HIPAA Compliance in Zoho Checkout

The Health Insurance Portability and Accountability Act (including the Privacy Rule, Security Rule, Breach Notification Rule, and Health Information Technology for Economic and Clinical Health Act) (HIPAA) requires covered entities and business associates to take specific measures to protect health information that can identify an individual.

Zoho does not collect, use, store or maintain health information protected by HIPAA for its purposes. However, Zoho Checkout provides specific features to help its customers use the Zoho Checkout in a HIPAA-compliant manner.

HIPAA requires covered entities to sign a Business Associate Agreement (BAA) with their business associates. You can request our BAA template by sending an email to

Zoho Checkout - HIPAA Compliance

In Zoho Checkout, we provide ways for healthcare organizations to secure and restrict the export of individuals’ health information and stay compliant with the HIPAA guidelines.

Marking Electronic Protected Health Information (ePHI)

When you create a new custom field, you can choose to encrypt and save it as ePHI. The data entered in that custom field will be considered sensitive, so it’ll be encrypted and stored. Only users with access to protected data can view the fields. To create ePHI custom fields:


Encryption of ePHI

Encryption is the process of securing the entered information. This process will convert original information into cipher text, preventing the data from being stolen. All the custom fields marked as ePHI will be encrypted.