Hope you are doing well.
We're glad to announce that Zoho Marketing Automation is now HIPAA compliant !
Zoho Marketing Automation is HIPAA compliant from September 21, 2021. The Health Insurance Portability and Accountability Act (HIPAA), originally put up by the US government, sets the standard for protection of patients' health data. Companies that deal with specific health information that is held or transferred in electronic form (ePHI) must be HIPAA compliant to manage and safeguard the data. Zoho does not collect, use, store or maintain health information protected by HIPAA for its own purposes. Also, Zoho Marketing Automation provides features to help its customers secure health related data within the premises of HIPAA compliance.
Labelling ePHI fields
Using Zoho Marketing Automation, you can identify and label custom fields containing ePHI data. This also helps you apply relevant controls like access control, audit control, encryption, anonymization etc. to the fields
2. Encrypting ePHI fields
Custom fields that are marked as containing ePHI can be encrypted in rest and transit just by checking the Encrypt Field option in the field settings. This will prevent anyone from breaching the security and accessing or tampering with the data.
3. Restricting ePHI transfer
Once you enable HIPAA compliance in the settings window, you will be presented with two options to restrict personal data from being accessed outside Zoho Marketing Automation. Either or both of these options can be enabled depending on the organization's requirements:
Restrict data access through API
Restrict data export
4. Auditing operations involving ePHI
All operations involving ePHI fields will be recorded in the Audit trail at each service. You can access Audit Logs to keep tabs on any alterations, exports or any other activities done with regards to the fields marked as ePHI.You can view the recorded logs for a period of 6 years.
5. Signing of BAA with our partners
Zoho Marketing Automation signs Business Associate Agreement in compliance with HIPAA guidelines with every subcontractor who has access to ePHI field data.
6. Restricting Customer ePHI access by Zoho corp employees
The access of customer ePHI data by Zoho corp employees are limited. Any access or changes to ePHI data from Zoho Marketing Automation's side is available as audit logs. These logs are monitored and periodically reviewed.
Feel free to drop your queries in the comments section or reach out to our support at firstname.lastname@example.org.