HIPAA Compliance with Bigin
The Health Insurance Portability and Accountability Act (including the Privacy Rule, Security Rule, Breach notification Rule, and Health Information Technology for Economic and Clinical Health Act) ("HIPAA"), requires Covered Entities and Business Associates to take certain measures to protect health information that can identify an individual. It also provides certain rights to individuals. Zoho does not collect, use, store or maintain health information protected by HIPAA for its own purposes. However, Bigin by Zoho CRM provides certain features (as described below) to help its customers use Bigin by Zoho CRM in a HIPAA compliant manner.
HIPAA requires Covered Entities to sign a Business Associate Agreement (BAA) with its Business Associates. You can request our BAA template by sending an email to legal@zohocorp.com
HIPAA compliance in Bigin
HIPAA compliance is applicable for the Contacts module in Bigin.
When a healthcare organization starts using Bigin to store customer information in a shared database, it is crucial that they ensure the confidentiality of an individual's health information.
In Bigin, we provide ways for healthcare organizations to secure and restrict export of individuals' health information and stay compliant with HIPAA.
The Bigin admins can achieve the above by performing the following steps:
1. Marking fields that contain PHI (Personal Health Information)
In the Contacts module, there may be only a few fields that contain personal health details of a customer. For example, surgical history, symptoms, medication details, etc. marking these fields as PHI will help the system identify and restrict access to these fields through API and prevent the export of these field values. A total of 30 fields can be marked as PHI fields.
In the Contacts module, there may be only a few fields that contain personal health details of a customer. For example, surgical history, symptoms, medication details, etc. marking these fields as PHI will help the system identify and restrict access to these fields through API and prevent the export of these field values. A total of 30 fields can be marked as PHI fields.
Note: Lookup and auto number fields cannot be marked as PHI.
2. Setting restrictions for the data marked as PHI
There are four options for restricting PHI from being accessed outside Bigin. Any of these options can be enabled depending on the org's requirements:
There are four options for restricting PHI from being accessed outside Bigin. Any of these options can be enabled depending on the org's requirements:
- Restrict data access through API
Other applications can connect with Bigin using API and data can be transferred. You can ensure that PHI of your customers is not shared in the process, by restricting transfer of personal health data to other applications via API. - Restrict data export
While exporting data from the Bigin account you may want to withhold PHI from being exported by enabling this option. - Restrict data transfer to Zoho Services
If the Bigin account is integrated with other Zoho applications like Desk, Campaigns, Books etc. the data will flow from Bigin to these applications. This option will prevent PHI from being transferred to other apps. - Restrict data transfer to third party Services
If your Bigin account is integrated with third party applications, there will be data flow from Bigin to these apps when the records are synced between Bigin and the third party services. This option will prevent PHI from being transferred to other apps.
3. Encrypting PHI fields
Fields that are marked as PHI can be encrypted for additional security. Though field encryption is not a mandatory step in Bigin, we strongly recommend you enable encryption as it is the best practice to prevent unauthorized access.
Refer to the
Zoho Encryption whitepaper to understand the encryption process and key management in detail.
To configure HIPAA compliance
- Go to Settings > Users and Controls > Compliance.
- Click the HIPAA Compliance tab.
- Enable the HIPAA Compliance button.
- In Personal Health Data Handling section, toggle any of the following options, as required:
- Restrict Data access through API
- Restrict Data in Export
- Restrict Data transfer to Zoho Services
- Restrict Data transfer to Third-party Services.
To mark fields that contain personal health data
- Go to Settings > Fields.
- In Contacts module, go to the desired field and click the Edit icon.
- Check the Contains Personal Health Data box.
Remember that this option will only appear if HIPAA compliance is enabled in your Bigin account.
Disabling HIPAA compliance
Once HIPAA compliance is disabled, the fields that have been marked as PHI will be unmarked. The admin can mark the fields again when they re-enable the HIPAA compliance.
Viewing personal data of the records
All the fields that are marked as containing PHI will be listed in the record detail page. Under Data Privacy, in the Personal Data section, you can click the Health tab to view the fields that have PHI.
Kindly note that the content presented here is not to be construed as legal advice. Please contact your legal advisor to learn how HIPAA impacts your organization and what you need to do to comply with the HIPAA.
Access your files securely from anywhere
Zoho CRM Training Programs
Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.
Zoho DataPrep Personalized Demo
If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.
- Zoho Workerly Home
- Forums
- Connect With Us:
- Zoho Recruit Home
- Forums
- Connect With Us:
New to Zoho Writer?
Create. Review. Publish.
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.
New to Zoho Survey?
Zoho Sheet Resources
Zoho Forms Resources
New to Zoho Sign?
Zoho Sign Resources
Sign, Paperless!
New to Zoho TeamInbox?
Zoho TeamInbox Resources
New to Zoho ZeptoMail?
Design. Discuss. Deliver.
New to Zoho Workerly?
New to Zoho Recruit?
New to Zoho CRM?
New to Zoho Projects?
New to Zoho Sprints?
New to Zoho Assist?
New to Bigin?
Related Articles
Manage Compliance
Under compliance settings, you need to first switch on GDPR compliance settings if it applies to your business. Enable GDPR Compliance To enable GDPR compliance Click Setup > Users and Control > Compliance. In the Compliance page, toggle the button ...How to find Bigin's privacy policy?
To find Bigin's privacy policy 1. Open the Bigin app on your Mac. 2. Click Bigin in the menu bar that runs along the top of the screen. 3. Select Preferences in the dropdown to open Settings in Bigin. 4. Switch to the Help & Support tab that is ...How to find Bigin's privacy policy?
To find Bigin's privacy policy 1. Open the Bigin app on your smartphone. 2. Tap the More icon at the bottom right of the screen. 3. Select Settings . 4. Switch to the Help & Support tab that is adjacent the title Settings. 5. Scroll and find Legal > ...How to find Bigin's privacy policy?
To find Bigin's privacy policy 1. Open the Bigin app on your iPad. 2. Tap on Settings at the bottom right of the screen. 3. Switch to the Help & Support tab that is adjacent the title Settings. 4. Scroll and find "Legal". 5. Tap on "Privacy Policy". ...Eventbrite for Bigin
Eventbrite is a global platform for creating, managing, and promoting events. It offers tools for event registration, ticketing, and attendee management, catering to both small and large-scale events. With a user-friendly interface, Eventbrite ...
New to Zoho LandingPage?
Zoho LandingPage Resources