Zoho One HIPAA Compliance

Introduction

The Health Insurance Portability and Accountability Act (including the Privacy Rule, Security Rule, Breach notification Rule, and Health Information Technology for Economic and Clinical Health Act) (“HIPAA”), requires Covered Entities and Business Associates to take certain measures to protect health information that can identify an individual. It also provides certain rights to individuals. Zoho does not collect, use, store, or maintain health information protected by HIPAA for its own purposes. However, Zoho One provides certain features (as described below) to help its customers use Zoho One in a HIPAA compliant manner. HIPAA requires Covered Entities to sign a Business Associate Agreement (BAA) with its Business Associates. You can request our BAA template by sending an email to legal@zohocorp.com.

HIPAA Compliance in Zoho One

Zoho One enables administrators to protect the ePHI of users in their organization with the following measures:

  1. Mark fields containing ePHI
  2. Encrypt ePHI field data
  3. Export ePHI as password-protected files
  4. Get audit trail

Mark fields that contain ePHI

Zoho One provides an option to mark fields that contain ePHI. Administrators can create ePHI fields or mark existing fields as ePHI fields.

To create ePHI fields,

  1. In the Admin Panel, go to Users.
  2. Click Manage Fields, then click Add Custom Field.
  3. Enable the Contains Health Information (ePHI) toggle button and fill out the remaining fields as discussed here.

To mark existing fields as ePHI,

  1. In the Admin Panel, go to Users.
    Click Manage Fields.
  2. Hover over the required field and click Edit.
  3. Enable Contains Health Information (ePHI) toggle button and click Update.
Checkbox, decimal, percent, and pick list fields cannot be marked as ePHI. Learn more about ePHI fields. You can also mark a field as ePHI when adding it.

Encrypt ePHI fields

In Zoho One, all fields marked as ePHI will be encrypted by default. 

Export ePHI as password protected files

Zoho One provides an option to export user data under Users in the Admin Panel. Administrators can choose to export this as password-protected files.

Get audit trail

Zoho One stores a complete audit trail of user activity on all user fields in the backend. You can reach out to support@zohoone.com to get the audit trail on ePHI fields.