We really want to bring you uplifting news as often as we can in this tumultuous time, but we are bummed to announce that we need to report on Zoom’s growing list of known privacy issues.
Many of us are using Zoom for our teletherapy sessions because of it’s high stability and good video/audio quality. We’re especially using it because of its ability to smoothly handle numerous people in one call — in other words, it’s great for group teletherapy.
Unfortunately, Zoom’s boom in popularity has made some rather significant privacy issues become apparent. An examination of those issues doesn’t leave us feeling confident that Zoom is something we would recommend for healthcare professionals. We all need to make our own risk-benefit decisions, though, so we offer you this video Roy did on FB Live exploring the issue.
A Summary of the Points
1) Zoom’s privacy issues are significant, and are being revealed by COVID-19, but the utility of Zoom is extremely high
- Zoom was just revealed to have been sending large amounts of data about users over to Facebook.
- It was also reported that Zoom has a vulnerability that can allow an attacker to take over Windows computers.
- Zoom had a very significant security issue about a year ago, but Person Centered Tech was ambivalent about giving Zoom an official thumbs down at the time because of its high utility.
- Zoom’s corporate privacy culture seems to prioritize features and ease-of-use over ensuring privacy.
- We tried to get Zoom to tell us if the Facebook privacy leak impacted Zoom for Healthcare customers (the Zoom service tier that meets HIPAA requirements.) Several days later, we still cannot get them to answer that question.
Zoom’s internal culture is coming into focus, and it leaves us very worried about the risks of using Zoom for healthcare services.
2) Zoom is the “best” option for online groups. Alternatives are out there, but they aren’t quite as great as Zoom.
- Google Meet, when used as part of a GSuite account with a HIPAA Business Associate Agreement, can manage large group meetings and meets HIPAA requirements — even without the COVID-19-related emergency changes to HIPAA.
- A colleague of Roy’s, who has done group telemental health for years, used to use MegaMeeting for online groups. PCT has not reviewed that product, but their website is very clear that they provide HIPAA Business Associate Agreements and work to meet HIPAA needs.
- VSee Clinic and Doxy.me can handle small groups.
Want to make sure you see all the FB Live updates Roy is doing during the COVID-19 response? Like or follow our Facebook page here.