Zoom for Telehealth


The Zoom integration with Epic enables the health care organizations to launch Zoom from within an Epic video visit workflow. Using context aware linking in Epic, a link to a zoom video session can be placed in an Epic appointment. This will enable Epic users to easily use Zoom and the Epic EHR in a streamlined side by side workflow.

  • Physicians will be able to go into their video visit appointments in Hyperspace and launch directly into the video visit in Zoom. They will continue to document in Epic while performing the video visit
  • Patients will be able to launch into Zoom from their MyChart Patient portal on their personal computer or mobile device.

If you are interested in learning more about the Zoom/Epic Telehealth integration or would like more information on Telehealth in Epic, please reach out to your Ambulatory TS.



  • A paid Zoom account
  • A Zoom user with a Pro license that will be used as the “Default Host” for Telehealth meetings.
  • Pro licenses available for each provider that will make Telehealth calls.

Installation and Configuration

Installing from the Zoom Marketplace

  1. Login to your Zoom account and navigate to the Zoom Marketplace.
  2. Search for Epic and click the app.
  3. If the app is not pre-approved, contact your Zoom admin to approve this app for your account.
  4. Click Install, confirm the permissions the app requires and choose Allow.
  5. An admin on your Epic account will need to complete the next steps.

Epic Configuration

Note: In order to obtain some of the configuration information, you will need to be in contact with your Epic technical representative for help on building the FDR links and workflow.

  1. In order to build the FDR links in Epic, you need to get your Zoom API key and secret. Navigate to created apps in the Zoom Marketplace and click your developer.zoom.us API (JWT).
  2. Click App Credentials on the left navigation. Copy your API Key and API Secret for use at a later step.
  3. Once you have installed the Epic app, you will need to configure the following fields:
    • Default Host User Email: This email address will be the default user that the Zoom meeting will be hosted for. Once the provider joins the meeting, they will become the host.
    • Provider User Type: The Zoom plan assigned to provider accounts when a user is automatically created as part of joining a telehealth meeting.
    • Encryption Key: The Zoom API Key from . This must be from a paid account and the same Key configured in the Epic system.
    • Encryption Secret: The Zoom API Secret from . This must be from a paid account and the same Secret configured in the Epic system.
    • Epic Environment: Set to “Test” if will be used with an Epic test environment or set to “Production” if will be used in a live Epic production environment.
    • Default Patient Admittance Policy: Set to “Automatically enter the meeting when the provider joins” if the patient should enter the meeting automatically when the provider joins the meeting. Set to “Be manually admitted to the meeting by the provider” if the patient should be admitted into the meeting manually by the provider.
    • Authorization Type
      • No Authorization: Select this if no authorization is required for Epic notifications.
      • Basic Authorization: Select this to use basic authorization for Epic notifications and enter the auth name and password:
        • Auth Name: The user name of an Epic account that will be used for notification authorization if basic authorization is enabled.
        • Auth Password: The password of an Epic account that will be used for notification authorization if basic authorization is enabled.
      • OAuth 2.0: Will be supported in the near future. Do not select this for now.
    • Endpoint URL: For “No Authorization” and “Basic Authorization” types, enter the URL from the Epic system where the Epic patient/provider join/leave notifications are to be sent to.
    • Enable TLS Mutual Authentication: Not currently supported - Do not enable this option.

Important: The Epic integration requires that the Zoom “Join Before Host” and “Waiting Room” features NOT be locked at the account level.

Epic Integration

  • When a provider or patient launch the URL’s, Epic will be passing some key information (org id, user type, session id, user id) to Zoom over an exclusive encrypted Telehealth API. Zoom will auto launch a video session based on attributes that are passed from Epic – there is no need to schedule these video visits in Zoom
  • If a patient joins the video visit before the provider, he/she will see a message “waiting for the host to start this meeting” and will be placed in the video session when the provider joins
  • When a patient launches the session, Zoom auto creates an encrypted password for that session – no one can join that session just with a zoom meeting id
  • If a patient drops out of the session, they can rejoin as long as the provider is still in the session
  • When a patient joins the session before the provider, the provider gets a notification from within Hyperspace – this is enabled through a call back from Zoom. This call back can be configured by the Zoom account admin under Integrations tab. The call back URL needs to provided by Epic.


  • Zoom is HIPAA compliant
  • All communications between Zoom and Epic as well as Zoom video sessions are encrypted with AES-256 bit encryption
  • Zoom video visits launched from Epic are dynamic password protected
  • All of your account level settings are applicable for your video visit sessions. That means, you can disable recordings, annotations etc. if needed for security reasons
  • When a video visit occurs, Zoom accounts are automatically created for patients and providers using information contained in the Epic FDI records. Patient accounts are automatically deleted when the video visit completes. Provider accounts (identified by email ending in “@zoomtelevisit.com”) can be manually deleted by an administrator in the Zoom web portal (Admin -> User Management -> Users).

How Your Data is Used

This app accesses and uses the following information from your Zoom account:

  • User first and last name - if email is provided to Zoom for a video visit, the corresponding Zoom account first and last name will be displayed during the video visit meeting.

  • Meeting settings - The account-wide meeting settings and/or the “default host’s” meeting settings will be used when creating a video visit meeting.

  • Meetings info - When a patient or provider joins a video visit, existing meetings are queried to determine if an existing meeting should be used or a new one should be created (to ensure all participants join the same meeting).

This app accesses and uses the following information from your Epic account:

  • Session ID - used to uniquely identify the epic video visit session when reporting patient and provider meeting connection status (connected/disconnected) to Epic.

  • Epic user ID - used to uniquely identify the patient or provider when reporting patient and provider meeting connection status (connected/disconnected) to Epic. Also used when automatically creating a Zoom account for the video visit meeting.

  • User first and last name - used used when automatically creating a Zoom account for the video visit meeting. Also displayed during the video visit meeting.

  • Epic launch code - when OAuth is enabled it is used to retrieve the Epic OAuth access token which is then used to authorize sending connection status notifications to Epic.

  • User email - if configured to be provided to Zoom, email is used to find the user’s Zoom account which would then be used for the video visit meeting.

  • User type - used to identify if the user is a patient or a provider. It is also included in the connection status notifications sent to Epic.

  • Zoom Room name - for Epic “monitor” calls, it is used to identify the Zoom Room to be called.


Epic “Green Light” Issue

A provider using Epic’s Hyperspace or other client can know when a patient joins the telehealth meeting by a “green light” that lights up. If there are problems with the green light not working correctly, there are “notification records” that can be used to help diagnose the cause. To access the notification records screen:

  1. Go to the Epic integration Marketplace listing and login if needed.
  2. Click the “Manage” tab and then the “Configure” button
  3. Click the “Notification Records” tab
  4. Enter the Zoom meeting ID of the meeting that the green light was not working properly and click the “Search” button.

A list of notification records should appear. Each row in the table corresponds to a notification that is sent to Epic telling it when patients and providers join and leave the meeting.

The “RespCode” column indicates if the notifiction was successfully handled by Epic. When successful, a “200” will be displayed for each record. A value other than “200” indicates there is a problem with the notifications reaching Epic which can cause the “green light” to not work properly. Some things to check if there are problems:

  • Depending on the authorization type enabled in the Epic integration configuration, confirm the “Endpoint URL” or “Endpoint Domain” is correct

  • If an IP whitelist is used, verify that all the Zoom IP addresses that can originate the notification are included in your network whitelist. The list of IP addresses can be found on Zoom’s network firewall or proxy server settings page (network firewall TCP addresses)

  • Verify the “FDI” records on Epic are setup correctly

For additional help or technical support please submit a ticket.