• hot star
  • asian-paints
  • itc
  • royalenfield
  • seaworld
  • pidilite
  • hnm

Zoho Survey and HIPAA compliance

Data privacy and security are top priorities for Zoho Survey. Our privacy policy and security protocols are designed with the aim to protect all sensitive data classified as ePHI (electronic protected health information).

Numerous organizations across the healthcare industry use Zoho’s health care surveys to collect patient information. Survey’s security features are intended to help you distribute and collect ePHI easily and securely.

Zoho Survey
general privacy guidelines

Any entity may need to obtain ePHI through healthcare surveys for different purposes. Here’s a list of guidelines that help you process ePHI in a privacy friendly manner using Zoho Survey.

Patient registration & medical research

Collect patient information with encryption.


Conduct surveys with strict confidentiality using Zoho Survey.

Data access

Limit and monitor access to health care survey data.


Make data collection simple with securely prepopulated survey answers.

Steps taken by Zoho Survey to help you with your HIPAA compliance requirements

We are fully committed to data protection and security. Here are the methods we use to keep ePHI secure:

Multi-factor authentication

Multi-factor authentication

Multi-factor authentication provides an extra layer of security by requiring verification in addition to your password. You can configure multi-factor authentication, and reduce the risk of unauthorized access, using Zoho OneAuth.


Our survey tool supports custom field encryption, which allows you to encrypt any information collected from your respondents. Easily collect and store sensitive data with a multi-layer security protocol. All data transmitted to our servers is protected by strong encryption protocols. We use Transport Layer Security (TLS 1.2/1.3) encryption for all connections including web access, API access, our mobile apps.

ePHI encryption
Audit Logging

Audit logging

We monitor all information gathered from services such as internal traffic, device usage, and terminals. This information is recorded in the form of audit logs. Logs are analyzed to identify unusual employee account activities or attempts to access customer data.

Disaster recovery and business continuity plan

Application data is stored and replicated in two data centers. In case of primary DC failure, data can be recovered from the secondary DC. Our recovery plan includes technical procedures such as power backups, temperature control systems, and fire prevention systems to support infrastructure management and ensure the continuity of your business.

Disaster recovery

Business Associate Agreement (BAAs) with Zoho

HIPAA requires Covered Entities to sign a Business Associate Agreement (BAA) with its Business Associates. You can request our BAA template by sending an email to legal@zohocorp.com.

secure my data

Have more questions?

Visit our HIPAA Help page

To understand our security standards better, you can read our Whitepaper on Zoho security protocols.

Feel free to contact Us

Hipaa Certificate

We are Certified

The compliance certificate associated with Zoho’s compliance with HIPAA in its capacity as a Business Associate will be available for download on our accounts page.