Is Zoom HIPAA Compliant?

Zoom is a well-known video and web conferencing platform that 750,000 businesses now use, but can healthcare organizations use the service for sharing PHI? Is Zoom HIPAA compliant?

Because Zoom is a cloud-based video and web conferencing platform, it allows people from different locations to join meetings, share documents, and collaborate easily. The platform supports webinars and features a business IM function, offering much of the same capability of Skype.

Many healthcare organizations around the world use Zoom to confer with other providers and converse with patients. Nonetheless, in the U.S., healthcare organizations need to adhere to HIPAA Rules.

A software solution should therefore incorporate security protections to ensure that protected health information (PHI) is secured. If Zoom is to be used in connection with any PHI, the company would be considered a business associate and is therefore required to comply with HIPAA Rules.

Zoom and HIPAA Compliance

As a business associate, Zoom needs to sign a contract – a Business Associate Agreement (BAA) – with a HIPAA covered entity before its service can be used for sharing ePHI. The BAA is intended to confirm that Zoom knows its responsibilities regarding the privacy and security of PHI.

Zoom is ready to enter into a BAA with healthcare organizations and has made certain that its platform includes all the required security controls to satisfy the stringent prerequisites of HIPAA.


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

Zoom announced in April 2017 the launch of its first scalable cloud-based telehealth service for the healthcare market. Zoom for Telehealth permits companies and providers to easy communicate with patients, care teams, and other organizations in a HIPAA compliant way.

The service integrates authentication and access controls, and uses end-to-end AES-256 bit encryption to secure all communications. This year Zoom announced its partnership with a worldwide telehealth integrator and the platform has been improved to support complete enterprise healthcare processes.

So, is Zoom compliant with HIPAA Rules?

Zoom can be considered a HIPAA compliant web and video conferencing platform. It is acceptable for use in the healthcare industry, as long as a HIPAA-covered entity enters into a BAA with Zoom prior to using the platform.

Nevertheless, even with a BAA in place, it is possible for users to violate HIPAA Rules. Zoom will meet its responsibilities, but users must only disclose PHI to persons authorized to receive the information and adhere to the Minimum Necessary Standard.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: