Zoho Invoice


United States
United Kingdom
Saudi Arabia
United Arab Emirates

HIPAA Compliance With Zoho Invoice

The Health Insurance Portability and Accountability Act (including the Privacy Rule, Security Rule, Breach Notification Rule, and Health Information Technology for Economic and Clinical Health Act) (“HIPAA”) requires Covered Entities and Business Associates to take specific measures to protect health information that can identify an individual. The act also provides certain rights to individuals.

Zoho does not collect, use, store or maintain health information protected by HIPAA for its own purposes. However, Zoho Invoice provides specific features to help its customers use the Zoho Invoice in a HIPAA-compliant manner.

HIPAA requires Covered Entities to sign a Business Associate Agreement (BAA) with their Business Associates. You can request our BAA template by sending an email to legal@zohocorp.com.

Zoho Invoice - HIPAA Compliance

In Zoho Invoice, we provide ways for healthcare organizations to secure and restrict the export of Electronic Protected Health Information (ePHI).

Marking fields that contain ePHI

When you create a new custom field, you can choose to encrypt and save it as ePHI. The data entered in that custom field will be considered sensitive, so it’ll be encrypted and stored. Only users with access to protected data can view the fields. To create ePHI custom fields:

Encryption of ePHI

Encryption is the process of securing the entered information. This process will convert original information into cipher text, preventing the data from being stolen. All the custom fields marked as ePHI will be encrypted.

Administering Users and Roles

The Users and Roles module in the Zoho Invoice lets you set permissions to restrict the users from accessing certain information. Learn more.

Activity Logs to Track Data Sources and Modifications

Zoho Invoice has the Activity Logs report to record the activities in your organization. Activity Logs report helps admins to track and monitor deletions and modifications in the data anytime.

Was this document helpful?
Thank you for your feedback!