The Health Insurance Portability and Accountability Act (including the Privacy Rule, Security Rule, Breach Notification Rule, and Health Information Technology for Economic and Clinical Health Act) (“HIPAA”) requires Covered Entities and Business Associates to take specific measures to protect health information that can identify an individual. The act also provides certain rights to individuals.
Zoho does not collect, use, store, or maintain health information protected by HIPAA for its own purposes. However, there are specific features to help customers use Zoho Expense in a HIPAA-compliant manner.
HIPAA requires covered entities to sign a Business Associate Agreement (BAA) with their business associates. You can request our BAA template by sending an email to firstname.lastname@example.org.
In Zoho Expense, we provide the following features for healthcare organisations to secure and restrict the export of Electronic Protected Health Information (ePHI).
Note: You can add new fields with encryption only if you’re in the Premium and Enterprise plans of Zoho Expense.
When you create a new custom field, you can choose to encrypt and save it as ePHI. The data entered in that custom field will be considered sensitive, so it’ll be encrypted and stored. Only users with access to ePHI can view the fields. To create ePHI custom fields:
- Click Admin View.
- Go to Settings on the left sidebar. (OR) Click the Gear icon at the top right side.
- Go to Modules under Customization.
- Navigate to the module for which you want to add fields and switch over to the Fields tab.
- Click + New Custom Field on the top right corner.
- Enter the Label Name and select the Data Type.
- In the Data Privacy section, select Yes, it’s ePHI and PII. Encrypt and store it, if your transaction contains ePHI. The data in the field will be encrypted and stored. Only users with access to PII and ePHI will be able to view the details and this field cannot be used to perform an advanced search.
- Click Save. An encrypted custom field will be created.
Encryption is the process of securing the entered information. This process will convert original information into cipher text, preventing the data from being stolen. All the custom fields marked as ePHI will be encrypted.
The Users and Roles module in Zoho Expense lets you set permissions to restrict the users from accessing certain information.
Zoho Expense has the Activity Logs report to record the activities in your organisation. Activity Logs report helps admins to track and monitor deletions and modifications in the data anytime.