SOLUTIONS

For IT & Collaboration Owners
Deliver safe, secure collaboration while satisfying the needs of stakeholders across the business

For Security
Improve your risk posture with a purpose-built solution for collaboration

For Legal
Scale, orchestrate and streamline your eDiscovery process for employee collaboration
For Compliance
Establish a proactive approach to collaboration compliance and information governance


For Employee Experience
Harness insights from surveys and collaboration data to transform the employee experience

AWR-2023_human-behavior-risk-analysis-report_cover art_small
Download the Resource

The Human Behavior Risk Analysis

Learn More →

Integrations

Connect Aware to the tools you already use to have all your company messaging in one place.

LEARN MORE →
Our Platform

Contextual Intelligence Platform

Aware is a contextual intelligence platform that identifies and reduces risk, strengthens security and compliance, and uncovers real-time business insights from digital conversations at scale.

LEARN MORE → Learn About our AI →
Our Applications
Flashlight

Signal

Protect your data and your people with complete, real-time visibility and centralized control of collaboration.

Learn More →
Chat_Search

Data Management

Take centralized control and make smarter decisions about what to keep and what to purge.

Learn More →
file_lock

Search & Discover

AI-powered universal search purpose-built for collaboration. Find information and surfaces the full story—faster.

Learn More →
Growth

Spotlight

Automatically capture authentic human signals from modern collaboration to support your most valuable asset.

Learn More →
AWR-2022-HBRA-LandingPage-Visual

What's in your data?

Calculate my results →

Company

About Aware

Our leadership, our company

Careers

Explore open roles with our remote-friendly, global team

Partners

Driving customer value, together

Press Releases

Digital workplace news and insights

Customers

How Aware customers streamline operations, reduce risk, and boost productivity

Security

Data security partners & certifications

Contact

Get in touch with us

Aware-BPW-Company-Nav

10 Reasons Why Aware is a Top Place to Work

Learn more →

Resources

Access reports, webinars, checklists and more.

Explore →

Blog

Explore articles devoted to enterprise collaboration, employee engagement, research & more

Explore →
Case Study Promo_2023

How Aware customers streamline operations, reduce risk, and boost productivity

Read More →
Menu

Is Zoom HIPAA Compliant?

by Aware

Zoom is a cloud-based video conferencing platform and instant messaging software used by businesses of all sizes in all industries to bring teams together and collaborate faster and more effectively in the workplace. However, Zoom users in highly regulated industries like healthcare must abide by government legislation such as HIPAA. Healthcare providers must take additional steps when using Zoom to ensure they are doing so in a HIPAA-compliant way. 

Is Zoom HIPAA Compliant — Table of Contents

  1. What is Zoom?
  2. What is Zoom Team Chat? 
  3. What is HIPAA? 
  4. Best practices for HIPAA compliance
  5. Is Zoom HIPAA compliant in 2023? 
  6. What is Zoom for Healthcare? 
  7. Why is Zoom not HIPAA compliant in all cases? 
  8. Is Zoom HIPAA compliant with a BAA? 
  9. What Zoom plan is HIPAA compliant? 
  10. How to make Zoom calls and meetings HIPAA compliant 
  11. What other steps are required to make Zoom HIPAA compliant? 
  12. Are Zoom transcriptions HIPAA compliant? 
  13. How does Aware support HIPAA compliance in Zoom Team Chat? 

What is Zoom? 

A popular video conferencing tool, Zoom allows users (with or without a Zoom account) to conduct virtual meetings participants from all over the world. Zoom is a popular platform for business use and became hugely popular when employees were forced to work remotely during the pandemic. Zoom provides real-time video and chat and includes features such as screen sharing, webinar hosting, automatic transcriptions and more. Zoom is available for almost all devices and operating systems. 

Aware-Zoom-ProductLaunch-BlogOG-1

Learn how Aware supports HIPAA compliance and more in Zoom Team Chat.

What is Zoom Team Chat? 

Zoom Team Chat is a messaging feature in the Zoom video conferencing platform that allows users to send text-based messages during a Zoom meeting or outside of a meeting. This enables real-time communication between team members, whether they're in the same physical location or remote. With Zoom Team Chat, users can share ideas, files, and links, and collaborate on projects in a streamlined way across private and group messages and public channels organized by topic. 

What is HIPAA? 

Under American law, sensitive information about your health and medical treatment is protected by The Health Insurance Portability and Accountability Act (HIPAA). This Act creates national standards for controlling protected health information (PHI) and electronic PHI (ePHI). HIPAA covered entities, such as healthcare providers, must follow a strict set of standards to ensure that the PHI they handle is not unlawfully accessed or exfiltrated.  

Best practices for HIPAA compliance

HIPAA compliance best practices infographic
HIPAA compliance best practices infographic
HIPAA compliance best practices infographic
HIPAA compliance best practices infographic
HIPAA compliance best practices infographic
HIPAA compliance best practices infographic
HIPAA compliance best practices infographic

Is Zoom HIPAA compliant in 2023? 

Zoom's standard service does not meet the requirements of HIPAA, so healthcare organizations should use the dedicated Zoom for Healthcare service, especially when providing telehealth services. Zoom for Healthcare is purpose-built to meet the security and privacy standards required by HIPAA by safeguarding the protected health information (PHI) shared within Zoom meetings. However, because Zoom technology is not certifiable by either the Office of the National Coordinator for Health Information Technology or the National Institute of Standards and Technology, Zoom is not officially HIPAA certified. 

Aware-InfoGov-Checklist-OGsocial

Are your collaboration tools like Zoom, Slack, and Microsoft Teams secure? Find out with our quick checklist.

What is Zoom for Healthcare? 

