Is Zoom HIPAA Compliant?

Posted by Michael Hsu on 5/23/20 1:00 PM
Michael Hsu

Is Zoom HIPAA compliant? The ups and downs of using Zoom for telemedicine

When it comes to web conferencing apps, Zoom is among the favorites worldwide. It is a cloud-based platform that allows for multiple people to participate in a meeting, share files, and chat. Zoom is notoriously easy to use, which is one of the main reasons behind its popularity.

Healthcare professionals around the globe have been using Zoom for telemedicine and telehealth purposes for some time now. Does this popular platform comply with the rules of HIPAA?

Is Zoom HIPAA compliant?

As a third party app that you’ll be using to transmit electronic protected health information (ePHI), Zoom needs to enter into a business associate agreement (BAA) with you in order to be considered HIPAA compliant. They are willing to do so and offer to enact a bunch of security measures on your Zoom account, such as the following:

  • Encrypted chat will be enabled
  • Cloud recording will be disabled
  • User information will be removed from logging and reporting, etc.

Bear in mind that Zoom is not HIPAA compliant in and of itself but only after you enter into a BAA with them, according to their website. 

They have a HIPAA compliance guide online explaining how Zoom supports all HIPAA standards, such as access and audit controls, end-to-end encryption, and integrity mechanisms. However, Zoom’s security has come into question as users started experiencing “Zoombombings” where users are exposed to pornographic content or live racist comments from uninvited users.  The Department of Homeland Security also recently issued a report citing that Zoom may be vulnerable to foreign surveillance.

A lot of security and privacy issues with Zoom have been uncovered, prompting many healthcare organizations, schools, and companies to ban the use of the platform while  some have even filed lawsuits. These recent developments seriously call into question Zoom’s security and compliance with HIPAA requirements.

Curogram is 100% HIPAA compliant

Curogram is a HIPAA compliant solution designed specifically for healthcare providers and patients. With our modern telemedicine and texting platform, you won’t have to worry about fulfilling HIPAA requirements as we have all the safeguards in place.

Here are some other problems you’ll encounter with Zoom that Curogram can solve:

  1. No EHR or practice management integration
  2. Difficult patient on-boarding
  3. No workflow support for doctors and medical staff
  4. Limited waiting room management tools
  5. No ability to collect patient intake forms or payments
  6. No option for simple and secure document transfer

Zoom doesn’t integrate with EHRs

Without integration, you have to manually create appointments in Zoom, and you have to manually send patients invites to your Zoom meetings prior to each appointment. This double entry of appointments into two separate systems and extra coordination prior to an appointment is cumbersome for staff. These are major downsides of a platform that you intend to use for telemedicine. 

Curogram integrates with virtually any EHR. You can easily synchronize your appointments from your EHR or practice management system which means that you only have to enter appointments once! Patients will also automatically receive text and email reminders with the proper video chat links without any additional work from your staff.  This integrated workflow eliminates unnecessary work from staff and significantly reduces wasted time.

Curogram EHR integrations







Practice Fusion




See More Integrations Here

The integration process is done within 48 hours, thanks to our proprietary integration technology. No need to deal with complicated and expensive HL7 interfaces that take months to complete and cost an arm and a leg.




EHR integration



Easy Patient On-boarding



Advanced Waiting Room Management Tools



Patient Intake Forms and Payment Requests



Document Transfer



Zoom patient onboarding is difficult for patients

Zoom requires patients to download an app in order to enter a video chat. While mobile apps are common today, downloading and registering with an app is a cumbersome process even for tech-savvy patients. Consumers today have pages and pages of apps on their phones, and most don’t want another one, especially when it will be used infrequently.

Most people are only patients 3-4 times a year, and not all visits can be via telemedicine, so downloading an app that might only be used once or twice in a year is an annoyance to most people. Also, troubleshooting an app download just before you’re about to start an appointment can be stressful for patients, doctors and staff. Many times, troubleshooting an app download results in a delay in the appointment which can cause delays in a doctor’s overall schedule.

With Curogram, patients are not required to download an app to start a video visit. A one-click link in their text or email (automatically sent to them through EHR integration) launches their video visit with the medical practice.  

