13 Sep Business Associate Agreement With Zoom
Can a healthcare facility use zoom videoconferencing as a platform for telemedicine or videoconferencing with a patient? In short, the role of a business partner is to help covered companies comply with hipaa`s privacy rule As a business partner, Zoom must sign a contract – a business associate agreement (BAA) – with a HIPC-covered entity before its service can be used for ePHI sharing. The BAA must confirm that Zoom is aware of its data protection and security responsibilities for PHI. In accordance with HIPAA`s data protection rule, a healthcare provider must obtain satisfactory assurances from its counterparty that the counterparty adequately protects the protected health information it receives or produces on behalf of the covered entity. What does this have to do with HIPAA? Protected health information includes electronic protected health information (EPHI) consisting of all protected health information (PHI) created, stored, transmitted, or received in any electronic or media format, such as HIPAA-compliant phone calls. CVE-2019-13567: Client zoom in 4.4.53932.0709 on macOS allows remote code execution, a different flaw than CVE-2019-13450. If the ZoomOpener daemon (also known as a hidden web server) is run, but the Zoom client is not installed or cannot be opened, an attacker could execute the code remotely with an intentionally created boot URL. NOTE: ZoomOpener is removed from the Apple Malicious Software Removal Tool (IRM) when this tool is enabled and has IRMConfigData 2019-07-10. Once you have signed the BAA with Zoom, the following update to your account must be made to make it HIPAA compliant: For information on how to sign a BAA with Zoom, please contact the distribution. The satisfactory assurances to be obtained are defined in a counterparty contract which is a contract between a supplier and a counterparty, in this case Zoom.
The contract must describe the permitted and necessary use by the counterparty of protected health information; provide that the counterparty shall not use or disclose protected health information other than to the extent permitted, prescribed or prescribed by law; and requests the counterparty to take appropriate security measures to prevent the use or disclosure of protected health information other than that provided for in the contract. Nevertheless, even with a BAA, it is possible for users to violate HIPAA rules. Zoom will fulfill its responsibilities, but users may only communicate PHI to individuals who have the right to obtain the information and meet the minimum required standard. Zoom said it was ready to sign a matching agreement with health organizations. Zoom has also taken steps to ensure that its platform has all the necessary security controls to comply with HIPAA`s security rule. . . .