The use of telehealth services has skyrocketed since the beginning of the COVID-19 pandemic. Accordingly, the Department of Health and Human Services (HHS) announced the loosening of enforcement of specific HIPAA fines for remote telehealth services. As providers continue to search for the best software to offer their services remotely, many wonder about Zoom and whether or not their platform is ideal for telemedicine. In particular, what are the key differences in OhMD vs Zoom Telehealth?
To begin, Zoom does offer a HIPAA compliant version of its video conferencing software. This version of their software costs a minimum of $200 per month and practices must purchase a pre-paid package of at least 12 months.
For software companies, HIPAA regulation typically applies to the transmission, storage, and access control of protected health information (PHI). When looking at telehealth services for your practice, it is essential to remember that Zoom was not specifically designed for healthcare but, rather, has an option that allows specific features to be changed or removed to better secure PHI.
Zoom has stated that its application contains the following security features (among others):
- User Authentication Measures: OAuth 2.0, for authenticating a user context; and JSON Web Tokens (JWT) for authenticating server-to-server apps.
- Access Control Measures: These measures regulate who or what can view or use resources during a Zoom meeting.
- Encryption: Encryption is necessary to ensure only the sender and recipient of an electronic message can read the content of that message. Specifically, Zoom states they have PIPEDA/PHIPA compliance with 256-bit AES encryption.
Zoom’s healthcare platform encrypts meeting content to prevent unauthorized individuals from breaking into and watching the meeting. Although this is an important part of encryption for healthcare, it is not enough; telecommunication services should implement true end-to-end encryption. Cybersecurity professionals call Zoom’s encryption method transport encryption. Although it helps security, transport encryption allows the communication platform to decrypt the data. In this case, it means Zoom has access to the data from a telehealth meeting. Having access to content gives Zoom the ability to analyze or sell user data. On the other hand, end-to-end encryption means the platform does not have encryption keys to decrypt the content and thus cannot access any decrypted data from the call.
Recently, The Intercept released an investigative report that discusses Zoom’s security features and their misleading marketing of end-to-end encryption. In fact, the in-meeting chat is the only feature of Zoom that is genuinely end-to-end encrypted; all other data (including video and screen-sharing data) can be access by Zoom.
The HSS notice allows practices to use Zoom for the time being without fearing a severe fine for HIPAA compliance with remote telehealth services. That said, all healthcare providers should be careful when using Zoom when sharing PHI on a video meeting.
The largest difference between OhMD vs Zoom Telehealth starts at the very idea of the product. We designed OhMD to be a HIPAA compliant telecommunication software from the very beginning. On the other hand, Zoom was designed for business conferencing.
Our software encrypts and secures all PHI both in transit and at rest. All of our features, such as two-way messaging, file sharing, and EHR integration, were designed to follow all HIPAA regulations and ensure privacy.
Perhaps most important, OhMD makes it easier to communicate with patients without jeopardizing security. After all, you want to make communication easier, not harder. The right secure healthcare text messaging solution combines a user-friendly experience with enterprise-level encryption techniques.
More details on our steps to ensure the security of PHI and HIPAA compliance can be found here.
To learn more about implementing OhMD as your telehealth service, schedule a demo with an expert today!