Feb 24 2022

Zoom for Healthcare: Emerging Use Cases and Evolving Compliance Concerns

Zoom is now a popular tool for creating healthcare connections as telemedicine initiatives continue to evolve. But what comes next, both for use cases and HIPAA compliance?

Fueled by the rapid uptake of remote work and sustained by the move to hybrid frameworks, video calling platform Zoom remains one of the most popular connective solutions in the United States, as well as in 43 other countries.

In healthcare, the platform helped underpin the adoption of effective telemedicine. According to a recent white paper from Zoom about the state of video communications in healthcare, more than 550,000 companies now use the technology, and 94 percent of IT departments would recommend the solution.

However, as patients feel more comfortable returning to in-person visits, healthcare no longer needs to rely on telehealth for most appointments. Despite the drop in telehealth visits from the height of the pandemic, it’s still a popular method of care delivery, and healthcare organizations are finding new approaches and use cases to expand healthcare access and convenience for patients.

As healthcare enters this new phase of telemedicine, it’s important for organizations to ensure their Zoom use is HIPAA-compliant to protect patient data and privacy.

Click the banner below for more HealthTech content on virtual care strategies.

The Current State of Connectivity in Healthcare

According to Dr. Joseph C. Kvedar, senior adviser for virtual care at Mass General Brigham, professor of dermatology at Harvard Medical School, and chair of the board of the American Telemedicine Association, “Zoom is a bit like the Kleenex of the industry.”

While “tissue” is the generic term and Kleenex is the brand, the ubiquity of the product has made it the standard for runny noses, and it’s the same for Zoom. “On the clinical side, it’s become the platform of choice,” says Kvedar, “and it’s integrated at Mass Gen into our electronic records system. We can launch calls directly from there.”

Prior to the pandemic, Zoom and similar tools were used occasionally, Kvedar says. Now, “just about everybody expects to do video and audio. It’s a pretty big change. We’ve dropped our regular conference lines entirely.”

Kvedar notes that patients love the convenience. They don’t need to leave their homes, and most visits occur on time. In addition, “the no-show rate is infinitesimal,” he says.

READ MORE: Dr. Joseph Kvedar explains what’s next for telehealth.

What’s Next for Zoom in Healthcare?

While Zoom video calls offer a way to bring doctor visits into patient homes, Kvedar makes it clear that “if all we do is video, then we’ve failed.” With the pandemic accelerating technology adoption by two to five years for all industries, including healthcare, there’s an opportunity to explore the full impact of telehealth at scale.

Kvedar points to potential advancements in three areas: first, remote patient monitoring for vital signs using connective tools that can alert doctors and help initiate video calls if patients experience complications; second, asynchronous connections that allow patients and clinicians to connect via messaging portals rather than in real time; and third, AI-driven chatbots and “symptom checkers” that can help point patients in the right direction.  

“We don’t have enough healthcare providers to go around,” Kvedar says. “This lets us leverage skilled human beings to better benefit.”

Dr. Joseph C. Kvedar
We don’t have enough healthcare providers to go around. This lets us leverage skilled human beings to better benefit.”

Dr. Joseph C. Kvedar Senior Adviser for Virtual Care, Mass General Brigham

Considering Compliance for Zoom in Healthcare

As Zoom adoption expands across both administrative and clinical applications, compliance is more critical than ever.

Under the current Notification of Enforcement Discretion issued by the U.S. Department of Health and Human Services Office for Civil Rights at the start of the pandemic, “covered healthcare providers will not be subject to penalties for violations of the HIPAA Privacy, Security, and Breach Notification Rules that occur in good faith provision of telehealth during the COVID-19 nationwide public health emergency.”

As of Jan. 16, 2022, the nationwide public health emergency was extended until April 16, 2022. Although there’s no guarantee that the state of emergency will be lifted in April, organizations must begin preparing for a post-pandemic normal that sees Zoom and similar technologies still in use but with increased regulatory oversight.

EXPLORE: Learn 4 lessons from scaling telehealth during a crisis.

This means creating telehealth frameworks that are secure by design, rather than attempting to shoehorn in security after the fact. In practice, five steps are critical:

  • Assess potential risks: Given the rapid changes brought on by the pandemic, healthcare organizations need to start by pinpointing potential risks that come with remote work and telehealth connections. While it’s possible to conduct these evaluations in-house, it’s also worth considering a reputable assessment partner that can offer an unbiased view of current security postures.
  • Deploy privileged access management: PAM tools help track, manage and audit the activity of authorized users to ensure technologies such as Zoom are used in compliance with HIPAA regulations.
  • Implement multifactor authentication effectively: MFA solutions can significantly reduce the risk of compromise but aren’t necessary in all scenarios. For clinicians and administrators with access to records and the authority to start video chats on demand, MFA is critical. For patients who access only their own records, more streamlined two-factor authentication may be sufficient.
  • Centralize key data: Pandemic pressures pulled data out of central archives to speed key processes, but as telehealth regulations tighten, it’s worth recentralizing data to both improve defensive posture and increase visibility.
  • Apply the principle of least privilege: The fewer people who have access to patient data, the better. Here, the principle of least privilege can help reduce the risk of accidental telehealth breaches that could put organizations at risk of noncompliance.

When it comes to Zoom, telemedicine and the future of patient/physician connections, Kvedar says, “we’ve brought the doctor’s office into your home, but this is just the beginning.”

Hispanolistic/Getty Images

Zero Trust–Ready?

Answer 3 questions on how your organization is implementing zero trust.