Is Zoom®HIPAA Compliant? The Facts

Updated on August 20, 2024.

Is Zoom® HIPAA-compliant? The answer depends on which version you use. The basic Zoom software is not HIPAA-compliant, but there is a Zoom for Healthcare® that could be used as part of a HIPAA-compliant telemedicine platform. However, even this option has some issues that healthcare organizations should be aware of before adopting it. Let’s explore the differences.

Jump to:

Changes To Approved Telehealth Platforms During The Pandemic

Healthcare professionals may find themselves confused as to whether Zoom is HIPAA compliant due to the relaxed regulations around the use of video conferencing software for telehealth during the COVID-19 pandemic. Let’s be clear: Zoom is not a HIPAA-compliant telemedicine platform—it is only temporarily among the approved telehealth platforms allowed in the United States, and that is soon to change.

In early 2020, the US Department of Health and Human Services (HHS) modified HIPAA’s Privacy Rule, which states that healthcare organizations must use only HIPAA-compliant video conferencing methods for telehealth visits.

The Office for Civil Rights confirmed in 2022 that healthcare professionals could use video conferencing services usually not permitted under HIPAA, in the good faith provision of telehealth solutions during the COVID-19 public health emergency1. However, despite the administration’s plans to terminate that period on May 11, 2023, the Consolidated Appropriations Act of 2023 extended many telehealth flexibilities authorized during the public emergency through December 31, 20242. The change in policy made Zoom, among other video conferencing platforms, a government-approved telehealth platform—for now. However, the clock is quickly running out.

The number of healthcare organizations utilizing video conferencing apps soared in 2020, when Zoom became one of the most popular choices for teleconferencing, registering a 535% increase in traffic3. But it is important to note that this was under the emergency provisions.

Now, as many organizations that used Zoom for telehealth during the pandemic scramble to find a secure and reliable HIPAA-compliant virtual care platform before the deadline, they’ve been navigating mixed messages around whether certain types of telehealth software—including major brands like Zoom—are actually HIPAA-compliant.

Explore: HIPAA Compliance And Telehealth

Is Zoom HIPAA-Compliant For Telemedicine?

If healthcare providers want to ensure patient privacy is respected, they should reconsider using Zoom’s free version as a HIPAA-compliant telehealth software.

However, Zoom has maintained that they provide a HIPAA-compliant telemedicine platform in Zoom for Healthcare. This service claims to incorporate access and authentication controls secured with end-to-end encryption. Zoom has also signed a HIPAA Business Associate Agreement (BAA).

HIPAA Compliant Telehealth Software

However, increased scrutiny on the platform in early 2020 sparked several security concerns, including a lack of end-to-end encryption for free users and the appearance of Zoom account credentials for sale on the dark web4. These raised questions about whether Zoom can be used for telehealth without breaching HIPAA5.

Recommended: Is Whatsapp® a HIPAA-compliant telemedicine software?

Since then, Zoom for Healthcare has recently increased its efforts to ensure HIPAA compliance, now enabling full end-to-end encryption of calls. This means that providers who desire a fully HIPAA-compliant virtual care platform can opt to integrate Zoom for Healthcare into their existing digital suite with greater peace of mind about the safety and security of their patient’s clinical data. However, Zoom continues to be the target of phishing attacks and has had other vulnerabilities exposed as recently as 2023.

Can Zoom Be Used for Telehealth With A BAA?

While Zoom is not certified by the HHS, experts say this is because the agency does not certify software solutions, not because there are any compliance issues with the software itself, including a BAA agreement. Zoom for Healthcare offers a BAA option and meets various HIPAA security standards, including advanced encryption standards (AES). Under the HIPAA BAA agreement, Zoom allows healthcare workers to save clinical calls locally, while less sensitive data can be stored in its cloud. 

A BAA is not all that is required, however. When implementing HIPAA-compliant video conferencing, providers must require patients to complete necessary patient consent forms and agreements. Commonly used examples of these forms for online patient portal and telehealth platforms include:

Recommended: Is Facebook Messenger™ a HIPAA-Compliant Telemedicine Platform?

Get a HIPAA-Compliant Virtual Care Platform

Zoom for Healthcare, as opposed to the standard version of Zoom, can be considered HIPAA compliant. Still, it is best used as a communication tool within a fully developed telehealth platform with patient portal features that include patient access to electronic health records (EHR) automated patient scheduling, symptom reporting, medication management, and more.

Bridge’s telehealth solution is a fully HIPAA-compliant part of the BridgeInteract platform. This powerful, modular patient engagement software suite streamlines provider workflows and offers a seamless patient experience across the online care journey through a HIPAA-compliant patient portal.

Smooth EHR integrations, custom chat features, and the strongest security standards are just some of the reasons why healthcare organizations choose Bridge. BridgeInteract is SOC 2 certified, demonstrating its adherence to stringent data security standards. Strong encryption, next-generation firewalls, and HIPAA-compliant cloud services are leveraged to protect client data and safeguard patient information.

In addition, BridgeInteract is compliant with the ONC Certification Criteria for Health IT and has been certified by an ONC-ACB in accordance with the applicable certification criteria adopted by the Secretary of Health and Human Services.* To know more about the certified module, please check https://www.bridgeinteract.io/certifications/

Contact us to learn how we can help you manage your telehealth with a comprehensive patient engagement solution that meets all the standards for HIPAA compliance and more. 

REQUEST A DEMO

Explore: HIPAA Compliance And Telehealth

DISCLAIMER: All product and company names are trademarks™ or registered® trademarks of their respective holders. Bridge is not affiliated, endorsed, or sponsored in any way by the service providers mentioned in this article.

*This certification does not represent an endorsement by the US Department of Health and Human Services.

Sources:

  1. Department For Health and Human Services. (2023). Telehealth policy changes after the COVID-19 public health emergency | Telehealth.HHS.gov. [online] Available at: Link. Accessed August 21, 2024. ↩︎
  2. US Congress. (2023). Consolidated Appropriations Act. [online] Available at: Link. Accessed August 21, 2024. ↩︎
  3. Winder, D. (2020). Zoom Isn’t Malware But Hackers Are Feeding That Narrative, And How: Zoom-Related Threats Up 2,000%. [online] Forbes. Available at: Link. Accessed August 21, 2024. ↩︎
  4. Scott I. (2020). Half a Million Zoom Accounts Compromised by Credential Stuffing, Sold on Dark Web. CPO Magazine. [online] Available at: Link. Accessed August 21, 2024. ↩︎
  5. Anthony Spadafora (2023). Zoom security issues: What’s gone wrong and what’s been fixed. [online] Tom’s Guide. Available at: Link. Accessed August 21, 2024. ↩︎
The Bridge Team
The Bridge Team