Stay HIPAA compliant with Zoho CRM

HIPAA requires that you ensure the integrity of protected health information and have necessary safeguards in place to protect ePHI (electronic protected health information) that is collected, accessed, processed, and stored when at rest or in transit. As a Business Associate, Zoho CRM ensures its customers have the ability to comply with HIPAA.

HIPAA Compliance

Here's how we can help you

  • Assess and track data sources
  • Encrypt protected health data
  • Restrict access to ePHI
  • Audit activity logs

Track data sources

Assess and capture customer data from various sources in one place. Record and track important customer information from various sources such as webforms, APIs, manual creations, and third-party integrations in each customer's record details.

ePHI encryption

Select fields that contain protected health information and encrypt them for additional security. Encrypting ePHI prevents unauthorized access to confidential data. Zoho CRM uses one of the strongest and most robust ciphers, AES (Advanced Encryption Standard), to encrypt sensitive data and AES-256 to secure data stored on our servers. This ensures data protection during transit and anonymity of customer information in case of a breach.

Access control of ePHI

Zoho CRM governs the disclosure of ePHI to its users and outside the CRM application. Restrict transfer of protected health information to other applications through API, and other Zoho and third-party applications integrated with CRM. You can also restrict the export of certain health fields from CRM modules.

Audit logs

Register all attempts by users to access ePHI and record what is done with the accessed data. Monitor deletions and modifications made to customer records at any time.

Note: Just viewing data will not be logged.

Disclaimer : The information presented herein should not be taken as legal advice. We recommend that you seek legal advise on what you need to do to comply with the requirements of HIPAA.