Guidance for Data Protection
To ensure the protection of personal identifiable information and personal health information and to meet privacy regulation requirements (such as FERPA, HIPAA and GDPR), special care needs to be taken when using virtual meeting applications.
These guidelines apply regardless of the virtual meeting application used. Refer to GW COVID-19 for telecommuting and virtual learning resources. (e.g. Webex, Blackboard, Echo360, Jabber, Google Hangouts Meet, Microsoft Teams, Zoom).
For administrative operations and virtual learning:
- If the virtual meeting will contain content that is sensitive or includes any personal identifiable information (PII or PHI), a non-public meeting room should be used. A non-public meeting room is one where a one-time password or access code for entry into the meeting room is required; End to end encryption is strongly recommended. All available encryption and privacy modes should always be enabled.
- If the content will not include any personal identifiable information (deidentified PII or PHI or general administrative or academic content), a public meeting room can be used. For example, a Webex personal room is a public meeting room unless a password has been enabled.
- Do not allow the meeting to begin until the host joins by using a “green room” or “waiting room.”
- Monitor attendees through a dashboard – identify all generic attendees before meeting begins (e.g. Caller X). The host should pay attention to all new/late arriving attendees and ask them to identify themselves. An unauthorized attendee should be expelled or the meeting room may be locked once in progress to prohibit others from joining.
- Before anyone shares their screen, files or other content, remind them not to share sensitive or personally identifiable information during the meeting inadvertently.
- Do not record the virtual meeting unless it’s absolutely necessary (e.g. for purposes of records retention or asynchronous learning.)
- If the meeting is recorded for asynchronous learning purposes, the recording must not be shared outside of the class roster without student consent.
For telehealth activities:
HHS has issued a Notification of Enforcement Discretion for telehealth remote communications during the COVID-19 nationwide public health emergency. It is understood that some GW Clinics may seek to operate limited telehealth activities during the university’s COVID-19 operating status. When using virtual meeting applications to provide services, all state licensing requirements and regulations for health professionals must still be met. If virtual meeting applications will be used for telehealth activity, they must be through a non-public meeting room. This requires the use of a one-time password or access code for entry into the meeting room. End to end encryption is strongly recommended. All available encryption and privacy modes should always be enabled. Telehealth virtual meetings should not be recorded. Clients should be notified that the use of third-party applications may introduce potential privacy risks.
For technical assistance:
GW IT Support Center
- Phone: 202-994-4948, Email: [email protected], or http://go.gwu.edu/ithelp
- Provides instructor and student support for access issues related to Blackboard (NetID), Banner (student enrollment, faculty assignments) and email.
Instructional Technologies Lab (ITL)
- Phone: 202-994-0485 or [email protected]
- Provides instructor support on the use of Blackboard, VoiceThread, Echo360, and other instructional technologies.
School IT and Instructional Design Support teams
- Contact your department or school for school-specific support options.
2013 H Street, NW
Washington, DC 20006