Zoom Serves Canadian Healthcare by Enabling PIPEDA & PHIPA Compliance
Protecting the security and privacy of our customers’ data is the top priority for Zoom. This includes complying with Canadian Data Protection regulations, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and, locally, the Personal Health Information Protection Act (PHIPA).
PIPEDA is a Canadian federal law that sets rules for how businesses must handle personal data in the course of commercial activity. PHIPA is a local, provincial (Ontario) legislation that protects the confidentiality and privacy of personal health information.
PIPEDA is close in structure to the GDPR regulations in the EU, and PHIPA closely aligns to the US HIPAA regulations. As you may know, Zoom enables compliance with both GDPR and HIPAA security standards.
How does Zoom protect its customers’ data? Zoom…
- Submits privacy practices to independent assessment and certification with TrustArc
- Undergoes an annual SSAE-16 SOC 2 audit by a qualified independent third-party
- Performs regular vulnerability scans and penetration tests to identify new threats
- Executes “Data Protection Agreements” for adequate transfer mechanisms
- Protects data in transit by TLS 1.2 using 256-bit Advanced Encryption Standard (AES-256)
- Leverages the physical and environmental protection of our TIER 1 data center providers. Zoom’s hosting facilities have 24/7 manned security and monitoring
- Does not monitor, view, or track the video or audio content of meetings or webinars
- Does not share customer data with third parties
- Limits retainment of accounts to 30 days after termination to assist with product reactivation upon request. After 30 days, the account is permanently deleted
Zoom is a popular choice among Canadian healthcare organizations for two reasons. First, Zoom has data centers in Toronto and Vancouver, so all live meeting data and traffic can be kept in Canada. Moreover, Amazon Web Services (AWS) will be available in early 2019 in Montreal, which means that 100% of data (live, recorded, and post-meeting metadata) will reside in Canada. Second, it’s critical for doctors to prove video session attendance and the timestamp of the start and finish to bill back to the province for payment. Zoom makes it easy to access each session’s timestamp and participant list.
Even our non-healthcare customers who work with Canadian healthcare organizations appreciate these features. “Zoom allowed us to present our equipment from Toronto to a hospital in Alabama, eliminating flight costs, hotels, rental cars, meals, as well as time away from family. This project was a smaller size win ($150,000), but it was our first measurable savings made possible by Zoom,” said Scott Flynn, regional manager at AMICO Corporation. “Given that each rep makes on average 25 trips to the territory each year and we have close to 50 reps across the company, Zoom’s savings are real!”
If you are a healthcare professional in Canada who is interested in learning more about the ways Zoom is used in your industry, from traditional practices to telehealth – sign up for a 1-on-1 demo with a Zoom product specialist today!
Editor’s note 6/4/20: We updated this blog to remove a customer quote.