West Virginia University Computer Security and Privacy Incident Reporting System

File An Incident Report Learn more about defending your data.
Submit a New Ticket
SOLE Spotlight | Integrated Tools | March 2023 - Thursday, March 2, 2023
Mountaineer Doctor Television

HSC-ITS Zoom Recording Policy for Clinical Supervision

HSC-ITS Zoom Recording Policy for Clinical Supervision

Student or Resident Patient Encounter Recordings with Faculty Oversight & Assessment 

 

Zoom Account Configuration: 

  • Each student/resident will be issued their own individual HSC Zoom acct managed under HSC’s Business Associate Agreement with ID solution/Zoom for Telehealth 
  • Zoom Account will be set and locked to record to the cloud only with auto-delete of cloud recordings set at 10 days 
  • Zoom Account will be set to require a randomly generated Meeting ID for each patient consultation.  Password and Waiting Room will also be enabled and required for each patient consultation. 
  • Cloud recording download ability will be disabled and locked 
  • This will prevent the student/resident/faculty from downloading the cloud recordings 
  • Zoom Account will be set that Only Authenticated Users can view cloud recordings and require a password to view the cloud recordings will be enabled and locked. 
  • Faculty members will need to have a licensed Zoom account under HSC portal in order to be considered an Authenticated User. 
  • Recording will be setup to auto-delete from the cloud at 10 days. 

 

 

Student/Resident Responsibility: 

  • Students/Residents will use their assigned or personally owned device to host Zoom session and record the session locked to record to cloud only.   
  • Student/Resident will provide url and auto-generated random password to supervisor to view recording stored in the cloud. 

 

 

Department Responsibility: 

  • Department will create a workflow and process to send Patient Consent and Video/Audio recording Consent forms to patients electronically – workflow and process must be approved by Privacy officer.   
  • Example: The Quin Curtis Center will use HSC Qualtric to manage tele-consent forms and will create process for download/import into Titantium.   
  • Department will establish policy to ensure the HIPAA technical, physical and administrative safeguards are being met at all times.  See below for safeguards at home that should also be followed.  
  • Use of headsets should be required for privacy purposes 
  • Employees should not allow any friends, family, etc. to use devices that access PHI. 
  • If not completed, have each employee/student sign a Confidentiality Agreement to assure the utmost privacy when handling PHI. 
  • Employees who store hard copy (paper) PHI in their home office need a lockable file cabinet or safe to store the information. 

Employees are required to have a cross-cut shredder at their location for the destruction of paper PHI once it is no longer needed. The department dean or designated representative must specify and approve when it is ok to dispose of any paper records and who specifically is allowed to retain and print at home.  https://intranet.hsc.wvu.edu/hsc-standards-policies-procedures-and-interim-hipaa-privacy-and-security-policies/phi-reviewed-4-22-2019/proper-removal-disposal-of-phi/ 

 

Reference: 

https://www.totalhipaa.com/hipaa-compliance-working-remotely/ 

https://it.wustl.edu/telecommuting/wusm-telecommuting/ 

https://its.yale.edu/remote-work-clinical-faculty-and-staff-working-covered-entity 

 

 

Interested in Learning More?  Contact Us Today: 304-293-6926 or mdtv@hsc.wvu.edu

Not what you're looking for?