More vendors, customers, and prospects are asking about HIPAA compliant services. Many healthcare professionals are considering Zoom, the popular web conferencing application. But is Zoom HIPAA compliant?
The HIPAA industry is vast. With that said, we can empathize just how many healthcare providers need to use cloud services in this sector.
We wondered if Zoom is HIPAA compliant since Paubox is a business associate to thousands of customers. Let’s find out!
Zoom in healthcare
Zoom was founded in 2011 by engineers from Cisco Systems and its collaboration business unit, WebEx. The service launched in January 2013 and by May 2013, it claimed one million participants. The service has taken off since then. Even Paubox is a proud and happy Zoom customer today.
In 2020, Zoom gained even more traction during the COVID-19 pandemic. Many healthcare providers resorted to telehealth to communicate with patients.
Zoom is a go-to option for conferencing online, but it was not originally designed for healthcare. That said, Zoom has made progress to move into the medical industry with various services.
Read full article: HIPAA Breaches and Cloud Providers
What can make Zoom HIPAA compliant?
There are many factors that must be checked to deem a software HIPAA compliant. First, let’s determine if Zoom can be a business associate to a healthcare provider.
What is a business associate?
In a nutshell, the role of a business associate is to help covered entities comply with the HIPAA Privacy Rule.
Read full article: What Does it Mean to be a Business Associate?
Next, let’s check the business associate agreement.
Business associate agreement provisions
If a business associate provides services to a covered entity, then a business associate agreement (BAA) must be in place.
A BAA is a written contract between a covered entity and a business associate. HIPAA compliance regulations require a BAA by law.
A business associate agreement contains 10 provisions at a minimum.
Read full article: Business Associate Agreement Provisions
Zoom and the business associate agreement
As you now know, Zoom must provide a BAA to be HIPAA compliant.
We checked Zoom’s site and found a blog post from 20 April 2017 titled, “Introducing Zoom for Telehealth.”
The post appears to be Zoom’s initial public announcement on its HIPAA compliant offerings. It also references Zoom for Telehealth.
The Zoom for Telehealth page mentions that:
“Signed Business Associate Agreement available to Zoom for Telehealth customers.”
Then, we found this FAQ article about Zoom and HIPAA Compliance.
The article indicates that Zoom can become HIPAA compliant. However, there are some important settings to be aware of, and you must make sure you sign a BAA with the company.
Does Zoom offer HIPAA compliant services for healthcare?
Zoom’s popular free plan is not HIPAA compliant out of the box. However, we quickly found information on Zoom’s website that they do in fact offer HIPAA compliant services and plans—for example, Zoom for Telehealth.
This healthcare-specific plan was made for medical professionals in order to offer telehealth in a protected environment.
Conclusion: Can I use Zoom and be HIPAA compliant?
Yes! Zoom can be HIPAA compliant, but only if it is configured to be.
If you are considering using Zoom just make sure to sign a business associate agreement with them. Also, consider Zoom for Telehealth to ensure you and your business remain protected.