At LMH Health, we understand that medical information about you and your health is personal. We are committed to protecting medical information about you. Further, we are required by law to make sure that your medical information that identifies you is kept private, that it is available to you, and that we follow our privacy practices.
There are several settings that we have enabled to ensure our patient’s privacy through Zoom.
Virtual Waiting Room
We have turned on the Waiting Room feature, which prevents individuals from joining a telemedicine appointment in process. Individuals must be admitted to the appointment. Just like an in-person appointment, we take every precaution to ensure no one walks into the exam room. We are doing the same thing with Zoom, taking every precaution to ensure no one comes into the telemedicine visit unexpectedly.
Zoom for Healthcare
LMH Health is not using the standard Zoom platform. We are using the Zoom for Healthcare platform. This means that the video visits have multi-layer security with AES-256 encryption. This is the same method that most banks use. It is also the only encryption that the National Security Agency approves to protect “Top Secret” level information for the US Government and the US Military.
We have disabled Zoom recording. We will not record your session.
Other Access Controls
Meetings are not publicly listed in Zoom’s directories. Your provider locks your visit after you join, preventing anyone else from entering. Your provider can easily disconnect attendees if needed, or terminate a session in progress. Also, the Zoom visit ends automatically.
Currently, the agencies that certify health technology – the Office of the National Coordinator for Health Information Technology and the National Institute of Standards and Technology – do “not assume the task of certifying software and off-the-shelf products” (p. 8352 of the Security Rule), nor accredit independent agencies to do HIPAA certifications.
Additionally, the HITECH Act only provides for testing and certification of Electronic Health Records (EHR) programs and modules. Because Zoom is not an EHR software or module, our type of technology is not certifiable by these unregulated agencies.
Zoom does have other Security have other Privacy and Security Certifications.
The SOC 2 report provides third-party assurance that the design of Zoom, and our internal processes and controls, meet the strict audit requirements set forth by the American Institute of Certified Public Accountants (AICPA) standards for security, availability, confidentiality, and privacy. The SOC 2 report is the de facto assurance standard for cloud service providers.
TRUSTe has certified the privacy practices and statements for Zoom and also will act as dispute resolution provider for privacy complaints. Zoom is committed to respecting your privacy. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
EU-US Privacy Shield:
Zoom participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Zoom has committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List https://www.privacyshield.gov/list.