Share this article on:
Zoom is a popular video and web conferencing platform that has been adopted by more than 750,000 businesses, but is the service suitable for use by healthcare organizations for sharing PHI. Is Zoom HIPAA compliant?
What is Zoom?
Zoom is a cloud-based video and web conferencing platform that allows workers across multiple locations to take part in meetings, share files, and collaborate. The platform supports webinars and includes a business IM service.
Zoom has already been adopted by many healthcare organizations around the globe who use the platform to consult with other providers and communicate with patients. However, in the United States, healthcare providers must comply with HIPAA Rules.
Any software solution must incorporate a host of security protections to ensure protected health information (PHI) is safeguarded. Further, cloud-based platform providers are classed as a business associates and are also required to comply with HIPAA Rules if their platforms are to be used in conjunction with PHI.
Zoom and HIPAA Compliance
As a business associate, Zoom would be required to enter into a contract with a HIPAA covered entity before its service can be used with ePHI. That contract – a Business Associate Agreement – serves as a confirmation that Zoom is aware of its responsibilities with regards to the privacy and security of PHI.
Zoom is prepared to sign a business associate agreement with healthcare organizations and has ensured that its platform incorporates all of the necessary security controls to meet the strict requirements of HIPAA.
In April 2017 Zoom announced that it had launched the first scalable cloud-based telehealth service for the healthcare industry. Zoom for Telehealth allows enterprises and providers to communicate easily with other organizations, care teams, and patients in a HIPAA compliant manner.
The service incorporates access and authentication controls, all communications are secured with end-to-end AES-256 bit encryption, and the platform integrates with the Epic electronic health record system to support healthcare workflows.
This year Zoom announced that it has partnered with a global telehealth integrator and that its platform has been further enhanced to support full enterprise healthcare workflows.
Is Zoom HIPAA Compliant?
Zoom is a HIPAA compliant web and video conferencing platform that is suitable for use in healthcare, provided a HIPAA-covered entity enters into a business associate agreement with Zoom prior to using the platform.
It is still possible for HIPAA Rules to be violated using the platform so users must be aware of their responsibilities with respect to patient privacy, and must only share or communicate PHI with individuals authorized to receive the information. It is the responsibility of the covered entity to ensure Zoom is used correctly and HIPAA Rules are always followed.