Zoom Acceptable Use
Zoom security has been a recent focus in the news and announcements from large organizations like Google and NASA banning the use of Zoom has created inflated anxiety over the security of the Zoom platform. While there have been some legitimate concerns, most, if not all of those, have been resolved and are now acceptable to a large portion of use cases important to the University of Oklahoma. All other security concerns may be resolved through adhering to best practice guides.
OU Security’s recommendation for Zoom is that it is approved for use for the following data types and use cases:
- Academic instruction
- Academic advising
- General research activity
- Administrative and Financial business
The platform should NOT be used for ITAR, CUI or other sensitive research.
OU Zoom Environments
The University of Oklahoma has two distinct, separate Zoom environments:
Standard Zoom environment | HIPAA-Compliant Zoom environment |
---|---|
Primary environment used for teaching and most university administrative matters. The Standard Zoom environment is not HIPAA compliant. | Secure platform for OU users needing online collaboration and meetings for HIPAA care components, research, conducting provider-to-provider telemedicine consultations (not direct patient care), or hosting meetings that discuss Protected Health Information (PHI). |
For more information on the differences between HIPAA-Compliant Zoom and Standard Zoom Environments, including settings and functionality, please see the OU Zoom Environment FAQs.
Request Access to OU HIPAA-Compliant Zoom
Health Sciences Center users (faculty, staff, student, affiliate, resident, volunteer, & fellow) do not need to request access to HIPAA-Compliant Zoom service; they have already been provided a Zoom Pro License for this service. All other users, including Health Care Components that are not with the Health Sciences Center, who could potentially discuss PHI, must enroll in HIPAA-Compliant Zoom service by contacting the OU IT Help Desk at (405)-325-HELP (4357).
Exemption for Educational Use
If you are a current HIPAA-Compliant Zoom user and require access to the University of Oklahoma’s Standard Zoom environment, please follow the instructions below.
ACTION | DESCRIPTION | TIMELINE |
---|---|---|
Submit an exception request | Submit an exception request at OU IT Exception Request. Provide as much information as possible regarding the specific use-case. | Two minutes |
IT GRC Review | The OU IT GRC will work with you to ensure your usecase matches the appropriate Zoom environment. | One - two days |
Understand Your Responsibilities | Review the OU Zoom for HIPAA FAQs to understand how to use Zoom services securely, and understand your responsibilities as a user. | Varies depending on your availability |
PLEASE NOTE: Zoom users that could interact with PHI using Zoom in the foreseeable future will not be moved into the University of Oklahoma’s Standard Zoom environment and the exception request will be denied. Zoom users cannot switch back and forth between environments. A user may only reside in one environment.