In order to make Zoom HIPAA-compliant (HIPAA-secure), all Adaptive Telehealth Zoom video calls originate from the Adaptive Telehealth self-hosted version of Zoom when they originate from within Adaptive Telehealth.
The security configuration is unique to Adaptive Telehealth
Adaptive Telehealth worked with Zoom programmers and the Zoom support team many years ago to modify the Zoom software on the Adaptive Telehealth HIPAA-compliant servers. We modified the receiving code at Zoom corporate office for the Adaptive Telehealth account. This is so that Zoom could still receive usage reports, but without also receiving electronic Protected Health Information (ePHI). With these modifications, no ePHI is sent to Zoom from Meeting Connector on Adaptive Telehealth servers. This took many months of development.
Our verification of this security came through packet sniffing to trace internet transmissions. We also made patient support calls to Zoom asking for assistance and were told that they cannot help us because they cannot view our identity (Our desired result). Adaptive Telehealth patients are supported through Adaptive Telehealth directly or by the customer if they choose.
On a side note, we do permit the sending of the IP and user identity of the provider to Zoom because this is not ePHI. These users can be supported by Zoom directly if they wish or through Adaptive Telehealth support.
This explanation is not meant to disparage Zoom. We like Zoom. Rather, it is important to know the extensive work Adaptive Telehealth has done to keep PHI from Zoom, Zoom’s marketing partners like Facebook, Google, or any other third party that do not have a Business Associate Agreement (BAA) with our customer.