To say that videoconferencing service Zoom has increased in popularity over the past few months would be an understatement. In just the first two months of 2020, its active user base grew to 2.22 million monthly active users. Compare that to 2019, when it added 1.99 million for the whole year.
This is due in large part to the coronavirus pandemic, which is forcing millions of people to work from home. Additionally, with shelter-at-home orders, healthcare professionals have flocked to Zoom to conduct virtual appointments and consult with other providers. But that brings up an important question — is Zoom HIPAA compliant?
What is Zoom?
First and foremost, it’s important to understand exactly what Zoom is and what it can do. It’s a cloud-based video and web conferencing platform that offers videoconferencing, chat, and collaboration capabilities, all in one place.
Many healthcare organizations use Zoom to consult with colleagues and communicate with patients, often sharing protected health information (PHI). Any time you use software to share patient information, that software must incorporate a variety of security protections to ensure PHI is kept safe and secure.
In addition, cloud-based platform providers like Zoom are classified as business associates, which means they’re required to comply with HIPAA rules if they use their platform to share PHI.
Zoom and HIPAA compliance
The HIPAA Privacy Rule requires that, when healthcare providers outsource anything that touches PHI, they get satisfactory assurances that the patient’s information will be safeguarded. A business associate agreement (BAA) is required from these third parties — in this case Zoom — to outline these assurances. The BAA confirms that Zoom is aware of its responsibilities to maintain the privacy and security of PHI.
Because Zoom has agreed to sign a BAA with healthcare organizations, the video conferencing platform is HIPAA compliant.
In 2017 the company launched a separate entity — Zoom for Telehealth — making it one of the first scalable cloud-based telehealth services specifically for the healthcare industry. The following year, they formed a partnership with a global telehealth integrator, which gave them the ability to offer a complete communication and workflow solution for the healthcare industry.
Zoom for Telehealth includes HD video and audio, enhanced collaboration features (such as annotating a shared screen), compliance with PIPEDA/PHIPA, recorded sessions, medical device integrations, virtual counseling options, and integration with the Epic electronic health record (EHR) system.
Additional security measures put in place by Zoom
Zoom is a HIPAA-compliant video conferencing platform, but it takes things a step further and incorporates additional security measures into the service, ensuring that PHI stays private. There are two different user authentication requirements. Zoom also offers access control so that providers can limit access to the platform.
The end-to-end encryption used by Zoom means that all messages are scrambled in transit and only viewable by the sender or recipient. This encryption extends to text messages and chats. All parties have to initiate a cryptographic key exchange in order to make offline messages available, meaning both parties have the same key to encrypt or decrypt the data.
The use of telemedicine and virtual visits is only going to increase — even after the COVID-19 pandemic. Some are predicting that more than 91 percent of medical practitioners will offer telehealth services by the end of 2020.
If you’re looking for a HIPAA-compliant video conferencing service, Zoom can be a valuable option that helps you better connect with your patients — now and in the future.