HIPAA Compliance with Zoho People

 

Introduction

The Health Insurance Portability and Accountability Act (including the Privacy Rule, Security Rule, Breach notification Rule, and Health Information Technology for Economic and Clinical Health Act) ("HIPAA"), requires Covered Entities and Business Associates to take certain measures to protect health information that can identify an individual. It also provides certain rights to individuals.

Zoho People does not collect, use, store or maintain health information protected by HIPAA for its own purposes. However, Zoho People provides certain features (as described below) to help its customers use Zoho People in a HIPAA compliant manner.

HIPAA requires Covered Entities to sign a Business Associate Agreement (BAA) with its Business Associates. You can request our BAA template by sending an email to legal@zohocorp.com .

Features in Zoho People that enable you to achieve HIPAA compliance

As many organizations use Zoho People and share employee information on the cloud, it is important that the health information and related HIPAA identifiers are protected and recorded in a confidential manner.

1. Labelling of Electronic protected health information (ePHI)

Custom fields that contain personal health details can be marked as 'ePHI'. This applies to single line, multi line and number custom fields.

Navigate to Settings > Customization > Forms and select the respective form.

Go to Field Properties and check the 'Mark as ePHI' option. By labelling the field as ePHI, audit and encryption options will be enabled by default. Learn more.

2. Encryption of ePHI

Employee fields containing ePHI data in forms can be encrypted.All files are encrypted at rest.Learn more.

3. Audit trail of ePHI

Using the audit history feature, any changes made to data in the ePHI related fields can be tracked. Audit trail records the change in data of the fields for which you have enabled audit. Audit can be enabled for a field under form customization. Audit history can also be exported. Learn more.

4. Activity Log of ePHI

Activity logs can help track the various changes made to entities that can contain ePHI related data. A detailed log on the date, time of the action, the name of the employee who performed the action, and other details about the action can be seen under the activity log. Learn more.

5. Export History of ePHI

The overall history of all exports can be tracked and viewed under Settings > Data Administration > Export History.

6. Controlling access to ePHI

You can define who can perform add, edit, view and delete actions for ePHI related fields and records. Learn more.

Other security measures offered by Zoho People

  1. User Access Control
  2. Data Backup
  3. ISO certificates