HIPAA Compliance | Online Help | Zoho BugTracker

HIPAA Compliance in Zoho BugTracker

INTRODUCTION

The Health Insurance Portability and Accountability Act (including the Privacy Rule, Security Rule, Breach notification Rule, and Health Information Technology for Economic and Clinical Health Act) ("HIPAA"), requires Covered Entities and Business Associates to take certain measures to protect health information that can identify an individual. It also provides certain rights to individuals. Zoho does not collect, use, store or maintain health information protected by HIPAA for its own purposes. However, Zoho BugTracker provides certain features (as described below) to help its customers use Zoho BugTracker in a HIPAA compliant manner.

HIPAA requires Covered Entities to sign a Business Associate Agreement (BAA) with its Business Associates. You can request our BAA template by sending an email to legal@zohocorp.com.

HIPAA compliance in Zoho BugTracker

To ensure the security of your information, you can take the following actions in your Zoho BugTracker:
  1. Mark ePHI fields to distinguish their data
  2. Encrypt data entered into ePHI designated fields
  3. Administer roles and permissions to secure data
  4. Export audit trail to monitor operational activities

Marking ePHI Fields

You can mark a field as ePHI if it contains the health information of your customers or patients.
To mark fields that contain personal health data:
  1. Navigate to  > Customization > Layout and Fields.
  2. Select a module to view layouts.
  3. Select the desired layout to edit it.
  4. Go to the desired field and click the Gear icon.
  5. Click Edit Properties and check the PII or PHI box.
    Note: Marking the field as PHI will automatically turn on the Encrypt field option. Nevertheless, you can turn it OFF manually (not recommended).
  6. Click Update and save the layout.

Encrypting ePHI Field Data

Fields that contain personal health information can be encrypted for additional security. Though field encryption is not a mandatory step in Zoho BugTracker, we strongly recommend you enable encryption as it is the best practice to prevent unauthorized access to confidential data. Read this articles here to learn more about encrypting fields in Zoho BugTracker.

Administering Roles and Permissions

Roles and profiles on Zoho BugTracker lets you define permissions. You can tightly control who in your organization has access to what information.

Exporting Audit Trial

Zoho BugTracker stores the audit logs—that is, information about every addition, update, and deletion made to your database records—in the backend. We have provided an option to export this data, which can be done using the Export Data option under Audit Log.
  1. Encryption Details in Zoho BugTracker
  2. ISO and SOC certifications