Zoom Video Conferencing and HIPAA Compliance

Over 750,000 businesses are now using Zoom for online video and web conferencing. However, before implementing use of the service it is vital to consider  if it adheres to HIPAA Rules for appropriate use by healthcare groups in relation to sharing PHI.

A cloud-based video and web conferencing platform, Zoom allows employees across multiple locations to participate in meetings, share files, and collaborate. The web tool supports webinars and incorporates a business IM service.

Zoom has already been put in place by many healthcare groups worldwide who use the platform to interact with other providers and communicate with patients. However, in the USA healthcare groups must adhere with HIPAA Regulations.

Any software solution must include a range of security protections to ensure protected health information (PHI) is completely safeguarded. Additionally, cloud-based platform providers are defined as a business associates and are also required to adhere with HIPAA Rules if their services are to be used in tandem with PHI.

Zoom, as a business associate, would need to compelte a contract with a HIPAA covered body before its service can be used with ePHI. That agreement – a Business Associate Agreement – acts as a confirmation that Zoom is aware of its obligations in relation to the privacy and security of PHI.

Zoom is willing to complete a business associate agreement with healthcare groups and has ensured that its platform includes all of the required security controls to meet the strict requirements of HIPAA.

In April 2017 Zoom revealed that it had introduced the first scalable cloud-based telehealth service for the healthcare sector. Zoom for Telehealth allows enterprises and providers to communicate simply with other group, care teams, and patients in a HIPAA compliant fashion.

The service includes access and authentication measure, all communications are safeguarded with end-to-end AES-256 bit encryption, and the platform integrates with the Epic electronic health record network to support healthcare workflows.

In early Zoom revealed that it has partnered with a global telehealth integrator and that its infrastructure has been further enhanced to support full enterprise healthcare processes.

Zoom can be deemed a HIPAA compliant web and video conferencing service that is appropriate for use in healthcare, provided a HIPAA-covered body completes a business associate agreement with Zoom prior to using the service.

HIPAA Rules can still be violated using the service so users must be conscious of their duties in relation to patient privacy, and must only share or transmit PHI with people authorized to receive the data. It is the duty of the covered body to ensure Zoom is used properly and in line with HIPAA Regulations.