Harvard HIPAA Zoom: How to Get Access and Set It Up

Harvard HIPAA Zoom provides a locked-down Zoom environment designed for activities that may involve Protected Health Information. This guide walks you through eligibility, access, HarvardKey Authentication, Zoom Account Configuration, and best practices to run HIPAA-Compliant Telehealth sessions and other PHI-related meetings.

Verify Harvard Affiliation

First confirm that you are an active Harvard community member or sponsored affiliate whose role requires PHI access for clinical education, research, patient support, or administrative functions. Eligibility is typically limited to users with documented business needs.

• Confirm your active status with your school or unit (faculty, staff, student employee, researcher, or sponsored affiliate).
• Ensure you have a working HarvardKey and two-step verification; you will use HarvardKey Authentication to sign in.
• Check with your local security or compliance contact that your work involves PHI and that required training is current.
• Collect justification artifacts (e.g., project description, protocol or program details) that explain why HIPAA features are required.

Access Zoom for Harvard

Harvard supports Zoom via single sign-on. Use your institutional SSO route rather than creating or using a personal Zoom account. This avoids account conflicts and ensures you inherit Harvard-managed security controls.

• Always choose “Sign in with SSO” when accessing Zoom on the web or in the desktop/mobile app.
• If you already have a non-Harvard Zoom, do not merge it; keep personal and institutional accounts separate.
• After SSO, your account will reflect Harvard-managed settings. If you need the HIPAA subset, placement occurs after approval.

Sign In with HarvardKey

All users authenticate with HarvardKey to ensure consistent identity and policy enforcement.

• Open Zoom and select “Sign in with SSO.”
• Complete HarvardKey Authentication with your credentials and two-step verification.
• On first sign-in, review any prompts to accept Harvard usage terms before proceeding.

Configure Zoom Profile

Complete your Zoom Account Configuration so meetings reflect your identity while minimizing risk of exposing PHI outside intended participants.

• Use your official name and Harvard email in Profile. Avoid including PHI or sensitive details in your display name or profile picture.
• Time zone, language, and meeting preferences should match your typical work schedule to reduce scheduling errors.
• Security defaults: require a passcode, enable Waiting Room, and turn off “Join before host.” Use “Only authenticated users can join” when appropriate.
• Disable features that could leak data: restrict file transfer, disable auto-saving chat, and limit whiteboard or annotation content when PHI is discussed.
• Recording: follow your unit’s policy. Cloud recording is often restricted in HIPAA environments; record only when authorized and store per policy.
• Data Encryption Standards: ensure encrypted connections are enforced. End-to-end encryption may limit certain features; use it only if approved for your use case.

Request HIPAA Compliance

If your work involves PHI, request placement into the HIPAA-enabled Zoom environment. Harvard IT validates need and enables the configuration that aligns with institutional safeguards.

• Submit a request to IT Service Desk Support stating your role, school/unit, business need for PHI, and any related program or protocol details.
• Your request may be reviewed by local security/compliance. They confirm appropriate agreements (such as a Business Associate Agreement) and required training.
• If you already have a standard Harvard Zoom, migrating to the HIPAA configuration may change available features and storage options.
• You will be notified when your account is enabled; sign out and back in to apply the new settings.

Download Zoom Client

Use the most current Zoom desktop and mobile apps to benefit from security updates and the latest policy controls.

• Install official Zoom clients from approved Harvard or vendor sources; avoid unverified download sites.
• Enable automatic updates where permitted, or follow your IT-managed update process.
• After installation, sign in with SSO and verify that security options match your HIPAA-enabled settings.

Host HIPAA-Compliant Meetings

Apply meeting controls that protect confidentiality and limit data exposure during HIPAA-Compliant Telehealth and other PHI-related sessions.

• Scheduling: use a unique meeting ID, set a strong passcode, require authentication when feasible, and enable the Waiting Room. Do not place PHI in the meeting title or invitation.
• Invites: send only necessary details. Share PHI verbally during the session rather than in calendar notes, chat, or file transfers.
• Before start: admit only expected participants, verify identities, and lock the meeting when everyone is present.
• During session: share only the specific window or document required; avoid displaying unrelated patient data. Limit chat to logistics and disable file transfer if not needed.
• Recording: record only if policy allows, obtain required consent, and store per approved retention pathways. Never store recordings containing PHI on personal devices or consumer cloud drives.
• After session: end the meeting for all, review access logs as needed, and retain artifacts solely in sanctioned systems.
• Governance: follow Harvard guidance on Data Encryption Standards and rely on institutional agreements and controls rather than ad hoc settings.

In summary, confirm eligibility, sign in with HarvardKey, complete prudent Zoom Account Configuration, request HIPAA activation through IT Service Desk Support, use current clients, and enforce strict meeting controls. Together these steps help safeguard Protected Health Information while enabling effective collaboration.

FAQs

How do I verify eligibility for Harvard HIPAA Zoom access?

Confirm you are an active Harvard community member or sponsored affiliate whose role requires PHI access. Check with your school or unit’s security/compliance contact to validate need and training, then proceed with a request through IT Service Desk Support if HIPAA features are necessary.

What is the process to request a HIPAA-compliant Zoom account?

Submit a ticket to IT Service Desk Support describing your role, school/unit, the business need to handle PHI, and any program or protocol details. Your request is reviewed for policy alignment and appropriate agreements (e.g., a Business Associate Agreement). Once approved, your account is placed in the HIPAA-enabled configuration.

How do I configure my Zoom profile after signing in?

After HarvardKey Authentication, set your official name and email, verify time zone, and enable security defaults: passcode, Waiting Room, and host controls. Limit features that could expose data (file transfer, chat saving) and follow unit policy on recordings and Data Encryption Standards.

How can I contact Harvard IT for Zoom support?

Use IT Service Desk Support to open a ticket for access requests, configuration help, or troubleshooting. Include your Harvard affiliation, a concise description of the issue, and whether it involves HIPAA settings to ensure proper routing.