Zoom has become to be a very popular and used web and video conferencing platform that has already been adopted by 750,000 businesses around the globe. This platform allows you to take part in a remote meeting as well as share files and collaborate.
Zoom has been adopted by plenty of healthcare institutes out there who utilize this platform for consulting with the other healthcare providers and patients. In the USA, any software or online platform that wants to share patients’ information are needed to incorporate a bunch of security protection for ensuring protected health information.
These rules and protocols come under HIPAA or the Health Insurance Portability and Accountability Act and supplemental legislation. Zoom is required to comply with all the HIPAA protocols and rules to work in a systematic manner. Now there a question can come in your might, ‘’Is Zoom Hipaa compliant?’’. In order to know the answer in detail, keep reading.
Is Zoom HIPAA Complaint?
Zoom is indeed considered to be a HIPAA compliant video and web conferencing online platform that is known to be appropriate to use in healthcare. It is nothing but a HIPAA covered entity that is known to enter into the business associate agreement. A-Zoom user is required to be aware regarding the rules and responsibilities while using the platform because the HIPAA rules could be violated to some extent.
The users are needed to respect the patients’ privacy and safety. Zoom is allowed to communicate or share PHI with only those individuals that are properly authorized to receive such information, to begin with. Hence, it is considered to be the highest responsibility of Zoom users to maintain HIPAA compliance while using the platform.
What is HIPAA Compliance?
HIPAA stands for Health Insurance Portability and Accountability Act. This act happens to have a bunch of privacy and security standards that aim to protect the confidentiality of the Protected Health Information (PHI).
If it is about video conferencing, then the security architecture of Zoom is required to comply with the specific standards, implementation specifications as well as requirements in regard to the electronic PHI of the covered entity.
There are some common requirements of the HIPAA standard that a HIPAA covered entity is required to follow.
- Ensuring confidentiality, availability, and integrity of the electronic PHI that a covered entity is to create, receive, transmit, and maintain.
- Protecting against any anticipated hazards or threats to integrity or security of such important information.
- Protecting against anticipated disclosure or uses of such vital information that are not generally required or permitted under privacy rules and regulations.
- Ensuring complete compliance with the workforce.
Zoom and HIPAA Compliance
If you want to know the answer to the question, ‘’Is Zoom HIPAA compliance?’’, then you should know that the answer is YES. Zoom, as an online business associate, is needed to enter into a necessary contract with HIPAA covered entity before one is allowed to use the service of the platform for sharing PHI.
This vital contract is also known to be a Business Associate Agreement, which is there to serve as such a confirmation that Zoom is fully aware regarding its compliance and responsibilities in regard with the security and privacy of the PHI.
Therefore, Zoom is there to sign an effective business associate agreement with healthcare bodies and organizations. This platform is also there to ensure that it is there to abide by all the necessary security controls in order to meet the strict requirements and protocols of HIPAA.
In the month of April 2017, Zoom did announce that it had effectively launched its first scalable cloud-based telehealth service for the healthcare industry and organizations. This service is there to allow healthcare providers and enterprises to communicate and cooperate easily with each other.
This service is there to incorporate access as well as authentication controls. All the communications are known to be perfectly secured and protected with the end-to-end AES-256 bit encryption. Moreover, this platform is also there to effectively integrate the Epic electronic health record system for supporting the healthcare workflows.
In the year 2020, Zoom has announced that they have partnered with the global telehealth integrator. On the other hand, this platform has been enhanced for supporting the complete workflow of the enterprise healthcare.
How does Zoom enable HIPAA compliance?
In case of providing service to the healthcare customers, Zoom does not necessarily access the PHI. It is there to model the compliance of HIPAA under ‘conduit exception’ that is likely to apply to the entities that generally transmit the PHI but has no access to the transmitted information. In order to come under this exception, Zoom is there to effectively apply the mandatory account setting to the accounts of healthcare customers.
Hence, it is likely to eliminate the customers’ abilities to transmit the PHI to Zoom. Hence, being a web-based platform, Zoom is there to leave no stone unturned in maintaining the HIPAA compliance based on HIPAA Security Rules published in Federal Register on 20th Feb 2003. The answer of the question, ‘is Zoom HIPAA compliant?’’ is always affirmative.
Security and Encryption
Proper security and encryption is followed in the Zoom to abide by the HIPAA compliance perfectly. The account administrators generally invite-only the Zoom members are allowed to host a meeting with other members. The host is there to control the attendance of the meeting with the use of IDs and passwords.
Every meeting is known to have one host until and unless a co-host is added in the process. Host is allowed to screen share as per the needs. On the other hand, host is also allowed to control the other aspects of the meeting, such as expel attendees, lock meetings, unmute/mute all, etc.
Zoom is there to incorporate high-standard Advanced Encryption Standard or AES encryption utilizing the 256-bit key for protecting the meetings as well as users’ information. The Chat feature of Zoom is nothing but such an encrypted messaging system that is there to utilize the public key cryptography along with the private keys stored and generated on a user’s device.