Zoom reaches settlement over encryption claims

Video conferencing company Zoom reached a settlement with the Federal Trade Commission over claims that the company used end-to-end encryption in its video calls, when it reportedly used a lower level of security.

With a temporary lift in telehealth restrictions, many clinicians have also adopted Zoom as a tool for video visits. But the company’s privacy practices have recently come under fire, in a complaint filed by the Federal Trade Commission related to Zoom’s encryption claims.

The agency had filed a complaint against Zoom for claiming since 2016 that it had end-to-end 256 bit encryption, when it allegedly had cryptographic keys that would allow it to access the content of customers’ meetings.

Zoom reportedly touted end-to-end encryption in HIPAA compliance guide for healthcare customers. But Zoom did not provide end-to-end encryption, and used a shorter encryption key, AES 128-bit encryption, according to the compliant. The company has marketed a telehealth version of its platform since at least 2017.

The company also claimed that recorded meetings were stored encrypted in cloud storage, when the recordings were stored unencrypted for 60 days, according to the complaint.

Zoom agreed to improve its security in a in a tentative settlement it struck on Monday with the Federal Trade Commission. Two weeks prior, it announced it would offer 256-bit end-to-end encryption to all of its users. More recently, the company also touted new features for its healthcare users, including the ability to record Zoom sessions to the cloud, and to conduct voice calls or chats.

The company sells the healthcare version of its software, which it says is HIPAA compliant, to hospitals and physician practices.

In an emailed statement, a company spokesperson wrote, “Zoom is neither a covered entity nor a business associate. We do not have access to any identifiable (personal health information) of a covered entity that may use our services. Therefore, we do not fall under HIPAA compliance rules. Zoom helps your program or organization be HIPAA compliant.”

It’s not clear how many clinicians have picked up Zoom’s software since the start of the pandemic—and the company has not yet shared a number. But according to a survey conducted by Sermo, a significant portion of physicians reported turning to video conferencing tools like Zoom or Skype for remote treatment.

Photo credit: Epoxydude, Getty Images

Topics

No comments

Zoom reaches settlement over encryption claims

Video conferencing company Zoom reached a settlement with the Federal Trade Commission over claims that the company used end-to-end encryption in its video calls, when it reportedly used a lower level of security.

Topics

From the MedCity Team

MedCity Pivot Podcast: A conversation with Mark Bertolini about healthcare policy, Covid-19 and 5G in healthcare

Transforming the patient experience to enable informed healthcare decisions

Aetna, McLaren Physician Partners collaborate to extend coverage in Michigan

Using Digital Engagement to Solve Pain Points along the Patient Journey: How to Deliver Better Outcomes for Patients and Brands

How can payers use financial incentives to guide consumer health spending behavior?

Topics

Hear the latest industry news first. Sign up for our daily newsletter.

The Deloitte Review on the essence of resilient leadership

MedCity >> Inbox

From the MedCity Team

MedCity Pivot Podcast: A conversation with Mark Bertolini about healthcare policy, Covid-19 and 5G in healthcare

Transforming the patient experience to enable informed healthcare decisions

Aetna, McLaren Physician Partners collaborate to extend coverage in Michigan

Covid-19 pandemic spurs health plans to re-evaluate how they communicate with members