HIPAA & BAA · Video conferencing
Is Zoom HIPAA compliant?
Conditionally. Zoom will sign a BAA for eligible Business/Enterprise (and Healthcare) plans and supports HIPAA-compliant use once the BAA is executed and account settings are hardened, but the free and individual Pro tiers are not eligible.
Key facts
- BAA available: Conditionally — on specific plans
- What it takes: Eligible Business or Enterprise plans (and Zoom for Healthcare); requires executing Zoom's standard BAA and enabling HIPAA/healthcare account settings. Free Basic and individual Pro plans do not qualify.
- Official source: Zoom Trust Center — Health Data & HIPAA — https://www.zoom.com/en/trust/legal-compliance/hipaa-ready/ (verified 2026-06)
How to use Zoom in a HIPAA-compliant way
- Purchase a qualifying Zoom plan (Business, Enterprise, or Zoom for Healthcare).
- Request and execute Zoom's standard BAA through your account team or Trust Center (custom BAAs are not accepted).
- Enable the HIPAA/healthcare account configuration in the Admin Portal and disable features not covered (e.g., certain AI/transcription features).
- Enforce encryption, waiting rooms, authentication, and restrict cloud recording per policy.
- Train staff and keep the executed BAA and configuration evidence on file.
Important caveats
- Zoom Basic (free) and Pro (individual) plans are never HIPAA-eligible.
- Certain AI features (e.g., AI Companion/transcription) are disabled or restricted once a BAA is in place.
- A signed BAA alone is insufficient — HIPAA account settings must be enabled and you must apply your own safeguards.
The bottom line
No software is "HIPAA compliant" on its own. HIPAA compliance is a property of your organization, not a tool. Even with a signed BAA, you remain responsible for configuring Zoom correctly, limiting access to PHI, training staff, and maintaining your own safeguards. This page is general information, not legal advice; confirm current terms with Zoom.
Frequently asked questions
Does Zoom sign a BAA?
On specific plans. Eligible Business or Enterprise plans (and Zoom for Healthcare); requires executing Zoom's standard BAA and enabling HIPAA/healthcare account settings. Free Basic and individual Pro plans do not qualify. A signed BAA is required before any PHI is involved.
Is Zoom HIPAA compliant out of the box?
No software is "HIPAA compliant" by itself. Even when Zoom offers a BAA, you are responsible for signing it, configuring the product correctly, restricting access, and maintaining your own administrative, physical, and technical safeguards.
What should I check before using Zoom with PHI?
Zoom Basic (free) and Pro (individual) plans are never HIPAA-eligible.