Zoom doesn’t support workflows for doctors or staff

Zoom doesn’t do anything to make it easier for doctors and nurses to do their job virtually. All the workflows that are required in an in-person office visit are still required for a virtual visit:

  1. Patients need to complete intake forms and provide updated insurance info
  2. Patients are checked in by front-desk staff
  3. A nurse or MA generally visits with the patient first and prepares them for the consultation with the doctor
  4. Doctors and clinical support staff need to communicate with each other while coordinating whose turn it is to see the patient.  

A front desk staff needs to check out the patient and provide them visit related documents such as visit summaries, treatment plans, prescription orders and referral documents. 

Zoom does not provide any tools to enable the above workflows that are required for a virtual visit.

Curogram streamlines the entire process with workflow tools that allow doctors and staff to mimic workflows of in-person visits. 

  1. Curogram can send new patients intake forms automatically 2-3 days in advance and even collect updated insurance cards via text. 
  2. Curogam’s two-way texting allows front desk staff to easily check-in patients via real-time two-way SMS text. 
  3. Curogram’s telemedicine waiting room view allows staff and doctors to view the schedule and active patient queue with the current status of a patient, making it easy for staff and doctors to enter/exit the video chat at the proper times (i.e. what stage of the process patients are in). This virtual waiting room view can be filtered by Provider, Patient Status, and Appointment Type. Doctors and Staff can configure the view to match their assigned tasks. For example, front desk staff can just view patients that are waiting to be checked in, while Doctors can select to view only patients who are ready for Consult.
  4. Curogram’s HIPAA-secure staff messaging can be used to notify staff when it is their turn to see a patient.

Curogram EHR integrated document transfer features can be used to easily send patients documents directly from the EHR.

Zoom doesn’t have virtual waiting room management tools

One of the most important aspects of an in-person visit is the waiting room. Staff can see who is waiting to be checked in. Nurses can see who’s ready to be seen and prepare them before the doctor takes over. With Zoom, there’s no way to easily identify what stage of the appointment the patient is in.  

Curogram’s telemedicine waiting room view allows staff and doctors to view the schedule and active patient queue with the current status of a patient, making it easy for staff and doctors to identify what stage of the appointment process patients are in and who should see the patient next.  This virtual waiting room view can be filtered by Provider, Patient Status, and Appointment Type. Doctors and Staff can configure the view to match their assigned tasks.  For example, front desk staff can just view patients that are waiting to be checked in, while doctors can select to view only patients who are ready to consult.

Zoom doesn’t offer patient intake forms or or online payment tools

Patients still need to be checked in for virtual visits, so offices need to collect intake forms, updated insurance cards and copays.  Zoom does not offer any tools to collect patient intake forms or payments, so it requires front desk staff to use other methods or other software tools to get the job done. 

Curogram’s Electronic Patient Forms and Payments features enables front desk staff to collect intake forms and payments via text.  The intake form collection process can even be automated because Curogram integrates with an office’s EHR or practice management system, so Curogram automatically knows which appointments are for new patients and they can be automatically sent intake forms 2-3 days in advance. Completed forms are returned as a clean easy-to-read PDF that can be uploaded to the EHR. Payment requests are sent to the patient by the front desk prior to the appointment, and patients can easily pay by entering their credit card info online. 

Zoom doesn’t have an option for secure document transfer

After a visit, patients are usually provided visit summaries, treatment plans/instructions, prescription orders, and referral orders.  For an in-person visit, these are usually provided to the patient upon check-out.  Virtual visits are no different. Zoom does not provide any HIPAA-compliant document transfer solutions to solve this problem. 

Curogram offers an integrated solution for sending documents directly from the EHR directly to patients via text. This feature completes the appointment workflow process, enabling a practice to see a patient virtually in the same way that they do in-person.

Healthcare providers can use non-HIPAA compliant solutions during the COVID-19 nationwide health emergency

The Department of Health and Human Services’ (HSS) Office for Civil Rights (OCR) has issued a Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency

According to this notification, during the COVID-19 national emergency, healthcare providers can use non-public facing communication platforms that are not entirely HIPAA compliant for telemedicine or telehealth purposes without risking penalties. 

