Zoom & HIPAA Compliance
Zoom is a cloud-based video and web conferencing solution that lets workers across many different locations participate in meetings, share files, and collaborate. The platform supports webinars and incorporates a business IM service.
Zoom has already been put in place by many healthcare groups worldwide who use the platform to consult with other providers and correspond with patients. However, in the United States, healthcare providers must adhere with HIPAA obligations.
Any software must include a range of security measures to ensure protected health information (PHI) is completely safe. Additionally, cloud-based platform providers are classified as a business associates and must comply with HIPAA Rules if their platforms are to be used along with PHI.
HIPAA Compliance and Zoom
As a business associate, Zoom would have to enter into a contract with a HIPAA covered group before its service can be implemented with ePHI. That binding contract – a Business Associate Agreement – acts as a confirmation that Zoom is aware of its responsibilities in relation to the privacy and security of PHI.
Zoom is willing to sign a business associate agreement with healthcare groups and has ensured that its platform incorporates all of the necessary security measures to meet the strict requirements of HIPAA.
In April 2017 Zoom revealed that it had launched the first scalable cloud-based telehealth service for the healthcare arena. Zoom for Telehealth allows enterprises and providers to correspond effectively with other groups, care teams, and patients in a HIPAA compliant manner.
The service has access and authentication controls, all messages are secured with end-to-end AES-256 bit encryption, and the platform links up with the Epic electronic health record system to support healthcare workflows.
This year Zoom said that it has partnered with a global telehealth integrator which will further enhance the service to support full enterprise healthcare workflows.
Can Zoom be deemed HIPAA Compliant?
Zoom, at an operational level, is a HIPAA compliant web and video conferencing platform that can be used for healthcare, provided a HIPAA-covered entity fills out a business associate agreement with Zoom before implementing the platform.
HIPAA rules could still be violated using the platform so users must be aware of their duties with respect to patient privacy, and must only send PHI to those authorized to receive it. It is the responsibility of the covered group to make sure Zoom is used in line with HIPAA rules.