No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Zoom HIPAA Compliance: What You Need to Know

Ensuring Compliance in the Age of Telehealth

by Scott McVeigh
October 6, 2020
in Compliance, Featured
Zoom HIPAA Compliance: What You Need to Know

Sponsored

The details surrounding Zoom HIPAA compliance aren’t as simple as you’d think. Onna’s Scott McVeigh discusses what organizations should know about the platform powering telehealth visits across the nation.

Like many pandemic-induced virtual trends, telehealth continues to break into the mainstream at a rapid pace. The “anytime, anywhere” doctor visits appeal to many across the U.S., with reports of virtual patient interaction climbing from 1 percent to 51 percent this year alone. Zoom, the video communications platform that powers remote operations for schools, financial institutions, government bodies and more, also takes a seat at the health care table.

As more health care providers open virtual consultations on Zoom, questions surrounding Zoom HIPAA compliance have increased. Many legal professionals are struggling to clarify: What makes HIPAA-compliant videoconferencing? And if telehealth is here to stay, how can we ensure our medical information is private and secure as it expands to more “every day” technologies like Zoom? Here, I attempt to answer these questions as I break down how Zoom HIPAA compliance is being validated in our increasingly virtual world.

How has Zoom HIPAA compliance changed amid the pandemic?

Before the pandemic touched down in the U.S., telehealth presence existed but remained low due to a lack of equal coverage across insurers and states. When the country went into a state of emergency, however, federal and state bodies adjusted policies around telehealth to make it more widely available. One of these adjustments was made by the Department of Health & Human Services (HHS), which waived penalties associated with HIPAA violations for health care providers that serve patients in good faith through “everyday non-public facing communications technologies.” This meant that a doctor could now treat patients via Skype, Facetime, Google Hangouts, Facebook Video Messenger or Zoom, without fear of expensive fines and penalties.

The problem? The risk of protected health information (PHI) being accessed or shared among third-party applications became very real, very fast. Although the HHS encouraged providers to enable all encryption and privacy settings, there was no way to enforce this. The next best thing the HHS did was list HIPAA-compliant video communication products that also offer a business associate agreement (BAA) to ensure patient data is safeguarded. Although the HSS does not “endorse, certify or recommend” any of the technology vendors on this list, Zoom for Healthcare was considered HIPAA compliant under these new conditions.

What is Zoom for Healthcare?

Zoom for Healthcare is Zoom’s video conferencing solution for telehealth. Through high-quality video, audio, screen sharing, co-annotation and integrations with EEHR and other medical devices, physicians can connect with their patients in a seamless, intraoperative way. Zoom for Healthcare is also the only solution on the market that allows multiple members on the call in a HIPAA-compliant setting, making it an alluring choice for teams who have collaborative workflows, require ongoing training of their staff or need to meet with patients’ family members. When it comes to Zoom HIPAA compliance, Zoom for Healthcare is the only solution that falls within requirements.

Read: More HIPAA-Related Coverage

How is Zoom for Healthcare HIPAA compliant?

You might be wondering, how is Zoom HIPAA compliance valid if the HSS doesn’t certify it? According to the HSS and the Office of the National Coordinator for Health and Technology, Zoom is part of a category that falls outside of their jurisdiction. As of right now, these groups don’t certify “software or off-the-shelf products” nor accredit independent agencies to do HIPAA certifications. Additionally, they state that the HITECH Act only provides for testing and certification of electronic health records (EHR) programs and modules. So, for what it’s worth, they don’t give new technologies much of a chance to be assessed for certification.

Even though it doesn’t have an official stamp of approval, Zoom for Healthcare meets general H IPAA security standards and offers a BAA option. Additionally, the security behind Zoom for Healthcare was architected so that Zoom does not have access to PHI, even though it transmits it. This model, also known as the “conduit exception,” is what makes Zoom HIPAA compliance a reality. Zoom turns on mandatory settings to all health care accounts, which they claim “nearly eliminates their ability to transmit PHI to Zoom” and protects all video, chat and screen-sharing data in transit and at rest through industry-standard advanced encryption standards (AES). For more specifics on Zoom’s security and privacy features, head here, but for more on Zoom HIPAA compliance, keep reading.

Can you save recorded sessions without breaking Zoom HIPAA compliance?

Yes — recorded Zoom meetings can be saved for review without breaking HIPAA requirements. Zoom enables health care accounts to save all clinical recordings locally under the HIPAA BAA agreement and anything nonclinical in Zoom’s cloud. Whether you want to retrieve Zoom meeting recordings or access transcripts on those Zoom meetings, account admins can be sure their data is safe with Zoom’s storage and security features. However, if you find yourself recording a lot or almost all of your Zoom meetings, you may want to implement a Zoom e-discovery solution to find the data you need when you need it. Especially if a patient or ex-colleague wants their data deleted from your database in the future, it’s in your best interest to have a solution that can find it quickly and show proof of its deletion.

The Future of Telehealth

Will HIPAA-compliant videoconferencing be the same tomorrow as it is today? Will Zoom HIPAA compliance last or be subject to change? Although the answers to these questions remain unknown, what we do know is that telehealth has proved paramount to our safety during the pandemic, and the benefit of personalized remote care is something many don’t want to let go of.

Ensuring that people’s PHI is secure, private and discoverable should be the priority of health care providers as they embark on these new options. Although Zoom HIPAA compliance is the subject called into question here, all videoconferencing platforms have a lot to think about as virtual medical visits gain popularity. By working with vendors like Zoom to implement stronger security, privacy and e-discovery solutions, physicians and patients alike can feel better knowing their data is safe and controlled in our virtual world.

About Onna

Onna is a knowledge integration platform that unlocks enterprise knowledge from today’s most popular workplace applications. We help businesses automate information governance, e-discovery, compliance and more by centralizing fragmented knowledge from any number of our turnkey integrations, like Slack, G Suite, Microsoft 365 and more. Once an organization’s tech stack is connected to Onna, teams can unify, search, protect, automate and build on top of their proprietary knowledge to leverage it in new and intuitive ways.


Tags: Health CareHIPAATechnology
Previous Post

4 Forecasted Trends for 2021 Security and Compliance Strategies

Next Post

Internal Investigations: Managing Mobile Device Data in the Age of COVID

Scott McVeigh

Scott McVeigh

Scott McVeigh is the Industry Principal at Onna. For over 24 years he has been providing information governance strategies and technology implementations, both as a consultant and in-house roles. His background includes significant project and programmatic work on records management, e-discovery and information privacy for large enterprises and government clients globally. Onna integrates workplace knowledge platforms together, allowing anyone to unify, protect, search, automate and build on top of an organization’s proprietary knowledge. Onna uses machine learning to help companies discover smarter and can help power data-led automation on issues from compliance to HR. Scott received his Bachelor of Arts from Marist College in Poughkeepsie, NY. He and his foxhound mix dog Luna can be found walking the state parks of New Jersey.

Related Posts

surgery

Healthcare Price Transparency and Its Market Impact: Where Are We Now and What’s Next?

by Christina Steiner
January 18, 2023

Calls for shedding light on price variability, coupled with an industry that is increasingly consumer-focused, is driving greater examination of...

Creating Effective Compliance Training

Creating Effective Compliance Training

by Aarti Maharaj
November 7, 2022

Build and sustain an effective compliance and ethics training program. Need some guidance on developing and managing your organization’s compliance...

regulatory storm

The Regulatory Storm Is Coming. Compliance Can Help Tech Leaders Batten Down the Hatches

by Stuart Breslow
September 14, 2022

The “move fast and break things” mentality that serves tech entrepreneurs well when they’re getting their companies off the ground...

people waiting in covid line

Did Covid Lead to a Lower HIPAA Fine?

by Rodney King
August 17, 2022

Eye-popping fines over violations of the right of access portion of the federal HIPAA healthcare law aren’t exactly common, and...

Next Post
man holding mobile phone against grassy backdrop

Internal Investigations: Managing Mobile Device Data in the Age of COVID

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT