At the beginning of 2020, the video-conferencing platform Zoom was seeing 200 million daily meeting participants on average. That was before Covid-19 struck. Now, with remote workers becoming the norm, Zoom and other virtual meeting tools have become as much a part of the workday as email.
"When we were suddenly forced to work from home, it was baptism by fire," says Nic Cofield with Jackson Thornton Technologies, about using technology to replace face-to-face meetings. But adapting to virtual methods for interacting with entire workforces has opened vulnerabilities for data leaks and access that healthcare organizations have not had to deal with before. Fortunately, online meeting tools, like Zoom and Microsoft Teams, not only provide encrypted transmissions, but also secure options that users need to be aware of.
"You don't want anybody who just happens to have the link come into the room," Cofield says. "Like with any technology, the more you open it up to use, the more risk you create. You want some checks and balances in place." One safeguard is to require employees who plan to hold a virtual meeting to notify the organization's IT department or provider, so they can verify that the process being used will control and authenticate the participants and data, especially for meetings where attendees don't personally know each other.
The first level of security is obvious. Everyone must use a password provided by the facilitator to access the meeting. "It's not the strongest security protocol, but it presents another layer of protection," Cofield says. Unfortunately, many participants skip this when inviting people they know, such as coworkers.
Next, set up a virtual waiting room, where participants who connect in must get the facilitator's permission to join the meeting. This bars some of the biggest security intrusions, like the hijacking of links. "As a facilitator, I want people to wait, and if I don't recognize a name or a phone number of someone, I don't let them in," Cofield says. "It should be very clear to me who that person is." If it's not, use the chat option to converse with them and verify their identity.
The chat room feature in both Zoom and Microsoft Teams can be useful during the meetings as well. "I find it helpful as a facilitator if there is a lot of conversation going on and I want to ask a question," Cofield says. "I can go into chat and reach the entire group without creating additional noise in the room."
The function also allows the facilitator private, one-on-one connections with participants, such as keeping the conversation going by quietly requesting someone comment on their experience, or to please mute their microphone when someone else is speaking, or a reminder that they are on camera.
Forgetting how visible they are is fairly common among those new to virtual meetings. Participants have not only taken their computer to the bathroom--having carefully muted their microphone, but not covered their webcam--but accidentally opened another pathway for data exposure. "You have to be cognizant of your surroundings," Cofield says. "Make sure you know what's behind you. Notes, memos, or charts could be hanging on the wall or a screen could be showing patient information on the desk.
"This is easy to solve by with the blurring option available in most virtual meeting apps. When I log in, I can see a preview of what I look like to others. Using the blur tool, I can see the only thing clear is going to be my face."
The same awareness should be applied to the participant's desktop, if it is going to be part of a presentation. "There have been interesting reports of professors doing virtual lectures, and students noticing things on their computer that probably should not be there," Cofield says. "If you are coming into a meeting to talk about a topic, make sure the only things open on your desktop are items related to that topic. That includes the screen saver. People could be sharing proprietary information without knowing it."
The point is that medical practices should set procedure to cover all virtual meetings, working with IT support to lay out the security protocol and making sure that procedures are clearly established and regularly reviewed, which should result in meetings that work well for the participants and keep sensitive data secure.