Have you wondered is Zoom HIPAA-compliant? You are in the right place. Read on to get more information on the latest HIPAA rules.
Zoom has become the most popular web conferencing software for businesses in use today. For both businesses and private users, Zoom offers remote video and web conferencing services. Zoom enables remote workers to participate in online meetings where they can communicate and share information.
So is Zoom HIPAA compliant? Zoom includes authentication measures, so the answer is yes because it complies with the necessary Security Rule requirements. Keep reading to learn more about Zoom And HIPPA.
Table of Contents
What Is Zoom?
Workers from various locations can participate in meetings, share files, and collaborate using Zoom, a cloud-based video and web conferencing platform. Along with offering a business IM service, the platform supports webinars.
Numerous healthcare institutions all over the world have already adopted Zoom, using the platform to consult with other professionals and communicate with patients. However, in the United States, healthcare providers, health plans, and healthcare clearinghouses (collectively “HIPAA-covered entities”) using the platform must comply with HIPAA Rules.
Protected health information (PHI) must be protected by a variety of security measures in order for any software solution used to share patient data to be effective. Additionally, cloud platform providers (i.e. in this case In order for their platforms to be used to share PHI, Zoom) and other business associates like them must abide by HIPAA Rules.
HIPAA Compliance Explained
The Health Insurance Portability and Accountability Act, or HIPAA, contributes to security and privacy compliance for protecting medical information. Health plans, healthcare clearinghouses, and healthcare providers who carry out specific financial and administrative transactions electronically are all subject to its regulations.
The HIPAA Privacy Rule establishes restrictions on who can access patient information and mandates that medical professionals, hospitals, and other healthcare organizations disclose to patients how they use and disclose their health information. Patients also have the right to inspect and obtain a copy of their health records.
HIPAA compliance aims to safeguard patient medical records and other personally identifiable health information, even when they are kept by a for-profit organization like an electronic health records provider.
That said, to fully understand how Zoom is HIPAA compliant, you’ll need to get acquainted with these terms:
- PHI and ePHI
- Business associate
- Business associate agreement
PHI and ePHI
By forbidding the dissemination of “protected health information” (PHI), HIPAA Rules safeguard patient privacy. Protected health information is referred to as PHI. Under HIPAA, any identifiable health information that is used, kept, stored, or transmitted is referred to as “PHI.”
Date of birth, financial information, Social Security number, verbal information, electronic records, and physical documents are all included. PHI is essentially any information that can be used to identify a patient.
ePHI, on the other hand, stands for electronically protected health information. Any data that is electronic in nature and that:
- identifies an individual; or
- has been created, modified, maintained, or transmitted by using electronic media
PHI has now been shared and accessible digitally rather than on paper thanks to the use of computer technology. According to HIPAA rules and regulations, this electronic nature is what qualifies as ePHI.
Business Associate
A business associate is any individual or organization that offers services to a covered entity under HIPAA that involve the use or disclosure of PHI.
Under HIPAA, you would be a business associate if you worked for a healthcare provider. Any outside company that manages PHI for this kind of business would also be regarded as a HIPAA business associate.
Zoom is classified as a “business associate” because it is likely that healthcare providers are exchanging PHI on the platform. In such cases, Zoom is the partner of a covered entity. Healthcare suppliers, payers, clearinghouses, and their commercial partners are examples of covered entities.
Business Associate Agreement
The contract that HIPAA-covered entities must have with their business associates is known as a business associate agreement. The business associate’s obligations under this contract are outlined, along with how the business associate will safeguard patient privacy and implement security measures.
You must sign a business associate agreement in order to subscribe to Zoom for Healthcare, which we’ll discuss below. Zoom complies with HIPAA regulations as a result.
Now that you understand the HIPAA terms that you’ll likely come across, here are the HIPAA regulations for video:
- Confidentiality, integrity, and availability must all be maintained for electronic PHI generated, received, or transmitted by a covered entity
- Any reasonably anticipated risks or hazards to information security or integrity must be avoided
- Prevent any non-permitted or unauthorized uses or disclosures of such information that are not authorized under the privacy regulations
Why is HIPAA Compliance Important?
The HIPAA rules and regulations must be followed, regardless of the size of your practice. HIPAA was passed in order to facilitate easier record keeping and document sharing. It also offers instructions to make sure that all included entities handle patient records securely.
For your practice, only choose HIPAA-compliant tools. In this regard, one aspect that makes Zoom a valuable investment is that it complies with all HIPAA regulations. When you use Zoom for Healthcare, you won’t have to be concerned about breaking the law and incurring costly fines.
Is Zoom HIPAA Compliant?
Given that a HIPAA-covered entity signs a business associate agreement with Zoom before using the platform and uses it in a HIPAA-compliant manner (i.e. adhering to the HIPAA’s Minimum Requirement Standard).
Users must be conscious of their obligations with regard to patient privacy and should only share or communicate PHI with people who have a need to know it.
Otherwise, HIPAA Rules could still be broken using the platform. The covered entity is in charge of ensuring that HIPAA regulations are always observed and Zoom is used appropriately.
As of February 2022, Zoom offers a business associate agreement to organizations in the healthcare sector, with the majority of these technical issues now being resolved.
Related Reading: How Does Zoom Make Money?
How Does Zoom Comply With HIPAA?
The following are measures Zoom has taken to avoid HIPAA violations and remain compliant with the rules:
- To ensure that each user is who they say they are and that ePHI is secure, Zoom employs authentication procedures.
- OAuth 2.0 and JSON Web Tokens are the two types of authentication that Zoom uses. User Content is handled using OAuth, while server-to-server communication is handled by web tokens
- To guarantee that no one intercepts the data shared when health professionals are on a video call, Zoom uses end-to-end encryption
- Zoom uses access measure controls to restrict who has access to shared data, which is required by the HIPAA Security Rule. This is important because the information can only be viewed by those who have been given permission and who need to see it.
