OnCall Health | Customer Support Portal

How can we help you today?

Search

Zoom Serves Canadian Healthcare by Enabling PIPEDA & PHIPA Compliance

Article author
Sam Brennand
  • Updated

Protecting the security and privacy of our customers’ data is the top priority for Zoom. This includes complying with Canadian Data Protection regulations, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and, locally, the Personal Health Information Protection Act (PHIPA).

 

Protecting the security and privacy of our customers’ data is the top priority for Zoom. This includes complying with Canadian Data Protection regulations, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and, locally, the Personal Health Information Protection Act (PHIPA).

 

PIPEDA is a Canadian federal law that sets rules for how businesses must handle personal data in the course of commercial activity. PHIPA is a local, provincial (Ontario) legislation that protects the confidentiality and privacy of personal health information.

 

PIPEDA is close in structure to the GDPR regulations in the EU, and PHIPA closely aligns to the US HIPAA regulations. Zoom enables compliance with both GDPR and HIPAA security standards.

 

How does Zoom protect data?

  • Submits privacy practices to independent assessment and certification with TrustArc
  • Undergoes an annual SSAE-16 SOC 2 audit by a qualified independent third-party
  • Performs regular vulnerability scans and penetration tests to identify new threats
  • Executes “Data Protection Agreements” for adequate transfer mechanisms
  • Protects data in transit by TLS 1.2 using 256-bit Advanced Encryption Standard (AES-256)
  • Leverages the physical and environmental protection of our TIER 1 data center providers. Zoom’s hosting facilities have 24/7 manned security and monitoring
  • Does not monitor, view, or track the video or audio content of meetings or webinars
  • Does not share customer data with third parties

 

Zoom is a popular choice among Canadian healthcare organizations for two reasons. First, Zoom has data centers in Toronto and Vancouver, so all live meeting data and traffic can be kept in Canada. Moreover, Amazon Web Services (AWS) has been available as of early 2019 in Montreal, which means that 100% of data (live, recorded, and post-meeting metadata) resides in Canada. Second, it’s critical for doctors to prove video session attendance and the timestamp of the start and finish to bill back to the province for payment. Zoom makes it easy to access each session’s timestamp and participant list.

 

This article originally appeared here.

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.