Is Zoom® a HIPAA Compliant Telehealth Software?
- Posted On April 10th
- In HIPAA
According to the Families First Coronavirus Response Act passed on March 18th, 2020, congress requires payers to cover telehealth visits (with health care providers) that relate to COVID-19 testing, treatment, and consultations during the public health emergency. Reimbursement for telehealth solutions during this time is being provided for all patients, not only those with Medicare. During the COVID-19 pandemic, many healthcare professionals are scrambling to find a HIPAA compliant telehealth software.
Seeking a HIPAA compliant telehealth software during COVID-19
HHS has created new guidelines on HIPAA requirements and modified HIPAA’s Privacy Rule, which stated that healthcare organizations must use only secure methods of communication for telehealth visits. The Office for Civil Rights said that videoconferencing services normally not permitted under HIPAA may now be used by healthcare professionals for the good faith provision of telehealth solutions. This change in policy allows video conferencing platforms such as Zoom® to be used during this time of crisis.
Recommended: Is Skype™ HIPAA Compliant?
The Coronavirus pandemic has resulted in an increase in healthcare organizations leveraging video conferencing apps. In the past month, Zoom® has become one of the most popular choices for teleconferencing, registering a 535% increase in traffic. Previously Zoom® has maintained that they provide a HIPAA compliant telehealth software: Zoom® for Telehealth. This service claims to incorporate access and authentication controls, HIPAA compliant messaging is secured with end-to-end encryption and Zoom® has signed a HIPAA Business Associate Agreement (BAA).
During the last few weeks, there have been several security concerns surrounding Zoom®. It has been reported that the company does not have end-to-end encryption as they previously claimed. This discovery makes Zoom® decidedly NOT HIPAA compliant.
Is Zoom® HIPAA compliant?
If healthcare providers want to ensure that patient privacy is respected, they should reconsider the use of Zoom® as a HIPAA compliant telehealth software. Aside from the lack of end-to-end encryption, additional security concerns include videoconference hijacking, user data being shared with third parties such as Facebook™, and lapses in security that make Zoom® vulnerable to cybercriminals and malware. While Zoom® is willing to sign a BAA, which is a crucial step towards achieving HIPAA-compliance, there are too many security issues preventing HIPAA-compliance. Until these issues are fully resolved, we do not recommend Zoom® as a HIPAA compliant telehealth software.
DISCLAIMER: All product and company names are trademarks™ or registered® trademarks of their respective holders. Bridge Patient Portal is not affiliated, endorsed, or sponsored in any way to the service providers mentioned in this article.