Zoom is a well-known video and web conferencing platform that 750,000 businesses now use, but can healthcare organizations use the service for sharing PHI? Is Zoom HIPAA compliant?
Because Zoom is a cloud-based video and web conferencing platform, it allows people from different locations to join meetings, share documents, and collaborate easily. The platform supports webinars and features a business IM function, offering much of the same capability of Skype.
Many healthcare organizations around the world use Zoom to confer with other providers and converse with patients. Nonetheless, in the U.S., healthcare organizations need to adhere to HIPAA Rules.
A software solution should therefore incorporate security protections to ensure that protected health information (PHI) is secured. If Zoom is to be used in connection with any PHI, the company would be considered a business associate and is therefore required to comply with HIPAA Rules.
Zoom and HIPAA Compliance
As a business associate, Zoom needs to sign a contract – a Business Associate Agreement (BAA) – with a HIPAA covered entity before its service can be used for sharing ePHI. The BAA is intended to confirm that Zoom knows its responsibilities regarding the privacy and security of PHI.
Zoom is ready to enter into a BAA with healthcare organizations and has made certain that its platform includes all the required security controls to satisfy the stringent prerequisites of HIPAA.
Zoom announced in April 2017 the launch of its first scalable cloud-based telehealth service for the healthcare market. Zoom for Telehealth permits companies and providers to easy communicate with patients, care teams, and other organizations in a HIPAA compliant way.
The service integrates authentication and access controls, and uses end-to-end AES-256 bit encryption to secure all communications. This year Zoom announced its partnership with a worldwide telehealth integrator and the platform has been improved to support complete enterprise healthcare processes.
So, is Zoom compliant with HIPAA Rules?
Zoom can be considered a HIPAA compliant web and video conferencing platform. It is acceptable for use in the healthcare industry, as long as a HIPAA-covered entity enters into a BAA with Zoom prior to using the platform.
Nevertheless, even with a BAA in place, it is possible for users to violate HIPAA Rules. Zoom will meet its responsibilities, but users must only disclose PHI to persons authorized to receive the information and adhere to the Minimum Necessary Standard.