BlueJeans provides a cloud-based audio/video/content-sharing conferencing service. The service is vendor-agnostic and allows up to 100 endpoints to connect for a meeting. An endpoint can be a room telepresence system, laptop, tablet, smartphone, or standard telephone (audio-only connection). BlueJeans supports high-resolution video conferencing (720p), high-resolution content sharing (up to 1080p), and real-time video sharing. Live chat is available during meetings. U-M's current contract with BlueJeans enables all U-M faculty and staff to register for a BlueJeans User Account. This contract ends on May 31, 2017.
BlueJeans collects and maintains data related to the date, time, and attendees of a meeting. Actual video or audio content is only stored by BlueJeans when the meeting host turns on the recording feature.
U-M's agreement with BlueJeans includes a Business Associate Agreement. This means individuals may use this service to share Protected Health Information (PHI) regulated by HIPAA. Complying with HIPAA's requirements is a shared responsibility. Users sharing and storing PHI in BlueJeans are responsible for complying with HIPAA safeguards, including:
- Using and disclosing only the minimum necessary PHI for the intended purpose.
- Obtaining all required authorizations for using and disclosing PHI.
- Ensuring that PHI is seen only by those who are authorized to see it.
- Obtaining all necessary data-sharing agreements and Business Associate Agreements for using and disclosing PHI.
- Following any additional steps required by your unit to comply with HIPAA.
Important considerations when sharing sensitive data:
- Recording. Do not use the recording feature unless it is required for a specific institutional purpose and you have obtained permission from all participants.
- Encryption. Enable end-to-end encryption. In the Schedule Meeting form, click Advanced Meeting Options. For details, search the BlueJeans Knowledgebase for "enabling encryption."
Important considerations when sharing PHI:
- Meetings that involve PHI, unless conducted via phone, must be set up with encryption.
- Recordings of meetings that involve PHI must be stored either in BlueJeans; on a secure, encrypted computing device; or in a file storage service approved for PHI.
- When sharing recordings in BlueJeans that contain PHI, use the Enterprise Level sharing option to ensure that access is limited to appropriate individuals.
- For use in telemedicine or telehealth, you must consult the eHealth Center at 734-647-3089 or the Michigan Medicine internal website.
BlueJeans does not comply with some regulatory requirements for specific types of sensitive data. Among the types of information that may not be maintained, shared, or processed when using BlueJeans are:
- Export Controlled Research. This is because BlueJeans cannot ensure that only U.S. persons have access to or maintain its systems.
- Data regulated by the Federal Information Security Management Act (FISMA). This is because BlueJeans does not have documentation or certification that demonstrates FISMA compliance. Note that this means you cannot use Blue Jeans with PHI regulated by FISMA, that is, PHI received or owned by the federal government, such as the Centers for Medicare & Medicaid Services (CMS) and Veterans Affairs (VA) data.