Is Zoom HIPAA Compliant? FAQ for Facilities

Image of content creator smiling for camera
Written by Katherine Zheng, PhD, BSN Content Writer, IntelyCare
Image of content creator for bio page
Reviewed by Aldo Zilli, Esq. Senior Manager, B2B Content, IntelyCare
A nurse meets with a patient via Zoom.

As technology expands alongside the demand for healthcare services, the use of telehealth and virtual care is becoming more widespread across the industry. Zoom in particular is a popular online platform that enables patients to see providers remotely. While this offers many benefits, the use of such a ubiquitous technology in such a heavily regulated industry begs the question — is Zoom HIPAA compliant?

If your facility is looking to adopt telehealth services through Zoom, you may be wondering how to protect the privacy and security of your patients. We’ll answer some of the most frequently asked questions, from what facilities can do with Zoom (and similar video conferencing platforms) to how its use aligns with HIPAA regulations.

Zoom in Healthcare: History and Overview

Zoom is a conferencing and communications platform that enables multiple users to connect by video, audio, and chat over the internet. Users download the Zoom application onto their phones, tablets, or computers, which they can then sign into and meet with others virtually.

This platform was originally created in 2011 to facilitate remote work across all industries, but was adapted for telehealth services in 2017. Once the COVID-19 pandemic spread around the world in 2020, the number of Zoom users in the healthcare industry rose exponentially due to the sudden demand for virtual care services.

Zoom and HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlines a set of federal regulations that protect the privacy and security of patients’ protected health information (PHI). When using Zoom, providers must also comply with HIPAA to avoid any unlawful access, exchange, and handling of patient information that is obtained over the platform. We’ll discuss the details of how these regulations apply to Zoom in the FAQs below.

HIPAA Compliance and Zoom: Frequently Asked Questions

Is Zoom HIPAA compliant for telehealth?

First and foremost, you’re probably wondering — is Zoom HIPAA compliant? Zoom is, in fact, designed to meet minimum HIPAA standards to support compliance in the healthcare industry. The programmers of the platform have incorporated several administrative, physical, and technical safeguards to enhance its security.

Is Zoom One Pro HIPAA compliant?

As you browse different Zoom plans, you may more specifically be wondering — Is Zoom Pro HIPAA compliant? At a minimum, facilities must actually purchase the Pro plan to access features allowing healthcare providers to configure Zoom for HIPAA.

How do I know whether my Zoom plan is HIPAA compliant?

There are a few different plans provided by Zoom, and it’s important for facilities to ensure they’re using one that’s compliant with HIPAA. Zoom Basic (the free plan) doesn’t provide an option to enter a business associate agreement, or BAA, so facilities will typically need a paid, licensed account under Zoom Pro, Business, Business Plus, or Enterprise. The bottom line is that if your facility has entered into a Zoom BAA agreement, then you’re most likely using a HIPAA compliant Zoom plan, but you should still verify that in your agreement.

How do facilities use Zoom for healthcare?

Zoom can be used to deliver a number of virtual health services, increasing the accessibility and efficiency of patient care. Patients can make medical appointments that are conducted over Zoom to receive general check-ups, ask questions, or discuss their care plans without having to physically be in an office. Zoom can also be integrated with tools like digital scopes and Electronic Health Records (EHRs) to make remote patient assessments more comprehensive.

What privacy and security concerns should facilities be aware of?

As with any tool that handles patient data, there are still security and privacy issues that can arise when using Zoom or other virtual meeting platforms. Facilities purchasing Zoom for healthcare providers should be aware of these potential risks in order to help mitigate them. Some examples include:

  • Users hacking into meetings without authorization
  • Individuals who falsely claim to be a particular patient
  • Zoom meetings that are recorded without a medical purpose
  • Meetings that are overheard by unauthorized individuals
  • Recordings from meetings that are stored insecurely

How to Maintain Compliance While Using Online Platforms

Beyond asking, Is Zoom HIPAA compliant? you may be wondering how to enhance patient privacy and security in a virtual environment. While Zoom implements many system-based safeguards to protect patients, HIPAA adherence is a shared responsibility. Providers must understand how to maintain Zoom HIPAA compliance through their own actions as well. Before using any online meeting platform, facilities can follow these practices to reduce the risk of privacy and security breaches.

1. Use a Platform that Meets Minimum HIPAA Standards

Zoom is one of many online platforms used in healthcare settings. If you decide to use a platform other than Zoom for telehealth, ensure that it meets minimum HIPAA standards. At baseline, the company supplying services should specify what type of authentication, encryption, and access controls they offer. You should also enter a business-associate agreement prior to partnering with any third-party company.

2. Educate Patients and Obtain Consent

When you first meet with a patient virtually, you should educate them on their rights during the visit and what to expect. Depending on what state you’re in, you may also need to obtain informed consent from the patient to host a virtual appointment. Also, only record meetings when medically necessary and after receiving written consent.

3. Make the Virtual Room as Private as Possible

Just as you would on-site, you’ll want to maximize the privacy of your virtual patient room. Make sure that your providers are holding meetings in a private space, and ensure that the patient knows to do this as well. When starting the meeting, confirm the identities of everyone in attendance and double check that the patient is in a comfortable setting.

4. Enable Virtual Access Controls

Many online platforms like Zoom allow you to turn on and off virtual access controls. Make sure that you enable virtual waiting rooms to oversee and control entry into the “care room.” You should also create meeting IDs and passwords that are only shared with the patient. These measures will help prevent any unwanted parties from accidentally accessing or hacking into your meeting.

Is Your Facility HIPAA Compliant?

Now that we’ve answered the question, Is Zoom HIPAA compliant? You may be seeking other ways to protect the privacy and security of your patients, and minimize liability. Don’t miss out on dozens of other free compliance tips and guides from IntelyCare delivered straight to your inbox.

Legal Disclaimer: This article contains general legal information, but it is not intended to constitute professional legal advice for any particular situation and should not be relied on as professional legal advice. Any references to the law may not be current, as laws regularly change through updates in legislation, regulation, and case law at the federal and state level. Nothing in this article should be interpreted as creating an attorney-client relationship. If you have legal questions, you should seek the advice of an attorney licensed to practice in your jurisdiction.

Related Articles

Credentialing With Insurance Companies: 5 Mistakes to Avoid
What Is an LTAC vs. SNF? Overview and FAQ
Avoiding a Breach of Duty of Care: 5 Tips for Healthcare Facilities
What Is the No Surprises Act? Facility Guide and FAQ
The SUPPORT Act and Healthcare Facilities: 5 Key Takeaways

Stay in the know

with the latest industry
insights and trends

SIGN UP