Zoom has revolutionized how businesses operate in our remote working economy:
• 89% of employees feel more connected to one another because of virtual meetings (1)
• Zoom has 504,000 business customers (2), including Warner Bros. Discovery, Capital One, and Capital One (3)
• Zoom has customized plans based on industry, call size, devices, and more
• More than 2,300 apps and integrations are available on the Zoom App Marketplace (4)
• The healthcare industry is one of the top 10 industries that use Zoom (5)
With many physicians, practitioners, and healthcare organizations moving to Zoom for everything from internal meetings to patient appointments, many providers are asking, “is Zoom HIPAA compliant?”
Continue reading to learn more about Zoom’s efforts toward HIPAA compliance, and how Zerify can enhance the security of Zoom to make it a fully HIPAA compliant video conferencing platform.
The Need for HIPAA Compliance in Technology
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that created a set of national standards to protect sensitive patient health information from being disclosed without a patient’s consent and knowledge.
The two main rules of HIPAA are The Privacy Rule and The Security Rule. Of these two, the security rule has direct application to digital technologies, including video conferencing platforms.
Role of the HIPAA Security Rule in Video Conferencing
The HIPAA Privacy Rule created guidelines to ensure certain “covered entities” in the healthcare industry — healthcare providers, insurance companies, and healthcare clearinghouses — work to protect patients and their personal health information (PHI) while sharing PHI with other entities in a way that promotes the best care possible as well as patient privacy.
While the Privacy Rule mainly involves the use or disclosure of PHI, the Security Rule safeguards a subset of PHI: electronic protected health information (ePHI).
This rule applies only to PHI in digital or electronic forms—not PHI shared orally or in writing.
Under the Security Rule, covered entities must:
• Ensure the confidentiality, integrity, and availability of all ePHI
• Detect and safeguard against anticipated security threats to electronic health information, such as breaches
• Prevent impermissible use or disclosures as required by law
• Certify compliance by their workforce
The Risks of Non HIPAA Compliant Video Conferencing
Failing to follow HIPAA rules can result in substantial fines and fees while creating a loss of your patients’ trust.
Unfortunately, all it takes for a patient’s entire private medical history to be exposed is for their healthcare provider to fall for a Zoom invite phishing scam.
What Video Conferencing Platforms are HIPAA Compliant?
Although many popular video and web conferencing applications like Zoom have a signed business associate agreement (BAA) stating they comply with HIPAA, that does not mean these platforms are 100% secure.
In fact, they have several vulnerabilities hackers and criminals can easily exploit. As a result, many of the most popular and widely-used platforms healthcare providers rely on are not fully HIPAA compliant.
Fortunately, our team designed Zerify Defender with these platforms in mind. Defender easily integrates with Zoom and other video conferencing software to make these platforms HIPAA compliant.
Potential Security Risks in Video Conferencing Software
Although Zoom uses end-to-end encryption, that alone is not enough to keep the platform and its users safe from cyberattacks and breaches.
Zoom has a few security gaps threat actors are aware of and often target:
While Zoom does use an authentication method, it is easy to exploit. All a cybercriminal needs to do is create an email address that appears to belong to a colleague, a Zoom account, and a fake login page.
The hacker sends a fake Zoom invitation to a health care provider in the hopes they will click on the link and submit their unique login information to what appears to be a Zoom call.
From there, the provider submits their login information on what appears to be a Zoom page. The cybercriminal can then use those credentials to log in to private call captures that access PHI, and wreak havoc on a healthcare organization’s data and digital infrastructure.
Adding additional layers of authentication is a simple and effective way to prevent hacks like this from happening.
Zerify’s secure video conferencing solutions like Meet and Defender include the following 5 authentication methods:
– Meeting password
– One-time passcode
– Meeting authorization (with additional security clearance levels)
– Out-of-band authentication
– Push biometric authentications
Zoom and other platforms tend to use meeting passwords and one-time passcodes as their authentication methods. Unfortunately, these two authentication methods are some of the most easily exploited.
Video and Audio Vulnerabilities
If a device has already been infected with spyware or malware, any PHI shared over a Zoom conference call could already be in the hands of cybercriminals. Certain spyware and malware allow hackers to eavesdrop, save a call’s audio and video, and even take screenshots.
Access to Keyboard and Clipboard Data
Audio and video aren’t the only areas at risk if a device has been infected. Information copied to your computer’s clipboard and anything you’ve typed out during a video call are fair game for hackers to steal, too.
Zerify utilizes clipboard protection as well as anti-hooking keystroke protection to prevent keylogger malware from recording your keystrokes.
How Do I Make Zoom HIPAA Compliant?
At Zerify, we saw an opportunity to take the best, largest, and most reliable video conferencing platforms on the market, and further enhance their security for healthcare providers, businesses, and users around the globe.
Zoom and the other leading video conferencing platforms in the market have changed companies around the world since the start of the pandemic.
They have become mainstay tools in our daily software suite as more and more of us work remotely.
That is why our team created Zerify Defender, a video conference communication tool that allows you to add all the necessary security controls and features to meet HIPAA regulations, on Zoom and all of the other video conferencing platforms you’re already comfortable using.
Defender integrates with and improves the existing security of the platforms your organization and patients are already comfortable using. That way, you don’t have to invest the time, money, and resources into:
• Researching and comparing HIPAA video conferencing software
• Investing in new software
• Training yourself and your entire organization or office on how to use it
Zerify Defender gives you the power to continue using Zoom for Healthcare telehealth visits without having to switch video conferencing providers.
Why Zerify Defender is the Healthcare Industry’s Secure HIPAA-Compliant Telehealth Solution
Security Measures That Go Above and Beyond
Zerify Defender adds layers of protection to your current video conferencing platform to meet HIPAA standards:
• Camera, microphone, and speaker lockdown
• Anti-screen capture
• Clipboard and keyboard protection
• Additional authentication methods
Easy Integration with Your Current Video Conferencing Software
Zerify Defender works with virtually any video conferencing platform, including but not limited to:
• Zoom for Healthcare
• Google Meets
• Microsoft Teams
Additional Teleconferencing Options for Healthcare Organizations
If you’re reconsidering renewing your Zoom contract, Zerify has a variety of secure video conferencing tools to enhance your healthcare organizations security.
Protect Your Healthcare Organization’s Sensitive Medical Information with Zerify Defender
Many healthcare providers are putting their patients’ medical information at risk because they believe Zoom is fully HIPAA compliant.
Training an entire team to relearn a different video conferencing platform takes valuable time away from what matters the most: caring for patients.
Zerify Defender adds additional security measures and precautions to an already incredible video conferencing platform, which means there is no need to train providers to use a new program.