Tuesday, January 26, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Zoom HIPAA Compliance: What You Need to Know

Ensuring Compliance in the Age of Telehealth

by Scott McVeigh
October 6, 2020
in Compliance, Featured
Zoom HIPAA Compliance: What You Need to Know

Sponsored

The details surrounding Zoom HIPAA compliance aren’t as simple as you’d think. Onna’s Scott McVeigh discusses what organizations should know about the platform powering telehealth visits across the nation.

Like many pandemic-induced virtual trends, telehealth continues to break into the mainstream at a rapid pace. The “anytime, anywhere” doctor visits appeal to many across the U.S., with reports of virtual patient interaction climbing from 1 percent to 51 percent this year alone. Zoom, the video communications platform that powers remote operations for schools, financial institutions, government bodies and more, also takes a seat at the health care table.

As more health care providers open virtual consultations on Zoom, questions surrounding Zoom HIPAA compliance have increased. Many legal professionals are struggling to clarify: What makes HIPAA-compliant videoconferencing? And if telehealth is here to stay, how can we ensure our medical information is private and secure as it expands to more “every day” technologies like Zoom? Here, I attempt to answer these questions as I break down how Zoom HIPAA compliance is being validated in our increasingly virtual world.

How has Zoom HIPAA compliance changed amid the pandemic?

Before the pandemic touched down in the U.S., telehealth presence existed but remained low due to a lack of equal coverage across insurers and states. When the country went into a state of emergency, however, federal and state bodies adjusted policies around telehealth to make it more widely available. One of these adjustments was made by the Department of Health & Human Services (HHS), which waived penalties associated with HIPAA violations for health care providers that serve patients in good faith through “everyday non-public facing communications technologies.” This meant that a doctor could now treat patients via Skype, Facetime, Google Hangouts, Facebook Video Messenger or Zoom, without fear of expensive fines and penalties.

The problem? The risk of protected health information (PHI) being accessed or shared among third-party applications became very real, very fast. Although the HHS encouraged providers to enable all encryption and privacy settings, there was no way to enforce this. The next best thing the HHS did was list HIPAA-compliant video communication products that also offer a business associate agreement (BAA) to ensure patient data is safeguarded. Although the HSS does not “endorse, certify or recommend” any of the technology vendors on this list, Zoom for Healthcare was considered HIPAA compliant under these new conditions.

What is Zoom for Healthcare?

Zoom for Healthcare is Zoom’s video conferencing solution for telehealth. Through high-quality video, audio, screen sharing, co-annotation and integrations with EEHR and other medical devices, physicians can connect with their patients in a seamless, intraoperative way. Zoom for Healthcare is also the only solution on the market that allows multiple members on the call in a HIPAA-compliant setting, making it an alluring choice for teams who have collaborative workflows, require ongoing training of their staff or need to meet with patients’ family members. When it comes to Zoom HIPAA compliance, Zoom for Healthcare is the only solution that falls within requirements.

How is Zoom for Healthcare HIPAA compliant?

You might be wondering, how is Zoom HIPAA compliance valid if the HSS doesn’t certify it? According to the HSS and the Office of the National Coordinator for Health and Technology, Zoom is part of a category that falls outside of their jurisdiction. As of right now, these groups don’t certify “software or off-the-shelf products” nor accredit independent agencies to do HIPAA certifications. Additionally, they state that the HITECH Act only provides for testing and certification of electronic health records (EHR) programs and modules. So, for what it’s worth, they don’t give new technologies much of a chance to be assessed for certification.

Even though it doesn’t have an official stamp of approval, Zoom for Healthcare meets general H IPAA security standards and offers a BAA option. Additionally, the security behind Zoom for Healthcare was architected so that Zoom does not have access to PHI, even though it transmits it. This model, also known as the “conduit exception,” is what makes Zoom HIPAA compliance a reality. Zoom turns on mandatory settings to all health care accounts, which they claim “nearly eliminates their ability to transmit PHI to Zoom” and protects all video, chat and screen-sharing data in transit and at rest through industry-standard advanced encryption standards (AES). For more specifics on Zoom’s security and privacy features, head here, but for more on Zoom HIPAA compliance, keep reading.

Can you save recorded sessions without breaking Zoom HIPAA compliance?

Yes — recorded Zoom meetings can be saved for review without breaking HIPAA requirements. Zoom enables health care accounts to save all clinical recordings locally under the HIPAA BAA agreement and anything nonclinical in Zoom’s cloud. Whether you want to retrieve Zoom meeting recordings or access transcripts on those Zoom meetings, account admins can be sure their data is safe with Zoom’s storage and security features. However, if you find yourself recording a lot or almost all of your Zoom meetings, you may want to implement a Zoom e-discovery solution to find the data you need when you need it. Especially if a patient or ex-colleague wants their data deleted from your database in the future, it’s in your best interest to have a solution that can find it quickly and show proof of its deletion.

The Future of Telehealth

Will HIPAA-compliant videoconferencing be the same tomorrow as it is today? Will Zoom HIPAA compliance last or be subject to change? Although the answers to these questions remain unknown, what we do know is that telehealth has proved paramount to our safety during the pandemic, and the benefit of personalized remote care is something many don’t want to let go of.

Ensuring that people’s PHI is secure, private and discoverable should be the priority of health care providers as they embark on these new options. Although Zoom HIPAA compliance is the subject called into question here, all videoconferencing platforms have a lot to think about as virtual medical visits gain popularity. By working with vendors like Zoom to implement stronger security, privacy and e-discovery solutions, physicians and patients alike can feel better knowing their data is safe and controlled in our virtual world.

About Onna

Onna is a knowledge integration platform that unlocks enterprise knowledge from today’s most popular workplace applications. We help businesses automate information governance, e-discovery, compliance and more by centralizing fragmented knowledge from any number of our turnkey integrations, like Slack, G Suite, Microsoft 365 and more. Once an organization’s tech stack is connected to Onna, teams can unify, search, protect, automate and build on top of their proprietary knowledge to leverage it in new and intuitive ways.


Tags: health careHIPAAtechnology
Previous Post

4 Forecasted Trends for 2021 Security and Compliance Strategies

Next Post

Internal Investigations: Managing Mobile Device Data in the Age of COVID

Scott McVeigh

Scott McVeigh is the Senior Solutions Consultant at Onna, a Knowledge Integration Platform on a mission to make enterprise information accessible, useful and private. Onna currently integrates with over 30 of today’s most popular applications and helps companies with compliance, information governance, e-discovery and more. Scott has over 15 years of experience in the Information Governance space, and was previously the VP of Service Delivery at Deloitte.

Related Posts

digital cybersecurity and network protection

Vetting Vendors’ Cybersecurity

January 26, 2021
illustration of man on ladder with binoculars, 2021 outlook concept

Financial Services Compliance in 2021

January 25, 2021
illustration of mafia man in silhouette with red tie

The Mafia’s Jackpot: How Criminal Organizations are Profiting from COVID-19

January 22, 2021
illustration of videoconference, screen and speech bubbles

New Risks as COVID-19 Forces Rapid Technology Adoption

January 21, 2021
Next Post
man holding mobile phone against grassy backdrop

Internal Investigations: Managing Mobile Device Data in the Age of COVID

Access realtime data
Dynamic Risk Assessments with Workiva

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security internal audit KYC/know your customer machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights