Is Zoom HIPAA Compliant? FAQ for Facilities

Image of content creator smiling for camera
Written by Katherine Zheng, PhD, BSN Content Writer, IntelyCare
A nurse meets with a patient via Zoom.

As technology expands alongside the demand for healthcare services, the use of telehealth and virtual care is becoming more widespread across the industry. Zoom in particular is a popular online platform that enables patients to see providers remotely. While this offers many benefits, the use of such an ubiquitous technology in such a heavily regulated industry begs the question — is Zoom HIPAA compliant?

If your facility is looking to adopt telehealth services through Zoom, you may be wondering how to protect the privacy and security of your patients. We’ll answer some of the most frequently asked questions, from what facilities can do with Zoom (and similar video conferencing platforms) to how its use aligns with HIPAA regulations.

Zoom in Healthcare: History and Overview

Zoom is a conferencing and communications platform that enables multiple users to connect by video, audio, and chat over the internet. Users download the Zoom application onto their phones, tablets, or computers, which they can then sign into and meet with others virtually.

This platform was originally created in 2011 to facilitate remote work across all industries, but was adapted for telehealth services in 2017. Once the COVID-19 pandemic spread around the world in 2020, the number of Zoom users in the healthcare industry rose exponentially due to the sudden demand for virtual care services.

Zoom and HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlines a set of federal regulations that protect the privacy and security of patients’ protected health information (PHI). When using Zoom, providers must also comply with HIPAA to avoid any unlawful access, exchange, and handling of patient information that is obtained over the platform. We’ll discuss the details of how these regulations apply to Zoom in the FAQs below.

HIPAA Compliance and Zoom: Frequently Asked Questions

Is Zoom HIPAA Compliant for Telehealth?

First and foremost, you’re probably wondering — is Zoom HIPAA compliant? Zoom is, in fact, designed to meet minimum HIPAA standards to support compliance in the healthcare industry. The programmers of the platform have incorporated several administrative, physical, and technical safeguards to enhance its security.

How Do Facilities Use Zoom For Healthcare?

Zoom can be used to deliver a number of virtual health services, increasing the accessibility and efficiency of patient care. Patients can make medical appointments that are conducted over Zoom to receive general check-ups, ask questions, or discuss their care plans without having to physically be in an office. Zoom can also be integrated with tools like digital scopes and Electronic Health Records (EHRs) to make remote patient assessments more comprehensive.

How Do I Know Whether My Zoom Plan Is HIPAA Compliant?

There are a few different plans provided by Zoom, and it’s important for facilities to ensure they’re using one that is HIPAA compliant. The free version of Zoom doesn’t provide an option to enter a business associate agreement, or BAA, so facilities will typically need a paid, licensed account under Zoom Pro, Business, Business Plus, or Enterprise. The bottom line is that if your facility has entered and signed a BAA, then you’re most likely using a HIPAA compliant Zoom plan.

What Privacy and Security Concerns Should Facilities Be Aware Of?

As with any tool that handles patient data, there are still security and privacy issues that can arise when using Zoom or other virtual meeting platforms. Facilities delivering telehealth services should be aware of these potential risks in order to help mitigate them. Some examples include:

  • Users hacking into meetings without authorization
  • Individuals who falsely claim to be a particular patient
  • Zoom meetings that are recorded without a medical purpose
  • Meetings that are overheard by unauthorized individuals
  • Recordings from meetings that are stored insecurely

How Do Facilities Maintain Compliance While Using Online Platforms?

While Zoom implements many system-based safeguards to protect the privacy and security of patients, HIPAA adherence is a shared responsibility. Providers must understand how to make Zoom HIPAA compliant through their own actions as well. Before using any online meeting platform, facilities can follow these practices to reduce the risk of privacy and security breaches:

  • Ensure you’re using a platform that meets all minimum HIPAA standards.
  • Educate patients and obtain consent prior to delivering virtual care.
  • Confirm the identities of all parties in meeting attendance.
  • Only record meetings when medically necessary and after receiving patient consent.
  • Enable virtual waiting rooms to oversee and control entry into the “care room.”
  • Hold meetings in a private space and make sure the patient does as well.
  • Create meeting IDs and passwords that are only shared with the patient.

Is Your Facility HIPAA Compliant?

Now that we’ve answered the question, Is Zoom HIPAA compliant? You may be seeking other ways to protect the privacy and security of your patients, and minimize liability. Don’t miss out on dozens of other free compliance tips and guides from IntelyCare delivered straight to your inbox.

Related Articles

The SUPPORT Act and Healthcare Facilities: 5 Key Takeaways
Patient Dumping: Overview and FAQ for Facilities
Do Hospital Rooms Have Cameras? FAQ From Staff and Patients
What to Include in a HIPAA Business Associate Agreement
Improving the Patient Experience in Healthcare: 5 Strategies