Any user signing into UNC Cancer Network’s Webex will be assumed to understand and agree with the user agreement and PHI Video Conferencing Policy.
UNC School of Medicine IT
Academic Technology Services
User Agreement and Acceptable Usage Policy for UNC/UNC Lineberger Zoom
Effective November 12, 2018
Acceptance of Agreement
Zoom is a web and video conferencing service provided by the University of North Carolina in coordination with the Lineberger Comprehensive Cancer Center. This agreement governs the use of the Zoom service and is in place to ensure compliance with all applicable University of North Carolina At Chapel Hill (UNC) security policies and standards.
ANY USER SIGNING INTO ZOOM WILL BE ASSUMED TO UNDERSTAND AND AGREE WITH THIS USER AGREEMENT AND ACCEPTABLE USAGE POLICY.
Any User who does not understand or agree with the policy should not login to the system. For clarification of policies, please contact the UNC Cancer Network at email@example.com or call 919-445-1000.
Updates to Agreement
ATS may update this User Agreement at any time and without notification to reflect its organizational needs.
Zoom is a service provided by the University of North Carolina at Chapel Hill.
Services to be provided include:
- Secure web and video conferencing.
- Prescheduled conference set up and support.
- Password protected meetings.
- Permanent personal Zoom rooms, which are always open and do not require prescheduling of conferences.
- Meeting recording.
Acceptable Usage Policy
- Use of Zoom is for the purpose of university business only.
- User will not use or present any content that is in violation of state or federal laws or UNC policies.
- When recording, it is the responsibility of the User to make all attendees aware in advance of any conference being recorded.
- Inclusion and sharing of Protected Health Information (PHI) must adhere to all HIPAA policies and guidelines.
- User must obtain consent from appropriate parties prior to including, recording, or sharing any content containing sensitive information (e.g. protected health information, intellectual property, copyright material). If needed, our Patient Release and Authorization Form and General Recording and Release Form can be downloaded from our website at https://www.med.unc.edu/it/services/lecture-capture/lcforms/.
- Any use of this service is the responsibility of the User. The UNC Lineberger Comprehensive Cancer Center will not assume responsibility for the misuse of content.
- User agrees to comply with all applicable UNC security policies and procedures.
- The UNC Lineberger Comprehensive Cancer Center will not assume responsibility for content that is reported or discovered to be in violation of any aforementioned policies or laws. Any recorded content will be removed pending review, and appropriate action taken if necessary.
Limitation of Liability
The UNC Lineberger Comprehensive Cancer Center will have no liability or responsibility in the event of any loss or interruption of the services and/or media content described within this agreement due to causes beyond its reasonable control or ability to foresee.
Denial or Termination of Service
While generally available to all UNC affiliates, the following are potential conditions that may require the denial or termination of service.
- Denial of service will be at the discretion of the UNC Lineberger Comprehensive Cancer Center Management based on the following:
- The intended use of the service by the client is not for university business.
- The intended use of the service by the client causes a situation where LCCC resources are overwhelmed technically, in terms of necessary staffing or otherwise.
- The intended use of the service by the client does not match the services that the LCCC is approved to support.
- The client has not followed through with the proper procedure for requesting the necessary service.
- The client has been previously found to be in violation of any IT policy within the university such that the action could be repeated.
- Any other reason agreed to be appropriate by LCCC IT management.
- Termination of service will be at the discretion of LCCC IT management based on the following:
- Violation of the effective User Agreement or any Service Level Agreement (SLA) in place.
- It has been determined that the client’s use of the service is matching circumstances that would have ordinarily caused a denial of service.
- The client’s use of the service is directly causing a negative impact on the quality of service for other users.
- Any other reason agreed to be appropriate by LCCC IT management.
Policy for Including Protected Health Information (PHI)
Within a Video Conference
When including patient Protected Health Information (PHI) in a video conference, you must adhere to the following measures to ensure the security of the information:
- You must have patient consent to share their information and be able to provide consent documentation if requested.
- You may not invite or include anyone in the conference with whom you do not have permission to share the patient information.
- The ability to join the conference cannot be made publicly available.
- You may not include PHI in the meeting title or in the email invitation.
- Limit your data! Only include patient information relevant to the conference meeting.
- Computers used to access conferences containing PHI should be encrypted.
- PHI will not be used for research without appropriate authorization from the Institutional Review Board.
- Emails sent to and from unc.edu email addresses are considered secure, as well as HIPAA and FERPA compliant.
- PHI, excluding scheduling information, sent to a non unc.edu email must be encrypted via the following: https://help.unc.edu/help/unc-encrypted-email/ .
- If the conference is recorded, the recording must be treated as patient record and can only be shared with anyone who has permission to view the patient information. Please make sure recipients understand that the link and password may not be forwarded.
- When sharing a recording, your Recorded Meeting Access Security Settings must be set to:
- Require users to sign in
- Prevent downloading
- Require password protection
- If you reassign your recording to another user, the user must have permission to view the patient information and be responsible for managing the recording as stated in 10 and 11 above.
UNC Security Policies and Procedures
- UNC School of Medicine, UNC Healthcare, UNC ITS Information Security & Privacy Policies
- UNC ITS Policies, Procedures and Guidelines
- UNC ITS Information Security Policy Summaries
- UNC-Chapel Hill Standard on Transmission of PHI and SI over an External Network or an Unsecure Medium
- UNC-Chapel Hill Information Security Controls Standard
- UNC-Chapel Hill Privacy of Protected Health Information Policy
- UNC-Chapel Hill Standard on HIPAA Sanctions
- UNC-Chapel Hill Employee Policies & Procedures
- UNC School of Medicine IT, Information Security & Privacy, HIPAA Security Policies
- UNC School of Medicine IT, Information Security & Privacy, HIPAA Online Training
- UNC Libraries Scholarly Communications Office – Copyright and Fair Use
- UNC School of Medicine Patient and General Recording Release Forms