Is Zoom HIPAA Compliant?

Zoom has already been adopted as a powerful and convenient video conference application that allows over 750,000 companies to carry out meetings and presentations via the internet, but do its capabilities stretch to cover the needs of organizations in the health care industry? Is Zoom compliant with the Health Insurance Portability and Accountability Act, commonly known as HIPAA?

What does Zoom do?

One of a number of enhanced connectivity options that have surfaced in the cloud in recent years, Zoom gives its users the ability to conduct multi-site meetings, transfer files, and work together in a more cohesive manner, overcoming distance and travel constraints. Zoom enables the presentation of web based seminars and incorporates an instant messaging tool.

It has already proven a popular solution for many organizations based in different parts of the world thanks to its ability to link businesses with healthcare providers, as well as with patients. While this is a testament to the utility of Zoom in this context, it does not provide an answer as to whether Zoom is HIPAA compliant, which is of paramount importance to healthcare entities in the United States of America.

In order to be compliant with HIPAA rules, there are a number of aspects which must be included in a software solution, not least of which is a robust method for guaranteeing the security of protected health information (PHI). As well as the technical side, the administrative side must also be considered. Groups which provide cloud based services are classed as business associates under HIPAA legislation. For the software or solution to be used in a HIPAA compliant manner, a business associate agreement (BAA) must be put in place between the supplier and the HIPAA covered entity before any PHI is used with or introduced to the system.

Can Zoom be HIPAA compliant?

Zoom would be classed as a business associate and would therefore need to be party to a BAA before PHI could be presented, shared, or otherwise used with the tool. The BAA would clearly designate Zoom’s obligations and delineate them from the elements required of the HIPAA covered entity. Both parties must be aware of and agree to their respective responsibilities.

In the past, Zoom has shown its willingness to enter into BAAs and has demonstrated its commitment to provide for the needs of HIPAA covered entities by implementing sufficient security measures that bring the tool into line with the standards called for by HIPAA.

An announcement from the company in early 2017 claimed that they had become the first scalable cloud-based telehealth service for the healthcare industry with the introduction of Zoom for Telehealth. This platform allows for PHI to be exchanged with authorised stakeholders in a HIPAA compliant manner, with high quality end-to-end encryption among the features of the tool.

Is Zoom HIPAA compliant?

Zoom is an option that can support HIPAA compliant cloud -based conferencing and presentation for organizations in the healthcare space, so long as other underlying necessities have been put into place, such as a BAA. Compliance ultimately depends on users and use, but Zoom itself is a suitable and compliant solution for such entities.