This may sound like great news, but in reality, a non-compliant platform comes with many risks and won’t be helpful in the long run. These solutions are non-compliant for a reason. Some of these risks of using non-compliant solutions include:

  • They are not secure for exchanging ePHI
  • They are complicated to use since they weren’t designed with healthcare providers in mind
  • They don’t integrate with EHRs
  • They can be glitchy
  • They don't offer HIPAA compliant texting solutions

The OCR will eventually lift the Enforcement Discretion regulation. If you’re still stuck with a non-compliant solution by that time and your patients get used to virtual visits, you’ll have little time to find a new platform to cater to their needs.

The scary truth is that even after the national emergency is over, until a vaccine for coronavirus is developed, the possibility of the virus returning for a second wave remains. It’s much better to be prepared for that prospect with a long-term HIPAA-compliant telemedicine solution.

5 pitfalls healthcare providers will face looking for a telemedicine solution

Transitioning to telemedicine can be extremely difficult, especially if you don’t know what to look for in a sea of possible telemedicine solutions. Some of the problems healthcare providers will face include:

  1. Finding a telemedicine solution that is easy for patients
  2. Finding a solution that is easy for doctors
  3. Finding a solution that is easy for staff to communicate with patients
  4. Finding a solution that offers HIPAA compliant staff messaging
  5. Communicating policies related to working from home

A telemedicine solution that is easy for patients

Patients will dread having to download another app they will only use once or twice. Older patients may not be comfortable downloading an app, and even younger tech-savvy patients don’t have the patience to download and register with another app. 

Curogram offers a solution to that problem in the form of a browser-based video that you can access by clicking the link. There’s no need to download anything, and there are no special requirements.

A telemedicine solution that is easy for doctors

The goal again is to find a browser-based solution with no download requirements so that doctors can enter their appointments easily. It is important to minimize the time the doctor has to spend dealing with patient on-boarding and IT issues.Curogram’s simple web-based telemedicine interface for doctors makes it easy for doctors to get in and out of video visits, and Curogram’s waiting room management tools allow staff to handle patient check-in and check-out. This allows the doctor to focus on the consultation, and it allows doctors to see more patients during the day, which means more revenue for the practice.

A telemedicine solution that is easy for staff to communicate with patients

You should look for a platform that doesn’t just provide automated reminders, but also full two-way texting. Your patients should be able to respond to your messages and reminders if they have any further questions or wish to reschedule. 

Bear in mind that reminders in telemedicine are different from those for in-person visits. Patients can easily get carried away watching TV and forget about the appointment within minutes. That’s why a simple 15-minute reminder before the visit can make a huge difference in reducing patient no-shows, but they are not useful for in-person visits.

Curogram differentiates between in-person and telemedicine visits, giving you the option to customize messaging and timing of reminders based on your appointment type. You can customize in-person visit reminders with driving directions and prep instructions while telemedicine reminders give patients virtual visit instructions as well as the necessary video link for the visit. 

Curogram’s two-way texting system allows you to send SMS messages to your patients directly from your desktop computer, and clients have reported a 50% reduction in phone calls after using the platform. This is not in-app messaging. They get a real-time SMS text message that they are bound to see because SMS text is on the first screen of every patient’s phone.

In contrast, software that allows you to send “in-app” messages are usually ineffective because new apps are often buried under 7 screens of apps, so notifications can often be overlooked. 

A telemedicine solution that offers HIPAA compliant staff messaging

Your staff need to have a HIPAA-compliant way of communicating amongst themselves while working remotely or in a large office. If staff are chatting over Whatsapp, FaceTime, or some other non-HIPAA-compliant messaging app, you are exposed to liability for HIPAA violations where fines can be in the tens of thousands of dollars. 

Staff need a HIPAA-compliant tool so that sensitive patient information doesn’t end up sitting on their personal phones. Curogram provides a secure staff-to-staff messaging channel all in the same dashboard as patient texting. You can also create group chats where you can talk about patients, work topics, and projects as a group.

