Any user signing into UNC School of Medicine Webex will be assumed to understand and agree with the user agreement and PHI Video Conferencing Policy.
UNC School of Medicine IT
Academic Technology Services
User Agreement and Acceptable Usage Policy for UNC School of Medicine Webex
Effective November 12, 2018
Acceptance of Agreement
Webex is a web and video conferencing service provided by the UNC School of Medicine IT (SOM IT), Academic Technology Services (ATS). This agreement governs the use of the Webex service and is in place to ensure compliance with all applicable University of North Carolina At Chapel Hill (UNC) security policies and standards.
ANY USER SIGNING INTO WEBEX WILL BE ASSUMED TO UNDERSTAND AND AGREE WITH THIS USER AGREEMENT AND ACCEPTABLE USAGE POLICY.
Any User who does not understand or agree with the policy should not login to the system. For clarification of policies, please submit a ticket to Academic Technology Services (select “Report a Video Conferencing Issue” from the “How can we help you?” field) or call 919-843-9086.
Updates to Agreement
ATS may update this User Agreement at any time and without notification to reflect its organizational needs.
Webex is a service provided by ATS for the UNC School of Medicine.
Services to be provided include:
- Secure web and video conferencing and telepresence.
- Prescheduled conference set up and support.
- Password protected meetings.
- Permanent personal Webex rooms, which are always open and do not require prescheduling of conferences.
- Meeting recording and secure streaming playback.
Acceptable Usage Policy
- Use of Webex is for the purpose of university business only.
- User will not use or present any content that is in violation of state or federal laws or UNC policies.
- When recording, it is the responsibility of the User to make all attendees aware in advance of any conference being recorded.
- Inclusion and sharing of Protected Health Information (PHI) must adhere to all HIPAA policies and guidelines.
- User must obtain consent from appropriate parties prior to including, recording, or sharing any content containing sensitive information (e.g. protected health information, intellectual property, copyright material). If needed, our Patient Release and Authorization Form and General Recording and Release Form can be downloaded from our website at https://www.med.unc.edu/it/services/lecture-capture/lcforms/.
- Any use of this service is the responsibility of the User. SOM IT will not assume responsibility for the misuse of content.
- User agrees to comply with all applicable UNC security policies and procedures.
- SOM IT will not assume responsibility for content that is reported or discovered to be in violation of any aforementioned policies or laws. Any recorded content will be removed pending review, and appropriate action taken if necessary.
Limitation of Liability
SOM IT will have no liability or responsibility in the event of any loss or interruption of the services and/or media content described within this agreement due to causes beyond its reasonable control or ability to foresee.
Denial or Termination of Service
While generally available to all UNC affiliates, the following are potential conditions that may require the denial or termination of service.
- Denial of service will be at the discretion of SOM IT Management based on the following:
- The intended use of the service by the client is not for university business.
- The intended use of the service by the client causes a situation where SOM IT resources are overwhelmed technically, in terms of necessary staffing or otherwise.
- The intended use of the service by the client does not match the services that ATS is approved to support.
- The client has not followed through with the proper procedure for requesting the necessary service.
- The client has been previously found to be in violation of any IT policy within the university such that the action could be repeated.
- Any other reason agreed to be appropriate by SOM IT management.
- Termination of service will be at the discretion of SOM IT management based on the following:
- Violation of the effective User Agreement or any Service Level Agreement (SLA) in place.
- It has been determined that the client’s use of the service is matching circumstances that would have ordinarily caused a denial of service.
- The client’s use of the service is directly causing a negative impact on the quality of service for other users.
- Any other reason agreed to be appropriate by SOM IT management.
Policy for Including Protected Health Information (PHI)
Within a Video Conference
When including patient Protected Health Information (PHI) in a video conference, you must adhere to the following measures to ensure the security of the information:
- You must have patient consent to share their information and be able to provide consent documentation if requested.
- You may not invite or include anyone in the conference with whom you do not have permission to share the patient information.
- The ability to join the conference cannot be made publicly available.
- You may not include PHI in the meeting title or in the email invitation.
- Limit your data! Only include patient information relevant to the conference meeting.
- Computers used to access conferences containing PHI should be encrypted.
- PHI will not be used for research without appropriate authorization from the Institutional Review Board.
- Emails sent to and from unc.edu email addresses are considered secure, as well as HIPAA and FERPA compliant.
- PHI, excluding scheduling information, sent to a non unc.edu email must be encrypted via the following: https://help.unc.edu/help/unc-encrypted-email/ .
- If the conference is recorded, the recording must be treated as patient record and can only be shared with anyone who has permission to view the patient information. Please make sure recipients understand that the link and password may not be forwarded.
- When sharing a recording, your Recorded Meeting Access Security Settings must be set to:
- Require users to sign in
- Prevent downloading
- Require password protection
- If you reassign your recording to another user, the user must have permission to view the patient information and be responsible for managing the recording as stated in 10 and 11 above.
UNC Security Policies and Procedures
- UNC School of Medicine, UNC Healthcare, UNC ITS Information Security & Privacy Policies
- UNC ITS Policies, Procedures and Guidelines
- UNC ITS Information Security Policy Summaries
- UNC-Chapel Hill Standard on Transmission of PHI and SI over an External Network or an Unsecure Medium
- UNC-Chapel Hill Information Security Controls Standard
- UNC-Chapel Hill Privacy of Protected Health Information Policy
- UNC-Chapel Hill Standard on HIPAA Sanctions
- UNC-Chapel Hill Employee Policies & Procedures
- UNC School of Medicine IT, Information Security & Privacy, HIPAA Security Policies
- UNC School of Medicine IT, Information Security & Privacy, HIPAA Online Training
- UNC Libraries Scholarly Communications Office – Copyright and Fair Use
- UNC School of Medicine Patient and General Recording Release Forms