HIPAA Video Meeting Requirements: What Healthcare Teams Need to Know
HIPAA does not ban video meetings, but it does require that any platform used to discuss or display protected health information (PHI) meets specific technical and administrative safeguards. Many healthcare teams use consumer video tools without realizing they may not satisfy these requirements.
What HIPAA requires from video meeting platforms
- Business Associate Agreement (BAA): any vendor that processes PHI on your behalf must sign a BAA. Consumer plans of major video platforms typically do not include BAA availability.
- Encrypted transmission: HIPAA requires that PHI in transit is encrypted. Most major video platforms use TLS for transport, which satisfies this requirement.
- Access controls: the platform should support waiting rooms or equivalent controls to prevent unauthorized access to calls.
- Audit controls: some HIPAA implementations require logs of who accessed a meeting.
The AI notes question in healthcare
If your platform uses a third-party AI notetaker bot that processes audio on external servers, you need to ensure that vendor also has a signed BAA and satisfies HIPAA technical safeguards. This is a common gap: teams enable AI notes from a third-party tool without verifying the tool's HIPAA compliance status.
MeetOye's approach
MeetOye supports strict E2EE mode for calls where maximum privacy is required. In strict E2EE mode, Oya transcription and recording are disabled, and media stays within participant browsers. For healthcare teams evaluating MeetOye for clinical use, contacting the team about BAA availability and self-hosting options is the recommended first step.