Communicating policies related to working from home

You’ll need to establish some policies around your employees’ work environment at home. Some of these include:

  • Setting audio/visual requirements, such as whether they should wear a headset or what their background should be like
  • Helping your staff set ground rules for their family members so that they know not to disturb
  • Establishing a dress etiquette for remote work
  • Establishing rules around taking breaks, etc.

How to survive your start with telemedicine

Relying on, non-secure solutions such as Zoom that don’t provide any workflow tools or integration with your practice management solution won’t get you far in your telemedicine journey. You’ll encounter many obstacles and risks at the start that you could avoid by using Curogram instead.

Here are some challenges you may experience using Zoom and other unreliable providers:

  1. Unsatisfied patients
  2. Doctors wasting time
  3. Staff struggling to juggle all the responsibilities
  4. Decrease in revenue
  5. Mental health issues

Unsatisfied patients

If your patients are confused and frustrated by an app that is buggy or difficult to use, they’ll give up and won’t show up for the visit at all. This could also prompt them to leave bad reviews of your practice on Google and Yelp, and we all know that online reviews can make or break you.

With Curogram, patients get an instant connection without any obstacles, such as room codes. Once they enter the room, the familiar process involving check-in, consultation, and check-out will provide them a smooth virtual visit experience.

Doctors wasting time

Without natural workflows, EHR integration, and staff assistance, doctors will have to waste a lot of time on each individual patient. Many doctors new to telemedicine have complained that they spend more time troubleshooting IT than they do seeing the patient. 

Curogram allows for an efficient workflow where nurses and MAs deal with all the pre- and post-visit technicalities. Doctors can focus their time on the actual consultation and see more patients every day.

Staff struggling to juggle all the responsibilities

Workflows are important for staff too. Without an all-encompassing solution, they’d have to call patients to remind them about their visits, somehow collect intake documents remotely from patients, manually send visit links, fax or mail patients important documents, and find a way to create a system out of chaos. 

Your staff might even be forced to use their personal phones to communicate with patients. This is not only risky and non-compliant, but it can be annoying to your employees as they don’t want patients having their personal cell phone numbers.

With Curogram, staff are able to do everything from a single platform, such as automate reminders, two-way text with patients, collect intake documents, and send documents safely, etc. 

Decrease in revenue

All the loose ends of solutions not created for telemedicine and telehealth purposes could lead to a significant drop in your revenue. Dissatisfied patients will leave, those who find the solution difficult to use will give up, and bad reviews will hurt your reputation. Your doctors will see fewer patients. Your staff will be stretched and not as efficient as usual. All of these things will slash your revenue in the long haul.

Curogram makes your staff more efficient. It allows your doctors to see more patients, and patients will be more satisfied with a service similar to what they experience in person. Curogram’s smart reminders have helped clients reduce no-shows by 75%, and Curogram’s two way texting has helped clients reduce phone calls by 50%, increasing client revenue and reducing client costs.

Mental health issues

Your staff are not used to working remotely. You should make their mental health your top priority by organizing one-on-ones, happy hours, and similar get-togethers, as well as allowing them to discuss any issues they may be experiencing freely. 

If your staff are required to use several different apps and communicate with patients across many different channels, the transition to remote work will be even more stressful. Curogram’s end-to-end communication platform integrated with your practice management system reduces staff workload and stress, making remote work much more efficient and manageable.

Wondering if other solutions are HIPAA compliant?

Are they HIPAA compliant?

Is Skype HIPAA Compliant?

Is RingCentral HIPAA Compliant?

Is WhatsApp HIPAA Compliant?

Is Google Hangouts HIPAA Compliant?

Is FaceTime HIPAA Compliant?

Is GoToMeeting HIPAA Compliant?

Is Google Voice HIPAA Compliant?

Is HelloFax HIPAA Compliant?

Is eFax HIPAA Compliant?

Is Facebook Messenger HIPAA Compliant?

Is Email HIPAA Compliant?

Is Texting HIPAA Compliant?

Is Slack HIPAA Compliant?


Topics: HIPAA, Zoom

Patient 2-Way Texting

Curogram provides “All-In-One” texting and HIPAA compliant messaging platform for independent practices, physician groups, and clinically integrated networks.

Subscribe Here!

Recent Posts