25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Is Zoom HIPAA Compliant?

Posted By on Jan 15, 2026

Zoom is HIPAA compliant provided organizations subscribe to a Zoom business account with the appropriate security controls, enter into a Business Associate Agreement with Zoom, configure the platform correctly, and ensure it is used compliantly.

Zoom is a popular video and web conferencing platform that has been adopted by more than 150,000 businesses but is the service suitable for use by healthcare organizations for sharing PHI. Is Zoom HIPAA compliant?

What is Zoom?

Zoom is a cloud-based video and web conferencing platform that allows workers across multiple locations to take part in meetings, share files, and collaborate. The platform supports webinars and includes a business IM service.

Zoom has already been adopted by many healthcare organizations around the globe who use the platform to consult with other providers and communicate with patients. However, in the United States, healthcare providers, health plans, and healthcare clearinghouses (collectively “HIPAA-covered entities”) using the platform must comply with HIPAA.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Any software solution used to share patient information must incorporate security protections to ensure protected health information (PHI) is safeguarded. Further, cloud-based platform providers (i.e. in this case Zoom) are classed as business associates and are also required to comply with HIPAA if their platforms are to be used to share PHI.

Zoom and HIPAA Compliance

As a business associate, Zoom would be required to enter into a contract with a HIPAA-covered entity before its service can be used to share PHI. That contract – a Business Associate Agreement – serves as a confirmation that Zoom is aware of its responsibilities with regard to the privacy and security of PHI.

Zoom is prepared to sign a business associate agreement with healthcare organizations for selective plans and has ensured that its platform incorporates all of the necessary security controls to meet the strict requirements of HIPAA.

In April 2017 Zoom announced that it had launched the first scalable cloud-based telehealth service for the healthcare industry. Zoom for Telehealth (now Zoom Workplace for Healthcare) allows enterprises and providers to communicate easily with other organizations, care teams, and patients in a HIPAA-compliant manner.

The service incorporates access and authentication controls, all communications are secured with end-to-end AES-256-bit encryption, and the platform integrates with the Epic electronic health record system to support healthcare workflows.

In 2022, Zoom announced that it has partnered with a global telehealth integrator and that its platform has been further enhanced to support full enterprise healthcare workflows.

In 2023, Zoom added an AI Companion to all subscription tiers. Please note that some AI features are automatically disabled when a covered entity signs a Business Associate Agreement.

Is Zoom HIPAA Compliant?

Zoom is a HIPAA-compliant web and video conferencing platform that is suitable for use in healthcare, provided a HIPAA-covered entity enters into a business associate agreement with Zoom prior to using the platform and uses the platform compliantly (i.e. adhering to the HIPAA Minimum Necessary Standard).

It is still possible for HIPAA Rules to be violated using the platform, so users must be aware of their responsibilities with respect to patient privacy, and only share or communicate PHI with individuals authorized to receive the information. It is the responsibility of the covered entity to ensure Zoom is used correctly and HIPAA Rules are always followed.

FAQs

Who uses Zoom in the healthcare industry?

Zoom is used in the healthcare industry by healthcare professionals to connect with patients, collaborate with colleagues, and host healthcare-related virtual events. The dedicated Zoom for Healthcare platform also allows covered entities to build custom integrations in order to automate clinical and administrative workflows.

What responsibilities do HIPAA-covered entities have when using Zoom?

The responsibilities HIPAA-covered entities have when using Zoom to share or disclose PHI include configuring the platform in compliance with the Security Rule, training staff on the platform’s compliant use, and entering into a Business Associate Agreement with Zoom Video Communications Inc. (Note: Zoom has a standard Business Associate Agreement for all covered entities. Covered entities cannot use their own Business Associate Agreement).

Has Zoom taken any specific actions to ensure HIPAA compliance?

With regards to what specific actions Zoom has taken to ensure HIPAA compliance, Zoom recently published a HIPAA Compliance Guide that lists selected standards of the HIPAA Security Rule and describes how the platform complies with them. In its Business Associate Agreement, Zoom attests to using reasonable and appropriate safeguards to prevent inappropriate uses and disclosures of PHI […] and to comply with the applicable requirements of 45 CFR Part 164 Subpart C (the HIPAA Security Rule).

What specific features does Zoom Workplace for Healthcare offer?

Specific features that Zoom Workplace for Healthcare offers include access and authentication controls, event logs, and end-to-end AES-256-bit encryption. The platform allows healthcare organizations to build custom integrations in order to automate clinical and administrative workflows. It also integrates seamlessly with the Epic electronic health record system.

Can the HIPAA rules still be violated when using Zoom?

The HIPAA rules can still be violated when using Zoom if the platform is not configured correctly or if users violate HIPAA Privacy Rule standards while using Zoom by (for example) disclosing more than the minimum necessary PHI or disclosing PHI to an unauthorized person. For this reason, it is important when communicating with a patient to verify the identity of the patient before disclosing PHI.

Whose responsibility is it to ensure that Zoom is used correctly for HIPAA compliance?

It is the responsibility of the Security Officer and Privacy Officer to ensure that Zoom is used correctly for HIPAA compliance. The Security Officer is responsible for ensuring the platform is configured correctly, while the Privacy Office is responsible for ensuring authorized members of the workforce use the platform in compliance with the HIPAA Privacy Rule.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist