Creating the future of healthcare collaboration for patients and providers
Zoom for Healthcare enables healthcare organizations to deliver seamless experiences across the patient journey and enhance collaboration among providers.
Updated on March 02, 2023
Published on October 05, 2022
Whether you’re conducting telehealth appointments or connecting medical communities virtually, your patients’ digital privacy is an essential component of effective care. If personal health information is somehow compromised, it can not only impair patient trust but also risk noncompliance with important regulations like the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
At Zoom, we know that security and privacy are fundamental to a successful healthcare organization, which is why we’re equipping providers with features that help safeguard the exchange of important information via Zoom.
Here are some of those features, along with a few measures we’ve taken to help you address relevant compliance requirements.
Tailored encryption options
Advanced chat encryption for Team Chat: When advanced chat encryption is enabled, chat content is encrypted using keys generated and known only by participants' devices and is additionally encrypted while in transit over the public internet using Transport Layer Security (TLS). When advanced chat encryption is enabled, you won’t be able to use a few chat features.
Authenticated login: We offer single sign-on (SSO), a feature that facilitates a safe and quick process for signing in to your Zoom account. SSO helps add an extra layer of security, especially if your doctors need to hit the road and are no longer on your network. If you cannot use SSO, we recommend enabling two-factor authentication (2FA). You can also log in via an OAuth process, which allows you to approve one application — Google or Facebook — to interact with Zoom on your behalf so you don’t have to manually enter a password.
Required meeting passcodes: Account owners and admins can configure required passcodes at the individual meeting level or at the user, group, or account level for all meetings and webinars, which can be shared with patients to join a telehealth session for an added layer of security.
HIPAA: Whether you’re a solo practitioner, small clinic, or enterprise health system, Zoom helps enable a customer’s HIPAA compliance program by securing protected health information (PHI) and executing a Business Associate Agreement (BAA).
PIPEDA/PHIPA: We help enable compliance with Canadian Data Protection regulations, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and, locally, the Personal Health Information Protection Act (PHIPA).
SOC 2 + HITRUST: Zoom has expanded the scope of its SOC 2 Type II report to include additional criteria to meet Health Information Trust Alliance Common Security Framework (HITRUST CSF) control requirements. HITRUST is a security framework that leverages nationally and internationally accepted standards and regulations such as GDPR, ISO, NIST, PCI, and HIPAA. This attestation applies to Zoom Meetings, Zoom Phone, Zoom Team Chat, Zoom Rooms, and Zoom Webinars.
A patient’s consultation with their doctor should be stress-free, and using a video communications platform to do so should only help improve the experience.
By adhering to relevant standards and offering these security features, we strive to offer an experience characterized by ease of use, safety, and trust, empowering you to safely exchange and store valuable health information via our platform.
We’re committed to being a platform you can trust — with your patient interactions, important information, and communications within your healthcare organization.
To learn more about Zoom’s approach to privacy, explore our Trust Center.