HIPAA Compliance in Zoho Checkout
The Health Insurance Portability and Accountability Act (including the Privacy Rule, Security Rule, Breach Notification Rule, and Health Information Technology for Economic and Clinical Health Act) (HIPAA) requires covered entities and business associates to take specific measures to protect health information that can identify an individual.
Zoho does not collect, use, store or maintain health information protected by HIPAA for its purposes. However, Zoho Checkout provides specific features to help its customers use the Zoho Checkout in a HIPAA-compliant manner.
HIPAA requires covered entities to sign a Business Associate Agreement (BAA) with their business associates. You can request our BAA template by sending an email to legal@zohocorp.com.
Zoho Checkout - HIPAA Compliance
In Zoho Checkout, we provide ways for healthcare organizations to secure and restrict the export of individuals’ health information and stay compliant with the HIPAA guidelines.
Marking Electronic Protected Health Information (ePHI)
When you create a new custom field, you can choose to encrypt and save it as ePHI. The data entered in that custom field will be considered sensitive, so it’ll be encrypted and stored. Only users with access to protected data can view the fields. To create ePHI custom fields:
- Click the Gear icon from the top right corner and navigate to Preferences.
- Switch to the Invoice Custom Fields tab and click +New Custom Field in the top right corner.
- Enter the Label Name and select the Data Type.
- In the Data Privacy section, select the ePHI option only if your transaction contains personal health information.
- Check Yes, if you want this field to be mandatory.
- Check Yes, if you want this field to be shown in the PDF.
- Click Save.
Encryption of ePHI
Encryption is the process of securing the entered information. This process will convert original information into cipher text, preventing the data from being stolen. All the custom fields marked as ePHI will be encrypted.