zoom

Is Zoom HIPAA compliant?

Zoom is the premier tele-conferencing application on the market. They are the #1 customer rated application and their product certainly reflects that. Their application includes: HD meetings, workspaces, a cloud-based phone system, as well as full integration with many of the apps your business is currently using. Zoom is already partnered with many large hospital systems, and can be utilized by any company who needs a HIPAA compliant teleconferencing application.

zoom

Is Zoom HIPAA Compliant? A Few Things You Need To Know

Zoom is an advanced video-conferencing application that is used the world over to manage businesses, offer online education, and even offer healthcare. You may wonder if Zoom is HIPAA compliant because of how the program works. We all know that HIPAA rules are very strict, and you must take a few steps if you want to use HIPAA correctly as a health professional. The tips listed below show what can be done if you want to use Zoom properly, and you should avoid any medical office or doctor who does not take the appropriate steps to protect your privacy.


HIPAA Privacy Rules


When you are using Zoom, a unique relationship is created. Zoom is considered a business associate of the patient. The doctor or health professional is sharing private health information over Zoom, and that makes Zoom the partner of the patient. The doctor must ensure that Zoom is doing all that can be done to ensure the privacy of their patients. The doctor or medical office must be responsible for the security that patients expect to be provided.


No doctor should ever ask you to research Zoom or learn about how HIPAA works. If your personal information is shared on an unsecured line, the doctor or medical office has done wrong. This means that you should ask the doctor if they feel safe using a video conferencing app like Zoom. If they are not, you need to find something else.


Part of this process requires the doctor or medical office to obtain assurances that Zoom is not storing any private information, that Zoom has secured its video channels, and that Zoom is willing to abide by established HIPAA rules. If Zoom cannot do that, the doctor should not use Zoom.


Because of these rules, Zoom has said that it is willing to sign a “Business associate agreement” with any patient who uses their platform. This means that Zoom is willing to stand behind their security policies so that you can receive the medical care that you need. Zoom has taken all the steps needed to be HIPAA compliant, and they are continually improving their platform to ensure that they can give patients the security that is needed.


What Is The Security Rule?


Zoom has to meet the requirements of the HIPAA security rule, and they must go through several steps in order to do that. Zoom is HIPAA compliant, but they have gone through technical, administrative, and physical steps to ensure that their platform is safe. They are providing a confidential service that has the highest levels of integrity and availability. HIPAA requires that partners like Zoom provide a quality service that is safe. Zoom has met these requirements, and these will continue to meet those requirements they are updating their systems every day.


Zoom HIPAA compliance is very important because it is the only way you can safely receive the medical care you need. HIPAA compliance video conferencing only works when you have communicated with Zoom about how they meet HIPAA security requirements.


What Did Zoom Actually Do To Meet HIPAA Requirements?


  • Zoom uses authentication measures that verify every person on the platform. The program uses authentication procedures to ensure that electronic protected health information is safe.
  • Zoom shows that they are using two different kinds of authentication that are called OAuth 2.0 and JSON Web Tokens.
  • OAuth is used for user content, and the web tokens are used for server-to-server communication.
  • Zoom uses access measure controls. The Security Rule requires these controls, and it controls who can use information that has been shared. This is important because only people who need to see the content can view it.
  • Zoom also uses end-to-end encryption to ensure that only the users on both ends can see the data that is shared. This means that only people who are authorized on the call can see what has been shared.
  • There is also a setting that will require encryption for third party endpoints if they are used during the call.



What Else Does Zoom Do To Keep You Safe?


When you are working with Zoom to get your healthcare, you will sign their Business Associate Agreement that allows them to give you the encryption and security that you need. You, however, might want to know what else has been done to protect. When you sign this agreement, you will get all these security features:


  • Cloud recording is disabled for all calls because the calls cannot be stored and information from those calls cannot be kept once the call is over.
  • You will enable encrypted chat. This is important because you do not want to expose any of your information to people who have broken into your chats. This is how HIPAA ensures that your information is not shared in any way.
  • You can require third party encryption to ensure that anyone else who joins the call has their information encrypted. This might be necessary if two therapists or two specialists are on the same call. You cannot see your doctor and a specialist in the same office, but you can see them on the same video call.
  • All text messages in the call will be encrypted.
  • Offline messages will be available to read only after you have used the cryptographic key exchange.



Conclusion: Zoom is HIPAA Compliant


You can use Zoom at any time to get the medical care that you need because it is safe to use and encrypted properly. Zoom HIPAA compliance is important for you because it is the only way you can remain safe while receiving the medical care you need. You should ask Zoom to sign a Business Associate Agreement, and you will get HIPAA compliance video conferencing that allows you to meet with specialists, doctors, therapists, and other medical professionals.


Ensure your company is HIPAA compliant with Accountable.

Join the thousands of companies who trust Accountable with their HIPAA compliance.