Is Zoom Rooms HIPAA compliant? (2026 update)

Zoom Rooms is a software-based meeting room system that brings video conferencing, wireless screen sharing, and in-room controls into shared spaces for hybrid meetings.

Is Zoom Rooms HIPAA compliant? Zoom Rooms can be HIPAA compliant, but only when you use it under the right Zoom plan and execute a HIPAA business associate agreement (BAA) with Zoom.

What changed this year?

As of January 2026, Zoom’s public BAA guidance continues to describe BAA availability and adds clearer, explicit guidance about AI feature availability under a BAA, including administrator controls and feature limitations for some healthcare customers.

Will Zoom Rooms sign a business associate agreement (BAA)?

Yes, Zoom will sign a BAA, and Zoom publishes instructions for how to enter into and manage a BAA.

What does the Zoom Rooms BAA cover?

Zoom describes BAAs as the mechanism that allows customers to use Zoom services in a HIPAA-aligned way, stating: “Zoom enters into business associate agreements (BAAs) with customers … to facilitate their compliance with HIPAA.”

BAA coverage commonly includes the core HIPAA contract obligations needed for vendors that create, receive, maintain, or transmit ePHI for a covered entity, and Zoom frames its HIPAA approach around executing a BAA and safeguarding PHI.

What does the Zoom Rooms BAA exclude?

Zoom flags feature-level limits for some healthcare customers under a BAA, stating: “Certain AI Companion features may not be available” for some healthcare (and higher education) customers with BAAs in place.

Conclusion

Zoom Rooms can be HIPAA compliant, because Zoom offers a BAA for eligible customers and positions HIPAA use around executing that BAA and using Zoom’s safeguards. Compliance still depends on using the right plan, keeping the BAA in place, and configuring workflows so PHI does not spill into excluded or unmanaged features.

See also: HIPAA Compliant Email: The Definitive Guide

FAQs

What is a business associate agreement?

A BAA is a legally binding contract establishing a relationship between a covered entity under the Health Insurance Portability and Accountability Act (HIPAA) and its business associates.

What is HIPAA?

HIPAA sets national standards for protecting the privacy and security of certain health information. HIPAA is designed to protect the privacy and security of individuals’ health information and to ensure that healthcare providers and insurers can securely exchange electronic health information.

Who does HIPAA apply to?

HIPAA applies to covered entities, which include healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.