HIPAA Support
Super admins and admins can enable/disable HIPAA Support. Managers and admins can mark registration form fields as ePHI/PII. Staff will not have access to this information.
The Health Insurance Portability and Accountability Act (including the Privacy Rule, Security Rule, Breach notification Rule, and Health Information Technology for Economic and Clinical Health Act) ("HIPAA"), requires
Covered Entities and Business Associates
to take certain measures to protect health information that can identify an individual. It also provides certain rights to individuals. Zoho does not collect, use, store or maintain health information protected by HIPAA for its own purposes. However, Zoho Bookings provides certain features (as described below) to help its customers use Zoho Bookings in a HIPAA compliant manner.
HIPAA requires Covered Entities to sign a Business Associate Agreement (BAA) with its Business Associates. You can request our BAA template by sending an email to legal@zohocorp.com .
Zoho Bookings has provisions to protect ePHI. When collecting customer information (ePHI/PII), registration form fields can be set up for secure handling.
Below are what you can do with respect to HIPAA compliance inside Zoho Bookings:
- Enabling HIPAA
- Encrypting ePHI/PII
- Disabling HIPAA
Enabling HIPAA
- Click the Manage Business
icon and select General.
- Click Privacy & Security. You can see the HIPAA Support section which is set to 'Disabled' by default. Click the toggle to enable HIPAA Support.
-
HIPPA Support is now Enabled.
Encrypting ePHI/PII
You can facilitate encryption and decryption on sensitive data for both new or existing
custom registration form fields
.
Encryption & Auditing
The data captured in registration form fields marked as ePHI/PII is
- encrypted at rest
- not shared outside Zoho Bookings (not even to other Zoho apps)
- masked while displayed anywhere inside the app
- audited continuously and monitored for activity
Data audits help you secure your customers' data and monitor for unexpected changes or usage trends. Zoho Bookings will record the audit logs–i.e., information about every addition, update, and deletion made to customer database records–in the backend for a duration of up to 1 year. The audit log can be shared with you only upon request.
Drop in an email to
support@zohobookings.com, if you'd like to access audit logs.
Note: HIPAA support can be invoked only on
guest user fields and on SingleLine, CheckBox, DropDown, Email, RadioButton, and Date
custom field types only. HIPAA support cannot be invoked on
default fields (Name, Email, and Contact Number) and on custom MultiLine field types, as of now.
Marking ePHI/PII
To mark fields as ePHI/PII:
- Navigate to Manage Business > Workspaces > (select a workspace) > Booking Form. Edit the field (Blood Pressure, in this case) that would contain sensitive information.
Check Mark as ePHI/PII to denote that the field (Blood Pressure, in this case) would contain sensitive information and click Save.
The selected field is marked as ePHI/PII.
Encrypting Multiple Fields
HIPAA support can be invoked on more than one field. However, when you try to mark more than one field as ePHI/PII, you might receive an error message like the below.
This is because once a registration form field is marked as ePHI/PII, it takes some time in the backend to set it up. If another field is marked as ePHI/PII simultaneously while the setup for the first field is in progress, it might disrupt the setting altogether. To avoid this, it is advised to try marking the other field as ePHI/PII at a little while later.
Disabling HIPAA Support
- Click the Manage Business
- Click Privacy & Security. Click the HIPAA Support toggle which is set to 'Enabled'.
-
A delete confirmation appears and informs you that the registration form fields will not be treated as sensitive. You will also not be able to mark them as ePHI/PII going forward. Click Yes, Disable HIPAA Support to proceed.
-
The HIPAA Support section is set to 'Disabled' now.
-
Existing registration form fields are no longer marked ePHI/PII. They also do not have the option to be marked as ePHI/PII.
Plans supporting this feature
| Product/Service |
Applicable Plans |
| Zoho Bookings |
Premium |
Note: You can view all the pricing plans for Zoho Bookings here.
Access your files securely from anywhere
Zoho CRM Training Programs
Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.
Zoho DataPrep Personalized Demo
If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.
- Zoho Workerly Home
- Forums
- Connect With Us:
- Zoho Recruit Home
- Forums
- Connect With Us:
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.
New to Zoho Survey?
Zoho Sheet Resources
Zoho Forms Resources
New to Zoho Sign?
Zoho Sign Resources
Sign, Paperless!
New to Zoho TeamInbox?
Zoho TeamInbox Resources
New to Zoho ZeptoMail?
Zoho DataPrep Resources
Design. Discuss. Deliver.
New to Zoho Workerly?
New to Zoho Recruit?
New to Zoho CRM?
New to Zoho Projects?
New to Zoho Sprints?
New to Zoho Assist?
New to Bigin?
Related Articles
Record Screen and Submit Support Request
What Does This Page Cover? Learn how to record screen and submit a support request, which enables you to solve your queries much easier and faster. Availability This feature is available for all pricing plans. Overview Initiating a support request, ...Zoho Assist Integration
Super admins and admins can configure, view and modify the Zoho Assist integration. Managers & Staff will not have access to this information. Zoho Bookings allows support, sales and other customer-facing teams to offer remote consultations through ...Staff Information
Super admins and admins can view and edit this information. Managers can only view this information. Staff can access their information under My Profile > General Information. Staff information can be viewed and updated from the Staff section. To ...Basic Information
Super admins and Admins can view and edit this information. Managers can only view this information. Staff will not have access to this information. The Basic Information tab contains fundamental information about your business. To access this ...Privacy & Security
What Does This Page Cover? Learn various features available in Bookings that ensure data privacy and security. Availability HIPAA Support and disabling the Anti-spam disclaimer feature is available for the Premium plan, while the Data Deletion ...
New to Zoho LandingPage?
Zoho LandingPage Resources