April 5th, 2020

SecureVideo Updates for Enhanced Security

The following changes are being made effective immediately to the LuxSci SecureVideo service, which is build on top of Zoom for Healthcare.  These changes mitigate many of the issues discovered in the Zoom service in the past week.

NEW sessions will launch with passwords

Sessions created from now onward will open with a meeting password embedded into the launch sequence. You and your video participants will not need to know the password.

If you have participants calling into the session by telephone, they will need to enter a passcode to enter sessions now. This passcode will be displayed in the same space as the rest of the dial-in information:

 

LOCK meetings that were already scheduled

However, we unfortunately do not have a way to update meetings that were created before this update. If we are able to do this in the future, we will.

If you have already scheduled meetings (created before this update), please lock your meeting once all participants have arrived. To do this, click on “Manage Participants”, then “More”, and select “Lock Meeting”. (Only do this once ALL participants have arrived, because no one else will be able to enter afterward.)

 

Anonymizing Meeting Notifications

Scheduling confirmations, reminders, and RSVP notifications will refer to the session IDs only, and not include any participant names.

Reminder: SecureVideo only sends minimal data to Zoom

We maintain Zoom user licenses on behalf of our users, but the data is completely anonymized within Zoom’s database, based on random, 8-character alphanumeric codes. When you launch a Zoom-based SecureVideo session, you may have noticed that the Meeting Topic is set to only show the SecureVideo session ID number, and that the name of the host is “Secure User ****-****” rather than your name. That is because we do not associate that information with the Zoom license we’ve paired to your account.

This is something that we have already been doing as part of complying with the Minimum Necessary Requirement standard in the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, and the General Data Protection Regulation (GDPR), as well as the California Consumer Privacy Act (CCPA). For all data that we send to Zoom as part of making our systems work together, Zoom is still committed to protecting as under the terms of the Business Associate Agreement we have with them, which extends to all of our users on Zoom.

Fake meeting example, displaying how our anonymization appears to participants

 

In a session with two participants, we do not send Zoom the name of any participant, so no names display on the video panels. In a session with three or more participants, we currently do send Zoom the name of each participant so that participants in a group meeting can identify each other, however, in this case we are only sending the name as a text string with no other account information. (If you are an Account Administrator and would like for us to disable this for your account, so that no names appear on anyone’s video window, please contact LuxSci Support.)

 

Measures Taken by Zoom

These are extraordinary times, and although some serious issues have been raised, we credit Zoom with quickly moving to address them, as well as their commitment to improving their operations across the board and living up to the responsibility of being one of the communication backbones of the world.

 

Measures to Contain System Load, Increase System Capacity

In order to ensure the system continues to run smoothly for the SecureVideo product and its rapidly increasing user base, SecureVideo has added some system constraints. We deeply apologize for any inconvenience, and deeply appreciate your patience as we strive to serve you.

  • Feature freeze: To maintain our focus on increasing capacity and efficiency within our system, we are temporarily freezing work on SecureVideo feature requests, as well as enabling premium features for users of higher-load features such as Appointment Slots.
  • Restricting scheduling months in advance: Users with more than 75 sessions scheduled on their dashboard will be restricted to creating sessions not more than 30 days in the future. (They can still schedule sessions, as long as the session will take place within 30 days.) Once a user drops below 75 sessions on their dashboard, they can once again schedule sessions more than 30 days in the future, until the limit of 75 dashboard sessions is reached. This will reduce the load time on all dashboards across our system, but most especially for those users who reach this limit.
  • Restricting mass meeting creation: Individual users will not be able create more than 50 meetings within a single day from 12am UTC to 11:59pm UTC Here are the 4 major US time zones for quick reference:
    • Pacific Time: the day resets at 5pm (e.g., Sunday, 5pm PST to Monday, 4:59pm PST)
    • Mountain Time: the day resets at 6pm (e.g., Sunday, 6pm PST to Monday, 5:59pm PST)
    • Central Time: the day resets at 7pm (e.g., Sunday, 7pm CST to Monday, 6:59pm CST)
    • Eastern Time: the day resets at 8pm (e.g., Sunday, 8pm EST to Monday, 7:59pm EST)

Similar Posts:

    None Found

Leave a Comment


You must be connected or logged in to post a comment. This is to reduce spam comments.

If you have not previously commented, you can connect using existing social media account, or register with a new username and password.

LUXSCI