Skip to content

What is HIPAA? Are Zoom and Google Duo HIPAA compliant?

  • by
  • 3 min read

The Health Insurance Portability and Accountability Act is a federal law passed in the year 1996 that aims at protecting sensitive information like a person’s health condition from disclosure.

HIPAA’s requirements are fulfilled by the HIPAA Privacy and Security Rules, which covers a subset of the Privacy standards. Services like therapy sessions, prescribing medicines, and common consultation have been carried out virtually during the pandemic.

These healthcare services and the apps they’re provided through fall under HIPAA’s compliance umbrella.

Also read: How to join a Zoom meeting?

HIPAA Coverage

Following entities are subject to HIPAA’s Privacy Rule:

  • Healthcare providers: Healthcare professionals exchange Protected Health Information (PHI) with respect to certain transactions. Healthcare professionals are required to maintain the confidentiality of both the PHI and any related transactions.
  • Health Plans: Companies that are required to pay all kinds of short and long-term insurers. Be it prescription drugs, dental, or health maintenance organisations (HMOs) like Mediclaim.
  • Business Associates: Individuals or organisations involved in tasks dealing with the processing, data analysis and billing for the covered entities. HIPAA Transactions guidelines have strict rules to implement a safe and secure transaction environment for users.

Also read: How to share screen on Zoom?

Are Google Duo and Zoom HIPAA compliant?

Plenty of videoconferencing applications have been used for telemedicine alongwith their conventional uses.

However, if a customer wants to make use of these apps for PHI transactions, they have to sign a Business Associate Agreement (BAA) with the company.

The applications are to have all the features and options that follow HIPAA guidelines under which:

  • Integrity, availability and confidentiality of all electronically PHI
  • Safeguard information against anticipated threats
  • Protection against disclosures
  • Workforce should certify compliance

A good place to start the maintenance of PHI is implementing E2EE in any sort of transaction.

Google Duo and Zoom both follow HIPAA compliance based on the HIPAA Security Rule published in the Federal Register (45 CFR Parts 160,162 and 164).

This makes environments safe for information exchange and carry out tasks like telemedicine in a safe fashion.

Giving users control of many of the parameters which determine the overall security isn’t the best way to ensure transaction safety.

Companies like Zoom don’t in about a structured model which provides a direct administrator control, putting every meeting host in-charge of how the information is controlled.

Google Duo, on the other hand, makes sure that their customers using Google Apps for PHI either sign the BAA or have dedicated IT Administrators to establish the necessary measures for PHI safeguarding.

Also read: How to change the background on Zoom?

Pooshan Singh

Exit mobile version