeTqegCCHrktSyYn8hw%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cdsnorton%40uw.edu%7C6e457c984b1b4e45c8a108d7cf3a22a3%7Cf6b6dd5bf02f441a99a0162ac5060bd2%7C1%7C0%7C637205720908635960&sdata=BFx5hPDausANKZNZOBrPcOGfFeTqegCCHrktSyYn8hw%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community