The Health Insurance Portability and Accountability Act (including the Privacy Rule, Security Rule, Breach notification Rule, and Health Information Technology for Economic and Clinical Health Act) ("HIPAA"), requires Covered Entities and Business Associates to take certain measures to protect health information that can identify an individual. It also provides certain rights to individuals. Zoho does not collect, use, store or maintain health information protected by HIPAA for its own purposes. However, Zoho Contracts provides certain features (as described below) to help its customers use Zoho Contracts in a HIPAA compliant manner.
HIPAA requires Covered Entities to sign a Business Associate Agreement (BAA) with its Business Associates. You can request our BAA template by sending an email to legal@zohocorp.com.
Zoho Contracts does not collect, use, store or maintain health information protected by HIPAA for its own purposes. However, users can collect and store ePHI in a contract document. But as the entire documents are encrypted by default, any ePHI maintained in the documents will be encrypted. We are also providing download option for contract documents during the life cycle.
Zoho Contracts keeps track of all the contract activities and downloads by its users. Users with the Admin role can view and keep track of the users' login details, activities performed, downloaded data, and the settings configured by the admins.