Does Zoom sign a HIPAA BAA?

Yes — Zoom offers a HIPAA Business Associate Agreement for healthcare customers, but it requires a paid Zoom for Healthcare plan or an eligible Business or Enterprise plan with HIPAA features enabled. Free Zoom accounts are not covered and cannot be used for telehealth sessions involving PHI.

Is standard Zoom HIPAA compliant for telehealth?

Standard Zoom plans (free or basic paid) are not HIPAA compliant for telehealth. HIPAA compliance requires Zoom for Healthcare or an eligible Business/Enterprise plan with HIPAA mode enabled, which turns off certain AI features (like Zoom AI Companion) and requires a signed BAA. The free Zoom plan should never be used for telehealth sessions involving PHI.

What features are disabled in HIPAA mode on Zoom?

When HIPAA mode is enabled on Zoom, features that could expose PHI to third parties are disabled, including: Zoom AI Companion (meeting transcription and summaries), meeting recording storage in Zoom's cloud (unless you have Zoom for Healthcare), smart summaries, and certain third-party app integrations. Local recording to your own systems remains available.

Vendor BAA Guide

Does Zoom Sign a HIPAA Business Associate Agreement?

By BAA Generator Editorial · Published Apr 19, 2026 · Last reviewed Apr 19, 2026 · 5 min read

Key Takeaways

✓ Yes — Zoom signs a HIPAA BAA for healthcare customers on eligible paid plans
✓ Requires Zoom for Healthcare or Business/Enterprise plans — free accounts are not covered
✓ HIPAA mode must be explicitly enabled in account settings — it is not on by default
✓ Enabling HIPAA mode disables Zoom AI features including meeting transcription and summaries
✓ Request the BAA through Zoom's HIPAA BAA request form or your account rep

Direct answer: Yes — Zoom offers a HIPAA Business Associate Agreement for healthcare customers on Zoom for Healthcare and eligible Business/Enterprise plans. The BAA is not automatic — you must request it through Zoom's healthcare compliance process and enable HIPAA mode in your account settings. Free Zoom accounts cannot be used for telehealth involving PHI.

Telehealth has made Zoom one of the most important platforms in modern healthcare delivery. But Zoom's default configuration is not HIPAA compliant — specific steps are required to bring it into compliance for PHI handling. Here's exactly what you need to know.

Which Zoom Plans Support HIPAA Compliance?

Zoom's HIPAA BAA is available for:

Zoom for Healthcare — a dedicated healthcare-focused plan with HIPAA compliance built in
Zoom Business and Business Plus — HIPAA mode can be enabled on eligible paid plans
Zoom Enterprise — full HIPAA support with dedicated account management

Not supported: Zoom Basic (free), Zoom Pro (individual paid plan). These plans do not qualify for HIPAA compliance and should never be used for telehealth sessions involving PHI.

How to Get Zoom's HIPAA BAA

Zoom does not automatically provide a BAA when you sign up for an eligible plan. You must:

Purchase a qualifying Zoom plan (Zoom for Healthcare, Business, or Enterprise)
Contact Zoom through their HIPAA BAA request process (available in Zoom's Trust Center or through your account representative)
Sign the BAA — Zoom will provide the document for your signature
Enable HIPAA mode in your Zoom Admin Portal under Account Management > Account Settings > Security

HIPAA mode is not active by default, even on qualifying plans. Both the BAA and HIPAA mode configuration are required for compliant use.

What HIPAA Mode Disables on Zoom

When HIPAA mode is activated, Zoom disables features that could expose PHI to third-party AI processing or unauthorized storage:

Zoom AI Companion — meeting summaries and transcription are disabled (AI processes data on external servers)
Cloud recording — disabled by default (local recording to your own HIPAA-compliant storage remains available)
Smart chapter notes and highlights — disabled
Third-party Zoom Marketplace apps — apps with PHI access require their own BAAs

These trade-offs are important to understand before switching to HIPAA mode — some productivity features your staff relies on will be unavailable.

What Zoom's BAA Covers

Zoom's HIPAA BAA governs how Zoom handles PHI transmitted or stored through Zoom's systems. It covers:

Zoom's obligations to safeguard PHI during video sessions
Breach notification requirements to your organization
Zoom's subprocessor arrangements
Return or deletion of PHI upon account termination

Zoom's BAA covers Zoom's platform. Your organization still needs BAAs with any other vendors that access PHI stored or transmitted through Zoom.

Need a BAA for another vendor?

Generate HIPAA-compliant Business Associate Agreements for your billing company, IT provider, cloud storage, and more — free to start.

Generate BAA for Free →