Zoom has a specific service, called Zoom for Healthcare, which is designed to meet the requirements of HIPAA. This service includes features such as end-to-end encryption, access controls, and secure messaging, which can help to protect the confidentiality, integrity, and availability of patient information. 

Why is Zoom not HIPAA compliant in all cases? 

HIPAA is a series of data protection standards that apply to protected health information (PHI). Because this data is confidential, it requires more secure and considered treatment than other, less sensitive types of data. 

Zoom was designed to make communication and information sharing faster and easier. Adhering to strict data security regulations in all instances would make Zoom harder to use, ultimately defeating its primary purpose in the marketplace. Therefore, tools like Zoom are not HIPAA compliant as standard, but have the capability to be used in a HIPAA compliant way. 

Is Zoom HIPAA compliant with a BAA? 

When doing business, organizations covered under the HIPAA Privacy Rule, such as healthcare providers, must ensure their partners, associates, and contractors also safeguard any PHI data they handle. A HIPAA Business Associate Agreement (BAA) is a legal agreement that outlines the precautions each party will take to protect PHI and keep that information secure. Zoom will enter into BAAs with Zoom for Healthcare users or those on Zoom paid plans. This is an important step for any covered entity to comply with HIPAA while using Zoom. 

Aware-Gartner-DWS-Session-OGsocial

Do more with collaboration tools like Zoom, Slack, and Microsoft Teams. Watch the webinar to learn more.

What Zoom plan is HIPAA compliant? 

To protect PHI, healthcare providers should use the Zoom for Healthcare plan for telehealth, patient consultations, and other web conferencing needs where PHI could be shared. Other versions of Zoom, such as Zoom Pro, and bundles like Zoom One, can be used in ways that comply with HIPAA regulations but may not contain all the necessary features to ensure data privacy. Zoom Basic, the free Zoom plan, is not HIPAA compliant because it does not allow users to enter into a BAA with Zoom. 

How to make Zoom calls and meetings HIPAA compliant 

HIPAA compliance involves securing PHI data. Therefore, following general data security best practices can help a company to use Zoom in a way that complies with HIPAA regulations. Some examples of how to protect PHI and sensitive data in Zoom meetings includes: 

  • Always using a meeting passcode, even when using your Personal Meeting ID 
  • Approve and admit participants individually using the Waiting Room feature 
  • Restrict meeting participants to signed-in accounts or users from specific domains 
  • Lock meetings to prevent users from joining after the start time 
  • Disable screen sharing and recording features for meeting participants 

In many instances, account owners can automatically enable these settings for all users, so you can ensure employees always follow best information security best practices while using Zoom. 

Aware integration for Zoom Team Chat

What other steps are required to make Zoom HIPAA compliant? 

Zoom can be HIPAA compliant for telemedicine if certain security and privacy measures are implemented. Some of the security features included in Zoom for Healthcare that make it HIPAA compliant include: 

  1. End-to-end encryption: Zoom for Healthcare provides end-to-end encryption for all video calls, audio, and chat content to protect the confidentiality of patient information.
  2. Access controls: Zoom for Healthcare allows users to restrict access to meetings and control who can join, share content, and participate in the meeting.
  3. Secure messaging: Zoom for Healthcare provides secure messaging to allow healthcare providers to communicate with patients and other healthcare professionals while protecting the privacy of patient information.
  4. Signed Business Associate Agreement (BAA): Zoom for Healthcare provides a signed Business Associate Agreement (BAA) that outlines the responsibilities and obligations of Zoom as a HIPAA business associate. 

To ensure that Zoom is fully HIPAA compliant, organizations should also implement additional security measures, such as setting up strong passwords, configuring two-factor authentication, and training employees on HIPAA compliance. 

Are Zoom transcriptions HIPAA compliant? 

Zoom offers Business, Education, and Enterprise license customers the ability to generate live audio transcriptions of meetings. These are machine-generated transcriptions using speech-to-text software and have varying degrees of accuracy depending on audio quality, speaker accents, background noise, and complexity of language used. For Zoom for Healthcare users, live transcriptions can be helpful when speaking with patients who are deaf or hard of hearing. Zoom for Healthcare users also have the ability to download an audio transcript and save it to their patient’s electronic health records. 

Any user within the Zoom call can save the written transcription unless this feature is disabled by the meeting host. This can compromise PHI data if the file is not saved in a secure repository and should be considered before users generate a transcription using Zoom. 

Zoom_Aware-partner-horizontal

How does Aware support HIPAA compliance in Zoom Team Chat? 

Aware collaboration intelligence platform connects with Zoom Team Chat to automatically flag data security risks in real time. 

  • Comprehensive privacy and compliance features  
  • Strict role-based access controls (RBAC) 
  • Granular retention policies for data regulation 
  • Real-time compliance adherence and risk detection 

Using Aware, healthcare organizations can safeguard PHI through robust compliance adherence workflows backed by industry-leading natural language processing (NLP). Administrators can customize permissions for their organization to target restricted information for more accurate results and fewer false positives, making HIPAA compliance faster and easier to implement and maintain in Zoom Team Chat.  

Aware also supports advanced federated search capabilities to identify sensitive information within Zoom Team Chat by a wide range of parameters, including regular expression (regex), keyword, custodian, date/time, sentiment and more. This supports faster, more efficient internal investigations, security incident responses, and freedom of information inquiries. 

With Aware, healthcare organizations can support HIPAA-compliant data management policies in Zoom Team Chat in conjunction with native Zoom HIPAA capabilities and internal policies and procedures. 

zoom-aware-integration-card

Learn more about how Aware supports HIPAA compliance for Zoom.

 

Topics:Compliance AdherenceEnterprise CollaborationZoom Team Chat App