Are AHS Zoom Video Conferences Secure?

Question: Does use of the AHS Zoom video conferencing tool satisfy privacy and security requirements when used for physician-to-physician collaboration or physician-to-patient care?

Context: AHS Zoom is one of a number of video conferencing and virtual care tools supported by Alberta Health Services Unified Communications and Virtual Health. It is available inside and outside of Connect Care contexts and is well suited to situations where communication must bridge AHS networks to reach providers or patients using external or personal networks and devices.

Answer: Zoom is freely available to anyone via free and paid accounts. These may not satisfy Alberta's requirements for privacy protection. However, if AHS Zoom is used within the Connect Care clinical information system, or outside Connect Care via the AHS Zoom gateway, then privacy protections are legislation and standards-compliant. This is because the AHS enterprise instance of Zoom ensures full encryption and avoidance of any data transfers outside Canadian network contexts.  This applies to both basic and advanced accounts provided via AHS. The health instance of Zoom is HIPPA, PIPEDA and DPA compliant.


Zoom is Canada Personal Information Protection and Electronic Documents Act (PIPEDA), Canada Personal Health Information Protection Act (PHIPA), and Health Insurance Portability and Accountability Act (HIPAA) compliant with complete end-to-end encryption.  Personal Health Information (PHI) is protected and there is no persistent storage of information transmitted. The AHS Zoom instance enables the following best practices:
  • Submit privacy practices to independent assessment and certification with TrustArc
  • Undergoing an annual SSAE-16 SOC 2 audit by a qualified independent third-party
  • Performing regular vulnerability scans and penetration tests to evaluate our security posture and identify new threats