It was discovered that some of the information about Zoom on the safecomputing.unc.edu website was incorrect and may have caused some confusion as to whether sensitive information is allowed to be used in Zoom or not. In addition to updating the safecomputing.unc.edu Zoom page, it is hoped that this message will help clarify things.
FERPA data is allowed in Zoom. You can discuss student information, teach classes, etc. This link on the Keep Teaching site is an excellent reference for using Zoom in the classroom: https://keepteaching.unc.edu/2020/03/zoom-session-security-features/
HIPAA information, PHI, IIHI, PII, and other Tier 3 or IRB Level III information is allowed in Zoom, but you must use a HIPAA enabled Zoom subaccount. The HIPAA enabled Zoom subaccounts are encrypted end-to-end and do not allow recording of sessions in Zoom’s cloud environment. Please contact your local IT support to request access to your department’s appropriate subaccount.
For departments that need to obtain a HIPAA enabled subaccount: HIPAA enabled subaccounts are requested through Software Acquisitions and must be created and configured by Zoom support. It generally takes 3 to 4 days to create one but may take longer the current virus situation. If you expect that PHI/HIPAA data will be in scope during a Zoom session, you should have a HIPAA enabled subaccount created.
More information can be found at: https://software.sites.unc.edu/zoom/ and https://software.sites.unc.edu/unc-ch-zoom-campus-partnership/.
IRB Level II information can be used in the standard Zoom account.
Finally, SSNs and PCI/Credit Card information have not been approved for use in Zoom.