Soon after the emergence of the COVID-19 health emergency, FORUM implemented secure Zoom videoconference platforms for arbitration hearings and mediation sessions. Within the first several months of this implementation, our organization has hosted nearly 5,000 ADR proceedings on this platform.
FORUM'S custom implementation of Zoom videoconference technology exceeds the data security and privacy specifications of The Health Insurance Portability and Accountability Act (HIPAA). In order to accomplish this heightened level of data protection, FORUM has employed the following measures and settings:
- Data connections utilize TLS 1.2 encryption and PKI Certificates issued by a trusted commercial certificate authority.
- Data in motion is encrypted at the application layer using Advanced Encryption Standard (AES) with a 256-bit key securely distributed to all participants at the start of each session.
- The meeting host can remove attendees, terminate meeting sessions, or lock a meeting in progress.
- Meeting access is password protected and the meeting host individually admits participants from a virtual waiting room.
- Scheduled hearings are not publicly listed.
- Cloud recording of ADR sessions is disabled.
- Encrypted chat is enabled so that no staff at Zoom has access to the contents of chat sessions.
- Meeting hosts must log in to Zoom using a unique email address and account password.
- Access to screen sharing of documents, etc. is disabled by default and, when enabled, is controlled by the ADR neutral.
Parties, representatives, and neutrals involved in FORUM ADR proceedings do not need to take any action in order to benefit from this enhanced level of data protection. All ADR proceedings hosted on FORUM custom Zoom platforms are protected, and at no extra cost to parties.
In addition, both FORUM and Zoom are SOC 2 audited organizations. A SOC 2 report provides third-party assurance that our internal processes and controls meet the strict audit requirements set forth by the American Institute of Certified Public Accountants (AICPA) standards for data security.