HIPAA Compliance

The U.S. healthcare industry must comply with standards like HIPAA, that regulate the use of sensitive patient information.

The uses of remote support software—from monitoring a patient's health remotely to managing special medical devices—has greatly helped the healthcare industry cross a lot of hurdles. However, because these activities involve transferring patient data across the Internet, remote support software must ensure data in transit cannot be intercepted.

How does Zoho Assist help a healthcare organization to comply with HIPAA?

Zoho Assist has a number of safeguards to help healthcare organizations fullfil their HIPAA requirements. Here are ways in which Zoho Assist will help your organization to achieve HIPAA compliance standard 164.312.

HIPAA RequirementsKey Aspects of the requirementFeatures that help you to fulfill HIPAA guidelines
Access Control - 164.312(a)(1) (R)Ensure that machines containing health information are accessed only by authorized individuals.
  • Consent-based access to unattended computers.
  • Technicians are required to enter admin credentials to bypass the UAC.
  • Different access levels for Super Admins, Admins, and Technicians.
  • Consent required for various remote support functions like file transfer, clipboard sharing, and session recording.
(R)Unique identification for every user and tracking user identityUnique email IDs can be used to track user identity. 
(A)A mechanism for encrypting and decrypting patient information.256-bit AES encryption ensures encryption of all patient data in transit.
Audit Controls - 164.312(b)(R)Functionalities that aid in recording and examining the activities of the information systems.
  • All sessions initiated from an organization can be recorded for auditing purposes.
  • Keep track of all the activities in your organization with the Action Log Viewer.
  • Analyze each and every session initiated from your organization with Session Reports.
Integrity - 164.312(c)(A)Protect the health information from being altered or deleted.Zoho Assist has mechanisms that ensure a high degree of integrity to protect patient information. They include:
  • Inactive session timeout.
  • Automatic lock of the remote screen at the end of each session.
Authentication - 164.312(D)Conduct verification to check if the person logging in or joining the session is the same person they claim to be.Zoho Assist has mechanisms that ensure a high degree of integrity to protect patient information. They include:
  • Two-factor Authentication
  • Unique Session ID for each session.
  • Technicians conducting the remote support session is approved and granted access by the administrator.
  • User authentication with an email address.