Blog

Is Zoom HIPAA Compliant?

Compliant Tools
April 16, 2020
Is Zoom HIPAA compliant? Yes—but only if healthcare providers sign a Business Associate Agreement. Learn how Zoom meets HIPAA security standards for encrypted video conferencing.

Is Zoom HIPAA Compliant?

A Few Things You Need To Know

Zoom is an advanced video-conferencing application that is used all over the world to manage businesses, offer online education, and even provide healthcare services. You may wonder if Zoom is HIPAA compliant because of how the program works. We all know that HIPAA’s requirements are very strict, and you must take a few steps if you want to use HIPAA correctly as a health professional. The tips listed below show what must be done if you want to use Zoom in a HIPAA compliant manner. This should also serve as a reminder to avoid any medical office or doctor who does not take the appropriate steps to protect your privacy.

HIPAA Privacy Rules

When you are using Zoom, a unique relationship is created. Zoom is considered a business associate since the doctor or health professional is likely sharing protected health information (PHI) through Zoom. This exchange makes Zoom the partner of the covered entity in this situation. The healthcare provider must ensure that Zoom is taking all the necessary precautions to ensure the privacy of their patients, but is also responsible for the security that patients expect to be provided.

No doctor should ever ask you to learn how HIPAA works on your own, as it is entirely their job to understand and implement the requirements of the law. If your personal information is ever shared on an unencrypted line without a signed business associate agreement, then the doctor or medical office is in the wrong. This means that you should ask the doctor if they have taken the steps to make the software you are using, including Zoom, HIPAA-compliant or not. If they have not taken the necessary precautions, you should not allow for any of your personal information to be shared through that method. 

A key part of the HIPAA compliance process requires the doctor’s or medical office to obtain assurances that Zoom is not storing any private information, has secured its video channels, and is willing to abide by established HIPAA rules. Because of these rules, Zoom has said that it is willing to sign a Business Associate Agreement with any covered entity that uses its platform. This means that Zoom is willing to stand behind its security policies so that you can receive the medical care that you need. Zoom has taken all the steps needed to be HIPAA compliant, and they are continually improving their platform to ensure that they can give patients the security that is needed.

What Is The Security Rule?

Zoom is required to meet all of the HIPAA Security Rule requirements in order to be compliant, including all of the technical, administrative, and physical safeguards which ensure that their platform will keep PHI safe. Zoom is providing a confidential service that has the highest levels of integrity and availability. HIPAA requires that partners like Zoom provide a quality service that is safe. Zoom has met these requirements and will continue to meet those requirements as they are updating their systems every day.

HIPAA compliance video conferencing only works when you have communicated with Zoom about how they meet HIPAA security requirements. Zoom HIPAA compliance is extremely important so that you can use this software while knowing that your identifiable health information is being kept secure. 

What Did Zoom Actually Do To Meet HIPAA Requirements?

  • Zoom uses authentication measures that verify every person on the platform which ensures that electronic protected health information is safe.
  • Zoom shows that they are using two different kinds of authentication are called OAuth 2.0 and JSON Web Tokens.
  • OAuth is used for user content, and web tokens are used for server-to-server communication.
  • Zoom uses access measure controls, which are required by the Security Rule, and control who can use information that has been shared. This is important because only authorized people who need to see the content can view it.
  • Zoom also uses end-to-end encryption to ensure that only the users on each end can see the data that is being shared, without anyone being able to intercept that data in between.
  • There is also a setting that will require encryption for third-party endpoints if they are used during the call.

What Else Does Zoom Do To Keep You Safe?

If you are a healthcare provider who is working with Zoom in order to offer healthcare services to your patients, then you must first sign a Business Associate Agreement which allows Zoom to give you the encryption and security that you need. You, however, might want to know what else has been done to protect. When you sign this agreement, you will get all these security features:

  • Cloud recording is disabled for all calls because the calls cannot be stored and information from those calls cannot be kept once the call is over.
  • You will enable encrypted chat. This is important because you do not want to expose any of your information to people who have broken into your chats. This is how HIPAA ensures that your information is not shared in any way.
  • You can require third-party encryption to ensure that anyone else who joins the call has their information encrypted. This might be necessary if two therapists or two specialists are on the same call. You cannot see your doctor and a specialist in the same office, but you can see them all on the same video call.
  • All text messages in the call will be encrypted.
  • Offline messages will be available to read-only after you have used the cryptographic key exchange.

Conclusion: Zoom is HIPAA Compliant

The conclusion of this question is that yes, you can use Zoom to get the medical care that you need because it is safe to use and is properly encrypted. Zoom’s dedication to HIPAA compliance is important for you because it is the only way to ensure that you remain safe while receiving the medical care you need through the software. Just be sure to check that your healthcare provider has signed a Business Associate Agreement with Zoom, which ensures that you will get HIPAA-compliant video conferencing while meeting with specialists, doctors, therapists, and other medical professionals.

More from the Blog

Why was the CCPA Introduced?
Privacy Compliance

Why was the CCPA Introduced?

Why is Personal Data Valuable?
Privacy Compliance

Why is Personal Data Valuable?

What is Personal Information Under the CPRA?
Privacy Compliance

What is Personal Information Under the CPRA?

What is Personal Data under the GDPR?
HIPAA

What is Personal Data under the GDPR?

The Truth about Data Security
Data Security

The Truth about Data Security

What is a HIPAA Lawyer?
HIPAA

What is a HIPAA Lawyer?

What Is a Data Processor?
HIPAA

What Is a Data Processor?

What is a Data Controller?
HIPAA

What is a Data Controller?

Compliance Managment Full Hexagon logo

Expert compliance support, on-demand

Accountable Compliance Success Managers are dedicated to making sure your company is fully compliant as we guide you step-by-step through the process of achieving HIPAA compliance.
chevron left
Expert guidance
chevron left
Build trust
chevron left
Dedicated Compliance Success Managers
chevron left
HIPAA Training
chevron left
Decrease risk
chevron left
Close more deals
Get Started Free
Talk To An Expert
schedule accountable demo
Accountable Compliance Management Logo

We make it easy to get your own HIPAA Certification and build trust with your customers and patients.

Product
PlaybooksHow it worksProductPricingWatch DemoSeal of Compliance
Solutions
HIPAA Compliance SolutionGDPR
Resources
BlogHIPAA TrainingHIPAA Risk AnalysisGDPR Risk Analysis
Company
AboutCareersSupportContact UsPrivacy CenterProduct Updates
Account
Sign InForgot Password
star iconstar iconstar iconstar iconstar icon

"Accountable allowed us to quickly establish Core Compliance with HIPAA as well as a firm foundation for our Security Program." - Michael H.

© 2024 Accountable HQ, Inc.
Terms of ServicePrivacy Policy