University of Iowa

Zoom FAQs on HIPAA Compliance

FAQ for Zoom and HIPAA Usage

For more information on the University of Iowa Zoom service, click here

  1. Is Zoom compliant with HIPAA requirements?
    1. Zoom encrypts communication among the participants in a Zoom meeting.
    2. This provides appropriate protection for Personal Health Information (PHI).
    3. Recording in Zoom doesn’t provide protection because there is no Business Associate Agreement (BAA) and this is required for the storage of PHI by a third-party.
  2. Who is eligible to use Zoom?
    1. Current license with Zoom is for academic use.
    2. Employees with a primary appointment in UI Healthcare are not licensed to use Zoom.
    3. Employees with a primary appointment in an academic unit (e.g., appointments within a college) are eligible to use Zoom.
    4. An effort is underway to determine whether Zoom can be licensed for UIHC employees. 
  3. What are the alternatives if I can’t currently use Zoom?
    1. Skype for Business provides similar functionality to Zoom, and encrypts communication across the Internet to provide protection for PHI.
    2. Skype for Business is licensed for all UI employees.
    3. For more information on Skype for Business, click here.

We will update this page as more information becomes available.