Safeguard electronic health data and stay HIPPA compliant with Zoho Lens.

The Health Insurance Portability and Accountability Act (including the Privacy Rule, Security Rule, Breach notification Rule, and Health Information Technology for Economic and Clinical Health Act) ("HIPAA"), requires Covered Entities and Business Associates to take certain measures to protect health information that can identify an individual. It also provides certain rights to individuals. Zoho does not collect, use, store or maintain health information protected by HIPAA for its own purposes. However, Zoho Lens provides certain features (as described below) to help its customers use Zoho Lens in a HIPAA compliant manner.

HIPAA requires Covered Entities to sign a Business Associate Agreement (BAA) with its Business Associates. You can request our BAA template by sending an email to

Augmented reality-based remote support software has helped the healthcare industry cross numerous hurdles, from monitoring a patient's health remotely to managing crucial medical devices. However, because these activities involve transferring patient data across the internet, it's important to ensure sensitive data is encrypted both during transit and at rest.

Here's how Zoho Lens can help you:

  • Encrypt all personally identifiable information (PII) and electronic health data
  • Provide audit logs
  • Assess data requirements
  • Limit access to required data

What constitutes to be ePHI (electronic Personal Health Information)

Patient Name, Patient Email ID, Support Session Agenda, Session Description and Session Recordings are considered ePHI.

How does Zoho Lens help healthcare organizations comply with HIPAA?

Zoho Lens has a number of safeguards in place to help healthcare organizations fulfill their HIPAA requirements.

Here are some ways Zoho Lens will help your organization achieve HIPAA compliance.

 Features that help you fulfill the requirement
Access Control
  • Different access levels for Super Admins, Admins, and Technicians.
  • Consent is required for session recording and SMS invite.
Unique email IDs can be used to track user identity.
Audit Controls
  • All sessions initiated by an organization can be recorded for auditing purposes.
  • Keep track of all the activities in your organization with the Action Log Viewer. (Data will be retained for a period of one year, which can be exported at anytime.)
  • Analyze every session initiated by your organization with Session Reports.
IntegrityZoho Lens has mechanisms in place to protect patient information. They include:
  • Idle session time-out.
AuthenticationZoho Lens has mechanisms in place to protect patient information. They include:
  • Two-factor authentication
  • Unique Session ID for each session.
  • Technicians conducting the remote support session are approved and granted access by the administrator.
  • Technician authentication with an email address.
EncryptionZoho Lens encrypts the ePHI data both in Transit and at Rest.
  • Encryption in transit refers to data that is encrypted when it is in transit, including from your browser to the web server and other third parties via integrations.
  • Encryption at rest refers to data that is encrypted when it is stored (not moving), either on a disc, in a database, or some other form of media.
  • Encryption is performed at the application layer using the AES-256 algorithm, which is a symmetric encryption algorithm and uses 128-bit blocks and 256-bit keys. This ensures encryption of all patient data.
  • Our servers encrypt and store the snapshots, session notes and session recordings captured during Zoho Lens remote assistance sessions. Know more.