2020-04-02

Virtual Collaboration and Care - Zoom Concerns?

We've previously posted about secure virtual collaboration and care supports provided to AHS clinicians, recently extended as part of our COVID-19 response.

Clinicians may worry about reports of possible security problems with videoconferencing services. Hijacking (e.g., "ZoomBombing") is reported with a variety of meeting technologies, more now that use is massively increased as part of social distancing and remote work.

AHS clinicians making use of AHS Zoom can be reassured. The enterprise version of Zoom licensed and deployed by AHS differs from the (free) public instance. AHS Zoom has passed a detailed internal security review and satisfies Canadian and international security standards, federal legislation and best practices for business and healthcare. AHS is an experienced enterprise health Zoom user.

Currently, AHS Zoom supports clinician-clinician and clinician-patient communication. Recording is not allowed, "meetings" are closed by default, and no information is stored or exchanged with other systems. AHS Zoom will be integrated with the Connect Care clinical information system; subject to further privacy reviews and protections.

It is important for clinician-users to appreciate and take advantage of provided protections:
  • Do not use public (free) Zoom accounts for clinical purpose; instead use the AHS Zoom private service or another AHS-approved service (e.g., Skype for Business, Telehealth).
  • Do not publish meeting links or IDs and do not use personal IDs for open meetings.
  • Limit meeting identifier sharing to planned participant(s) who are informed via AHS secure email or an equivalently private means (e.g., direct communication with patient).
  • Do not include identifiable patient information in meeting invitations, however communicated.
  • Confirm attendees and identities when commencing a meeting.
  • Limit screen-sharing and video-sharing to the presenter/host or person(s) explicitly approved by the presenter/host.
  • When running larger meetings, take advantage of scheduling features like forced registration, required logon, meeting locks, or waiting rooms to confirm intended attendees.
  • Adhere to secure communications legislation, organizational policies, communication normsbest practices and tips