About 750,000 businesses today use Zoom as it is a popular video and web conferencing program. Are healthcare organizations allowed to use Zoom for sharing PHI? Does it support HIPAA compliance?
Since Zoom is a video and web conferencing platform that is cloud-based, it makes it possible for people from various locations to join web meetings, share files, and work together quickly. The platform runs webinars and has a business IM function, just like Skype.
A lot of healthcare organizations across the planet use Zoom to consult with other providers and communicate with patients. But healthcare organizations in the U.S. should be sure to comply with HIPAA Rules.
A software program must use security defenses to keep protected health information (PHI) secure. If Zoom will be used in association with any PHI, the company should be viewed as a business associate and must therefore abide by the HIPAA Rules.
Zoom and HIPAA Compliance
A business associate, such as Zoom, is required to sign a Business Associate Agreement (BAA), which is a contract with a HIPAA covered entity prior to using its service for sharing ePHI. The BAA is supposed to prove that Zoom is aware of its duties concerning the privacy and protection of PHI.
Zoom will sign a BAA with a healthcare organization if necessary. Its platform is known to be equipped with the necessary security controls to meet the rigid requirements of HIPAA.
Zoom declared in April 2017 that its first scalable cloud-based telehealth service is available for the healthcare industry. Zoom for Telehealth allows easy communication of companies and providers with their patients, treatment teams and other agencies in a HIPAA compliant manner.
The service combines authentication and access controls, and utilizes end-to-end AES-256 bit encryption to safeguard all communications. This 2018, Zoom introduced its collaboration with a global telehealth integrator plus the platform was enhanced to help accomplish enterprise healthcare operations.
So, does Zoom support HIPAA compliance?
Zoom can be considered as a HIPAA compliant video and webinar platform. It can be used in the healthcare industry, provided that the two entities will agree to sign a BAA before using the platform.
Unfortunately, even with a BAA on hand, users can still break the HIPAA Rules. Zoom is ready to fulfill its end of the bargain, however users should only share PHI to those authorized to access the data.