Your patients’ digital privacy is one of the most important components of ensuring that your practice offers effective care, whether you are conducting telehealth appointments or connecting medical communities virtually. In the event that personal health information is somehow compromised, it can have a detrimental impact on the trust between patients, as well as putting them at risk of non-compliance with significant regulatory provisions such as HIPAA (Health Insurance Portability and Accountability Act of 1996).

In our opinion, security and privacy are one of the most crucial aspects for a successful healthcare organization, so we are equipping our providers with features that help safeguard the exchange of private and critical information via Zoom.

We have listed a few of these features along with some of the measures we have taken to make sure you are in compliance with the relevant laws.

Key security features

Tailored encryption options 

• 256-bit AES-GCM encryption: As a standard, Zoom Meetings, Zoom Webinars, Zoom Rooms, Zoom Contact Center, and Zoom Phone data that is transferred over the internet are encrypted using AES-GCM 256-bit encryption, which is our standard in regards to ensuring real-time audio, video, and shared content are protected.

• End-to-end encryption (E2EE) for Zoom Meetings: This feature enables you to encrypt communication between authenticated meeting participants using the Zoom client using 256-bit AES-GCM encryption through the use of the Zoom client when enabled. However, only the devices of the participants who are authenticated for the meeting are aware of the cryptographic keys that are used for E2EE meetings. Certain features cannot be enabled in meetings if E2EE is enabled.

• E2EE for Zoom Phone: This is an option you have available to you if you want to enable E2EE when making one-to-one Zoom Phone calls within the Zoom account between two users who share the same Zoom account. It is possible to elevate a phone call from an end-to-end encrypted session while on a call by clicking the “More” button while on a call. As soon as E2EE is enabled, it guarantees that the call will be encrypted using cryptographic keys that are known only to those devices belonging to the caller and the callee. A unique security code can be provided by the users to each other in order to verify that they are operating in the E2EE mode. Certain Zoom Phone features are not available during an E2EE Zoom Phone call.

Advanced chat encryption for Team Chat:

With advanced chat encryption enabled, the chat content is encrypted using key pairs generated and known by only the devices of the participants. As an additional security measure, the chat content is encrypted while it is in transit over the public internet with the use of Transport Layer Security (TLS). You won’t be able to use some of the chat features when you are using advanced chat encryption. 

Authenticated login:

As part of our service, we offer a single sign-on feature (SSO), which allows you to sign into your Zoom account in a safe, quick, and secure fashion. In an environment where your doctors might need to hit the road and aren’t on your network any more, an SSO can add an extra layer of security. It is highly recommended that, if you are not able to use SSO, you enable two-factor authentication (2FA). You can also log in via an OAuth process, which is the process of allowing one application to interact with Zoom for you, such as Google or Facebook, and so you don’t have to enter your password manually each time you want to access Zoom.

Required meeting passcodes:

For that extra level of security, the account owner and admin can easily configure required passcodes for individual meetings, or for all meetings and webinars at the user, group, or account level, so that patients can join telehealth sessions using their own passcode for an added layer of security.

Important compliance measures 

HIPAA: There are a multitude of health care providers that use Zoom services, whether you are a solo practitioner, small clinic, or enterprise health system. Zoom helps a customer’s compliance program with the HIPAA by implementing a securing the protected health information (PHI) and signing a Business Associate Agreement (BAA).

PIPEDA/PHIPA: There are certain regulations that must be followed in order to ensure the protection of personal data. These regulations include the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada and the Personal Health Information Protection Act (PHIPA) in our province.

SOC 2 + HITRUST:

With the extension of the scope of Zoom’s SOC 2 Type II report to include additional criteria in order to meet the requirements of the Health Information Trust Alliance Common Security Framework (HITRUST CSF), Zoom is demonstrating its commitment to quality and compliance. In order to enhance security, HITRUST uses standards and regulations that are widely accepted on national and international levels, such as GDPR, ISO, NIST, PCI, and HIPAA, among others. We are attesting to the validity and reliability of Zoom Meetings, Zoom Phone, Zoom Team Chat, Zoom Rooms, and Zoom Webinars on this page.

Prioritizing patient privacy

Having a video communication platform to use as a means to communicate with your doctor gives you the chance to make the consultation experience as stress-free as possible.

Using our platform, we are striving to deliver a user experience characterized by ease of use, safety, and trust, while offering all the security features you’ll need to securely exchange and store valuable health information, while allowing you to do so on our platform.

You can be sure that the platform we provide you with is one that you can trust – with your patient interactions, information that is important to you, and internal communications that are crucial.

Zoom’s approach to privacy can be found in our Trust Center, which is where you can learn more about it.

FAQs