To say that video conferencing service Zoom has increased in popularity over the past few months would be an understatement. So far in 2020, the company has added 2.22 million monthly active users. Compare that to 2019, when it added 1.99 million for the whole year.
This is due in large part to the coronavirus pandemic, which is forcing millions of people to work from home. Zoom has also become a go-to for healthcare providers who use it to perform telehealth services and communicate with other providers and patients. But that brings up an important question — Is Zoom HIPAA compliant?
What is Zoom?
First and foremost, it’s important to understand exactly what Zoom is and what it can do. It’s a cloud-based video and web conferencing platform that provides remote conferencing services combining video conferencing, online meetings, chat, and mobile collaboration, which allows people to collaborate from any location.
Many healthcare organizations use Zoom to consult with colleagues and communicate with patients, often sharing protected health information (PHI). Any time you use software to share patient information, that software must incorporate a variety of security protections to ensure PHI is kept safe and secure.
In addition, cloud-based platform providers like Zoom are classified as business associates, which means they’re required to comply with HIPAA rules if they use their platform to share PHI.
Zoom and HIPAA compliance
When it comes to the HIPAA Privacy Rule, a healthcare provider must obtain satisfactory assurances from its business associate — in this case Zoom — that they will appropriately safeguard the PHI they receive or create on behalf of the provider.
These assurances are outlined in a required business associate agreement (BAA), which is a contract between Zoom and a provider. The BAA confirms that Zoom is aware of its responsibility as it relates to the privacy and security of PHI.
Because Zoom has agreed to sign a BAA with healthcare organizations, the video conferencing platform is HIPAA compliant.
In 2017 the company launched a separate entity — Zoom for Telehealth — making it one of the first scalable cloud-based telehealth services specifically for the healthcare industry. And in 2018, they partnered with a global telehealth integrator “to create a full stack enterprise healthcare suite that will support all communications and telehealth workflows in healthcare organizations.”
Zoom for Telehealth includes HD video and audio, enhanced collaboration features (such as annotating a shared screen), compliance with PIPEDA/PHIPA, recorded sessions, medical device integrations, virtual counseling options, and integration with the Epic electronic health record (EHR) system.
Additional security measures put in place by Zoom
Zoom is a HIPAA-compliant video conferencing platform, but it takes things a step further and incorporates additional security measures into the service, ensuring that PHI stays private. There are two different user authentication requirements, as well as access control measures, which regulate who or what can view or use resources on the platform.
To secure all communications, Zoom also uses end-to-end encryption so only the sender and recipient of an electronic message can read what’s in that message. Encryption is also enabled for all text messages and chats. All parties have to initiate a cryptographic key exchange in order to make offline messages available, meaning both parties have the same key to encrypt or decrypt the data.
The use of telemedicine and virtual visits is only going to increase — even after the COVID-19 pandemic. Some are predicting that more than 91 percent of medical practitioners will offer telehealth services by the end of 2020.
If you’re looking for a HIPAA-compliant video conferencing service, Zoom can be a valuable option that helps you better connect with your patients — now and in the future.