Policy for
Including Protected Health Information (PHI)
Within a Video Conference

When including patient Protected Health Information (PHI) in a video conference, you must adhere to the following measures to ensure the security of the information:

  1. You must have patient consent to share their information and be able to provide consent documentation if requested.
  2. You may not invite or include anyone in the conference with whom you do not have permission to share the patient information.
  3. The ability to join the conference cannot be made publicly available.
  4. You may not include PHI in the meeting title or in the email invitation.
  5. Limit your data! Only include patient information relevant to the conference meeting.
  6. Computers used to access conferences containing PHI should be encrypted.
  7. PHI will not be used for research without appropriate authorization from the Institutional Review Board.
  8. Emails sent to and from unc.edu email addresses are considered secure, as well as HIPAA and FERPA compliant.
  9. PHI, excluding scheduling information, sent to a non unc.edu email must be encrypted via the following: https://help.unc.edu/help/unc-encrypted-email/ .
  10. If the conference is recorded, the recording must be treated as patient record and can only be shared with anyone who has permission to view the patient information. Please make sure recipients understand that the link and password may not be forwarded.
  11. When sharing a recording, your Recorded Meeting Access Security Settings must be set to:
    1. Require users to sign in
    2. Prevent downloading
    3. Require password protection
  12. If you reassign your recording to another user, the user must have permission to view the patient information and be responsible for managing the recording as stated in 10 and 11 above.