Updated on March 2, 2021.
Over the past year or so, the regulations around the use of videoconferencing software for telehealth have been liberalized as the U.S. government sought to move an increasing number of doctor’s appointments online. In early 2020, The Department of Health and Human Services (HHS) created new guidelines[¹] on HIPAA requirements and modified HIPAA’s Privacy Rule, which stated that healthcare organizations must use only HIPAA compliant video conferencing methods for telehealth visits. The Office for Civil Rights said that healthcare professionals could use videoconferencing services normally not permitted under HIPAA for the good faith provision of telehealth solutions for the duration of the COVID-19 public health emergency. This change in policy has allowed video conferencing platforms such as Zoom® to be used for telehealth purposes.
However, as many organizations have scrambled to find a secure and reliable telehealth software provider, they have had to navigate confusing mixed messages around whether certain types of telehealth software – including major brands like Zoom® – are actually HIPAA compliant.
Recommended: Is Skype™ HIPAA Compliant?
Seeking a HIPAA compliant telehealth software
Over the past year, there has been a significant increase in the number of healthcare organizations leveraging video conferencing apps. Between March and April 2020, Zoom® became one of the most popular choices for teleconferencing, registering a 535% increase in traffic[²]. Previously Zoom® has maintained that they provide a HIPAA compliant telehealth software: Zoom® for Telehealth. This service claims to incorporate access, and authentication controls, secured with end-to-end encryption, and Zoom® has signed a HIPAA Business Associate Agreement (BAA).
With increased scrutiny on the platform, however, several security concerns – including a lack of end-to-end encryption for free users, and Zoom® account credentials appearing for sale on the dark web[³] – emerged in the early months of 2020, raising questions about whether the platform truly was as compliant as it had claimed.
When implementing HIPAA compliant video conferencing patients should also be required to complete necessary patient consent forms and agreements. Commonly used consent forms and agreements for online patient portal and telehealth platforms, include:
Is Zoom® HIPAA compliant video conferencing solution?
If healthcare providers want to ensure that patient privacy is respected, they should reconsider the use of the free-to-use version of Zoom® as a HIPAA compliant telehealth software. That said, since the start of 2020, Zoom’s® specialized ‘Zoom® for Telehealth’ service has gone much further in ensuring HIPAA compliance and now enables full end-to-end encryption of calls. This means that telehealth providers who wish to use secure and fully HIPAA compliant video conferencing software can opt to integrate Zoom® for Telehealth into their existing digital suite and still have peace of mind about their patients’ safety and security of clinical data.
While Zoom® is not certified by the HSS, experts say this is more due to the fact that HSS does not certify software solutions than any compliance issues with the software itself. In fact, Zoom® for Telehealth not only offers a BAA option but also meets a range of HIPAA security standards, including the use of advanced encryption standards (AES). Under the HIPAA BAA agreement, the software provider also allows healthcare workers to save clinical calls locally, while less sensitive data can be saved on Zoom’s® cloud.
DISCLAIMER: All product and company names are trademarks™ or registered® trademarks of their respective holders. Bridge Patient Portal is not affiliated, endorsed, or sponsored in any way to the service providers mentioned in this article.
- Winder, D. (n.d.). Zoom Isn’t Malware But Hackers Are Feeding That Narrative, And How: Zoom-Related Threats Up 2,000%. [online] Forbes. Available at: https://www.forbes.com/sites/daveywinder/2020/04/12/zoom-isnt-malware-but-hackers-are-feeding-that-narrative-and-how-zoom-related-threats-up-2000/?sh=2b644d001ae5
- CPO Magazine. (2020). Half a Million Zoom Accounts Compromised by Credential Stuffing, Sold on Dark Web. [online] Available at: https://www.cpomagazine.com/cyber-security/half-a-million-zoom-accounts-compromised-by-credential-stuffing-sold-on-dark-web/.