Ooops. That sounds like it's going to hurt. If not, it sends the message "Hey, say you're HIPAA compliant, but it doesn't matter if you're not (wink wink)"
I develop electronics and firmware for medical devices, I have (almost) nothing to do with regulations compliance (except to the extent that I'm working on something where there is an intersection, like storage of patient data). But anyway, not a day goes by that I don't hear someone ask, "Is that HIPAA compliant?"
So yeah. Companies that have used Zoom based on that claim are probably going to extract some blood out of Zoom.
If zoom was truly trying to market themselves as e2e, why is this only buried in one document rather than shouted from the hills?