Overview
The Health Insurance Portability and Accountability Act,
HIPAA, requires
Covered Entities and Business Associates to take certain measures to protect an individual's health information that are collected, accessed, processed, and stored when at rest or in transit.
Zoho Connect does not collect, use, store, or maintain health information protected by HIPAA for its own purposes. However, as a Business Associate, Zoho Connect ensures its customers can comply with HIPAA.
HIPAA requires Covered Entities to sign a Business Associate Agreement (BAA) with its Business Associates. You can request our BAA template by sending an email at
legal@zohocorp.com.
Zoho Connect provides the following features that allow administrators to implement a HIPAA compliant intranet for their organization.
Labelling of ePHI
Network admins can mark the user profile fields that might contain any protected health information (ePHI) as 'personal information' and encrypt them for additional security. Encrypting personal information prevents unauthorized access to confidential data.
While creating an app using Custom Apps in Zoho Connect, the app creator can mark any field that might contain health information as 'contains health info (ePHI)' to ensure the data is encrypted.

The data in the following entities — tasks, events, and polls and the titles of Posts, Forums, Groups, Manuals, Articles are not considered as ePHI.
Data encryption
All data in your network are stored on Zoho Connect servers in an encrypted format. Zoho Connect uses one of the strongest and secure ciphers such as, AES (Advanced Encryption Standard), to encrypt sensitive data and AES-256 to secure data stored on our servers. This ensures that your data is protected from unauthorized access, disclosure, or modification. In addition to this, the data stored is Encrypted At Rest (EAR) and all data transfers in the web happen in secure mode (HTTPS) for utmost security.
Audit logs to track data sources and modifications
Zoho Connect has extensive
Audit Logs to record the activities in your network. This helps admins to track and monitor deletions and modifications in the network and user data at any time. Furthermore, Edit History keeps a detailed record of changes made to the posts, and manuals in your network.

Audit logs for modifications made in Custom Apps are currently not available.
Data backup and retention
All your network data and audit logs are stored in our secure servers which will be available to you for legal and compliance purposes. The highly secure physical controls at data centers and transit level encryption ensure that your data stays well protected. The administrators can also take periodic backup of network data, based on their requirements and store it in their local storage.

The Audit Logs and ePHI data are available for a period of 1 year.
Data Deletion
Users in the network can delete the posts, comments, attachments, manuals, groups, events, and town halls shared and created by them. However, a copy of deleted items will be available in the trash of each module and only network admins can access it.

The option to label ePHI as personal information, audit logs, edit history, and Trash to store deleted data are available only in
paid plans of Zoho Connect. Click
here to view pricing.

Disclaimer: The information presented herein should not be taken as legal advice. This article is written to help organizations understand how Zoho Connect can enable them to be HIPAA compliant. We urge you to contact your legal advisor to know how HIPAA is applicable, its impact on your organization, and the processes involved to be HIPAA compliant.