Is Zoom® a HIPAA Compliant Telehealth Software?

Updated on April 3, 2023.

Over the past few years, the regulations around the use of video conferencing software for telehealth have expanded as the U.S. government sought to move an increasing number of doctor’s appointments online.

In early 2020, the Department of Health and Human Services (HHS) created new guidelines on HIPAA requirements and modified HIPAA’s Privacy Rule, which states that healthcare organizations must use only HIPAA compliant video conferencing methods for telehealth visits.

The announcement by the Office for Civil Rights was updated in 2022 to confirm that healthcare professionals could use video conferencing services normally not permitted under HIPAA, in the good faith provision of telehealth solutions during the COVID-19 public health emergency¹. However, despite the administration’s plans to terminate that period on May 11, 2023, the recent Consolidated Appropriations Act of 2023 extended many of the telehealth flexibilities authorized during the public emergency through December 31, 2024². For the moment, this change in policy allows the usage of video conferencing platforms such as Zoom® for telehealth purposes.

However, as many organizations have scrambled to find a secure and reliable telehealth software provider, they’ve been navigating confusing mixed messages around whether certain types of telehealth software – including major brands like Zoom® – are actually HIPAA compliant.

Recommended: Is Skype™ HIPAA Compliant?

Seeking a HIPAA Compliant Telehealth Software

The number of healthcare organizations utilizing video conferencing apps has soared over the past year. Between March and April 2020, Zoom® became one of the most popular choices for teleconferencing, registering a 535% increase in traffic³. Zoom® has maintained that they provide a HIPAA compliant telehealth software in Zoom® for Telehealth. This service claims to incorporate access and authentication controls secured with end-to-end encryption. Zoom® has also signed a HIPAA Business Associate Agreement (BAA).

Increased scrutiny on the platform in early 2020, however, sparked several security concerns, including a lack of end-to-end encryption for free users and the appearance of Zoom® account credentials for sale on the dark web. These raised questions about whether the platform truly was as compliant as it had claimed.

Recommended: Is Whatsapp® a HIPAA compliant telemedicine software?

When implementing HIPAA compliant video conferencing, providers must require patients to  complete necessary patient consent forms and agreements. Commonly used examples of these forms for online patient portal and telehealth platforms include:

Is Zoom® a HIPAA Compliant Video Conferencing Solution?

If healthcare providers want to ensure that patient privacy is respected, they should reconsider the use of Zoom®’s free version as a HIPAA compliant telehealth software. That said, Zoom® for Telehealth has recently increased its efforts to ensure HIPAA compliance, now enabling full end-to-end encryption of calls. This means that providers who desire fully HIPAA compliant video conferencing software can opt to integrate Zoom® for Telehealth into their existing digital suite while maintaining peace of mind about the safety and security of their patients’ clinical data.

Recommended: Is Apple FaceTime® a HIPAA Compliant Telehealth Software Platform

While Zoom® is not certified by the HHS, experts say this due more to the fact that the agency does not certify software solutions than any compliance issues with the software itself. In fact, Zoom® for Telehealth not only offers a BAA option but also meets a range of HIPAA security standards, including advanced encryption standards (AES). Under the HIPAA BAA agreement, Zoom® also allows healthcare workers to save clinical calls locally, while less sensitive data can be stored in its cloud. 

Recommended: Is Facebook Messenger™ a HIPAA Compliant Telemedicine Platform?

Zoom Telehealth™ is HIPAA-compliant, but it is best used as a communication tool within a fully developed telehealth platform that includes patient access to EHR, appointment scheduling, symptom reporting, medication management, and other functions. Bridge’s powerful telehealth solution is a fully HIPAA compliant part of a larger patient engagement platform that streamlines provider workflows and offers a seamless patient experience across the online care journey. Smooth EHR integrations, custom chat features, and the strongest security standards are just some of the reasons why healthcare organizations choose Bridge. Contact us to find out how we can help you manage your telehealth with better patient engagement tools. 

DISCLAIMER: All product and company names are trademarks™ or registered® trademarks of their respective holders. Bridge Patient Portal is not affiliated, endorsed, or sponsored in any way by the service providers mentioned in this article.

  1. Department For Health and Human Services. (2022). HIPAA flexibility for telehealth technology | Telehealth.HHS.gov. [online] Available at: https://telehealth.hhs.gov/providers/policy-changes-during-the-covid-19-public-health-emergency/hipaa-flexibility-for-telehealth-technology.
  2. US Congress. Consolidated Appropriations Act (2023). [online] Available at: https://www.congress.gov/117/bills/hr2617/BILLS-117hr2617enr.pdf.
  3. Winder, D. (2020). Zoom Isn’t Malware But Hackers Are Feeding That Narrative, And How: Zoom-Related Threats Up 2,000%. [online] Forbes. Available at: https://www.forbes.com/sites/daveywinder/2020/04/12/zoom-isnt-malware-but-hackers-are-feeding-that-narrative-and-how-zoom-related-threats-up-2000/?sh=2b644d001ae5.
  4. Scott I. (2020). Half a Million Zoom Accounts Compromised by Credential Stuffing, Sold on Dark Web. CPO Magazine. [online] Available at: https://www.cpomagazine.com/cyber-security/half-a-million-zoom-accounts-compromised-by-credential-stuffing-sold-on-dark-web/.