Zoom Video Conferencing and HIPAA Compliance

by | Feb 24, 2018

Over 750,000 businesses are now using Zoom for online video and web conferencing. However, before implementing use of the service it is vital to consider  if it adheres to HIPAA Rules for appropriate use by healthcare groups in relation to sharing PHI.

A cloud-based video and web conferencing platform, Zoom allows employees across multiple locations to participate in meetings, share files, and collaborate. The web tool supports webinars and incorporates a business IM service.

Zoom has already been implemented by many healthcare groups worldwide who use the platform to interact with other providers and communicate with patients. However, in the USA, healthcare groups must adhere with HIPAA Regulations when sharing confidential patient data.

Any software solution must include a range of security protections to ensure protected health information (PHI) is completely safeguarded. Additionally, cloud-based platform providers are defined as a business associates and are also required to adhere with HIPAA Rules if their services are to be used in tandem with PHI.

Zoom fulfills this criteria according to a document released by the company in 2017 (PDF). However, although the technology is HIPAA-compliant, how it is used can result in breaches of HIPAA if “Meeting Hosts” fail to implement the necessary controls at user level.

Zoom, as a business associate, would need to complete a contract with a HIPAA covered body before its service can be used with ePHI. That agreement – a Business Associate Agreement – acts as a confirmation that Zoom is aware of its obligations in relation to the privacy and security of PHI.

Zoom is willing to complete a business associate agreement with healthcare groups and has ensured that its platform includes all of the required security controls to meet the strict requirements of HIPAA.

In April 2017 Zoom revealed that it had introduced the first scalable cloud-based telehealth service for the healthcare sector. Zoom for Telehealth allows enterprises and providers to communicate simply with other group, care teams, and patients in a HIPAA compliant fashion.

The service includes access and authentication measure, all communications are safeguarded with end-to-end AES-256 bit encryption, and the platform integrates with the Epic electronic health record network to support healthcare workflows.

Zoom has also revealed it has partnered with a global telehealth integrator and that its infrastructure has been further enhanced to support full enterprise healthcare processes.

Zoom can be deemed a HIPAA compliant web and video conferencing service that is appropriate for use in healthcare, provided a HIPAA-covered body completes a business associate agreement with Zoom prior to using the service.

HIPAA Rules can still be violated using the service so users must be conscious of their duties in relation to patient privacy, and must only share or transmit PHI with people authorized to receive the data. It is the duty of the covered body to ensure Zoom is used properly and in line with HIPAA Regulations.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy