What are some best practices for recording individuals in a meeting?

At Indiana University, more and more staff and faculty are needing to work from home or another remote location. In this environment, recording virtual meetings can be a valuable tool. However when sensitive information is involved, it’s crucial to approach recording with caution and respect for privacy and confidentiality.


If you plan to record a virtual meeting that involves protected health information (PHI), you must use either Zoom Health or a secure Microsoft Team requested via the Institutional storage request form option. These tools meet certain requirements established in the HIPAA Security Rule and enabling its use for work involving PHI at IU. If you wish to record content of a meeting with another product, the following criteria must be met:

  1. In accordance with University policy DM-02: Disclosing Institutional Information to Third Parties, products need to have gone through Software and Services Selection Process and Third-Party Assessment (IU Login required for both links) to be cleared to collect institutional data.
  2. Products must notify meeting participants, or meeting hosts must share their plans to record at the start of the meeting and in the meeting agenda as well.
  3. If a meeting containing PHI is transcribed or recorded, the resulting file must follow storage and retention guidelines for sensitive data. For more information, please see the Critical Data Guide.
  4. Meeting hosts should know all attending their meetings, and what system security settings are in place to ensure that only those who need to know are able to access the information recorded in a virtual meeting.