Zoom

Zoom is a high-definition video conferencing and desktop sharing software. Anyone in HSC can use Zoom with a basic account; this has constraints in hosting a meeting, with a 40 minute limit on meetings.

Make an Account

To create a Zoom account, sign in at https://hsc-unm.zoom.us/. Use your HSC network credentials to create a basic account. To be upgraded to an individual Zoom Pro License (HSC NetID and password required), you will need to:

  1. Make sure you have signed into Zoom at least once using the instructions above
  2. Submit a Zoom Pro license using this form

The licenses are for individual accounts only and not for resource, department or generic accounts.

To conduct Patient Consultations or meetings involving PHI, providers must use a HIPAA Compliant Telehealth Zoom license, issued by the UNM Center for Telehealth. Please complete the Zoom HIPAA Compliant Account training in Learning Central (online course CLT 198) to complete your certification and to have a HIPAA Compliant Zoom license issued to you.

Minimum Safeguards (no private or confidential information):

Safeguards are required for all video sessions. The base level safeguards block threats involving misuse of the service, disruptions of the session, modification or destruction of content, and/or unauthorized access to the video session.

When establishing or scheduling video conferencing services and sessions, the requester must indicate the intended purpose and whether private or confidential information will be shared during the video conference session.

Minimum for all video sessions:

  1. Require a password: Attendees must provide the password for the session joining the meeting. Procedures for sending the passwords are provided by the enterprise service provider or established by the department and may be embedded in unique links sent out prior to the meeting.

  2. The Zoom feature to record a sessions should be disabled by default. If recording is allowed or required participants should be notified that the session is being recorded. If any confidential information is included in the recording the access, storage, and sharing of the content must include security safeguards approved by HSC IT security.

Required for confidential or private sessions:

  1. Do not publicly post the session information or password: To join an unlisted meeting, attendees must provide a unique meeting number and password.

  2. Exclude the meeting password from email invitations: Send the password separately from the email invitations that are automatically sent to attendees.

Additional resources for Zoom hosts and Zoom Administrators

  1. Meeting and Webinar Best-Practices and Resources.
  2. Zoom hosts are responsible for being aware of and following best practices guidance for using Zoom.

Exceptions to these practices require IT security review prior to implementation.

Zoom meetings that will have 100 or more participants will require a Webinar request to be submitted using the following form: Webinar Request Form.

Webinars have to be scheduled and coordinated with HSC Zoom administrators in advance of the webinar event.

Unauthorized Participants

If you are concerned with the confidentiality of any meeting, you can prevent unauthorized participants by:

  1. Using passwords for the meeting

  2. Using the ZOOM “waiting room”

  3. Never advertising your meeting on public forums

  4. Take the attendance of the participants from the invite list.

You can also limit screen sharing or text messaging within Zoom if you are concerned about participant actions (such as a large public meeting).

Learn more about Zoom safety and security.

Zoom Video Storage

Please be mindful when posting, saving or storing Zoom recordings in unsecured online or cloud storage locations. Hackers have noted that the default name for Zoom recordings is zoom_0.mp4. They search the Internet to find accessible sites where recordings are posted. Some have been quite sensitive.

If sensitive content recordings are being stored on cloud, always choose option “Only authenticated users can view” and protect it with password.

Malware Attacks

Experts found several ways that attackers could load malware using Zoom. Most of these were possible but highly unlikely unless an attacker has already joined a meeting. Only accept software updates within the Zoom clients and the official ZOOM site to avoid fake updates.

Exposure of Encrypted Sessions

Be aware that only participants joining through the Zoom client are encrypted. Phone dial-ins and non-Zoom connections such as Skype are not encrypted. For more sensitive Zoom meetings, you should not allow dial-in participants.

Also, ZOOM has a structural, highly technical, long-term encryption problem. Encryption depends on a process to securely generate and share keys among the participants. Zoom key management and key

Length have some vulnerabilities. These are insider threats, meaning a Zoom employee or partner with access to the key management system. There is no evidence that this has occurred to date, but it is certainly possible.

In the longer term, HSC CIO will continue to analyze Zoom and other options for the most secure means of protecting very sensitive meetings, such as telehealth sessions. Zoom has been very transparent and adaptive in addressing security issues. Since their business survival depends on it, Zoom will likely address the encryption issues fairly quickly.

Live Trainings

Join our training events for an in-depth review of Zoom's services. Submit your questions and interact with us. All attendees receive a recording of the event. Register here.

Events

Zoom regularly hosts live demonstrations and webinars. See their upcoming calendar of events.

Zoom Support

Get technical assistance from the Zoom team. Contact Zoom Support or Technical Support Information.

The web browser client will download automatically when you start or join your first Zoom meeting, and is also available for manual download here.


The Zoom Plugin for Outlook installs a button on the Microsoft Outlook tool bar to enable you to start or schedule a meeting with one-click.