Zoom helps customers enable HIPAA compliant programs by executing a Business Associate Agreement (BAA) and safeguarding protected health information (PHI). Zoom aligns its controls to the Healthcare Industry Trust Alliance Common Security Framework (HITRUST CSF). To provide our healthcare customers assurance over the controls we have in place to support HIPAA requirements, Zoom makes available a SOC 2 + HITRUST report, which aligns with AICPA Trust Services Principles and Criteria and the HITRUST CSF. For more information, please review our HIPAA Compliance Guide. Customers in Canada who are subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) and, locally, the Personal Health Information Protection Act (PHIPA) can review this PIPEDA/PHIPA Datasheet to understand how Zoom supports their data protection obligations.