Zoom For Healthcare
Zoom for Healthcare is a web-based virtual care video conferencing solution that enables patients to communicate with their healthcare provider from home or any other location using a smartphone, tablet, or personal computer.
Zoom for Healthcare is the only HIPAA-compliant conference call solution on the market that supports numerous participants in a HIPAA-compliant setting, making it an appealing option for organizations with collaborative processes, who need to regularly train their employees, or who need to get in touch with patients’ families.
The Pros of Using Zoom for Healthcare
There is no denying that Zoom is an excellent tool for communicating with patients online. It’s crucial to give your patients ways to get medical care without being there in person. Access to healthcare services is improved by offering teleconsultations.
Let’s take a look at the other benefits of Zoom:
Better Communication
In-person consultations are the best, but sometimes patients lack the time or resources to do so. A seamless and engaging teleconsultation with your patients is still possible with Zoom. With its video calling feature, you can see how they are doing and deduce information from their body language.
On the other hand, if they can see your face, even through a screen, it can reassure them that they are receiving the best medical care possible.
Excellent Features
Zoom has a ton of incredible features, which is why it is currently the preferred video conferencing platform. The video and audio calls, for one, have excellent quality. Additionally, it supports closed captioning and audio transcription. Zoom uses end-to-end encryption, which is crucial for ensuring data privacy.
Fast Integration
To implement Zoom, you don’t need a broad range of technical expertise. Zoom can be set up and used quickly. Zoom can be used on various devices, allowing you to use the program while on the go.
The Cons of Using Zoom for Healthcare
Zoom is a great communication tool, but it is not without flaws. To assist you in deciding if this platform is appropriate for you, let’s look at the drawbacks.
High Fees
Despite the fact that Zoom is free to use, medical professionals might want to subscribe to the Zoom for Healthcare plan. It can cost more than $200 per month to upgrade to this plan. For advanced features, you might also have to pay more.
Slow Issue Resolution
Many users have complained that problems are typically not resolved quickly by Zoom’s customer service. Some claim they had to wait two to three days before receiving a response. Not ideal, especially if you use Zoom to consult with patients. In an emergency, you must be able to communicate.
Security Issues
Despite being HIPAA compliant, Zoom still has some security flaws. Numerous incidents where unwanted people interrupt or join a video conference call have been reported. This is obviously a serious concern because events like these can result in data breaches.
Other Security Features Of Zoom
Upon signing a BAA with Zoom, the following security measures are enacted on a Zoom account:
- Cloud Recording won’t work anymore.
- There will be an option for encrypted chat.
- The setting “Require Encryption for 3rd Party Endpoints (H323/SIP)” will be enabled for all members of an account.
- We’ll use encryption for text messages.
- Only after everyone initiates a cryptographic key exchange will offline messages become accessible.
There is More to HIPAA Than “Compliant” Software
Video is only one of many things that are vital to Name, email address, phone number, and address of your patient are all pieces of information that must be kept private under HIPAA in telehealth. If you add your patients as contacts in Zoom, invite them to meetings, or store any other patient PII there, you may be in violation of HIPAA if you haven’t paid to use their health care plan.
One of the most important and overlooked areas of HIPAA is who has access to patient data. Consider the time before electronic medical records, when everything was stored in the file room. It was crucial to restrict access to that room.
Consider it in the present day and what would happen if someone could enter that room through the Internet. Perhaps you keep strangers out of the room, but what about the other people in your group? Should therapists have easy access to the medical records of patients they are not currently treating?
There are no access controls on Zoom or pretty much any other web conferencing program designed for business meetings.
You May Also Like: Is Google Meet HIPAA Compliant?
FAQs
Is Google Meets HIPAA Compliant?
The response is both yes and no. Although Google has made the necessary preparations to ensure that Google Workspace, including Meet, complies with HIPAA regulations, the BAA agreement is not automatically in place.
Instead, when an organization starts using Workspace for their medical practice, they are required to sign the agreement themselves. After being signed, Google Meet and the other apps in Google Workspace will adhere to HIPAA regulations.
Is Free Zoom HIPAA Compliant 2022?
The free AND regular paid versions of Zoom are not HIPAA-compliant. Zoom’s health care version’s price is not disclosed.
Is Zoom Pro HIPAA Compliant 2022?
In its capacity as a business associate, Zoom complies with the HIPAA Security Rule’s requirements and applicable requirements.
How Much is Zoom HIPAA Compliant?
There is no need for a dedicated IT staff since Zoom provides enterprise features and easy user management. Small practices can go online to get Zoom licenses that help enable HIPAA-compliant programs by executing a BAA, starting at $14.99 per month.
How Do I Make Sure Zoom is HIPAA Compliant?
As a business associate, Zoom would be required to enter into a contract with a HIPAA covered entity before its service can be used to share PHI. This agreement, known as a Business Associate Agreement, serves as proof that Zoom is aware of its obligations with regard to the security and privacy of PHI.
Are All Zoom Plans HIPAA Compliant?
The answer to the question of “Is Zoom HIPAA compliant” is “yes,” because Zoom includes authentication measures, which complies with the aforementioned Security Rule requirements.
Is Recording Zoom Without Permission Legal?
Do I need the participants’ consent to record their video and save sessions when I record meetings? Yes. Some US states (including California) are “two party” or “all party” consent states, which generally require the permission of both or all parties involved in a recording.
Final Thoughts
In conclusion, you shouldn’t just be concerned with following the law and the rules. The privacy of your patients and the sensitive information they have entrusted to your business should be protected. Businesses with those worries are more likely to see HIPAA as beneficial rather than a burden.
Read More: