How Zoho manages personal health information fields to comply with HIPAA | Zoho CRM - FAQ

How does Zoho manage personal health information fields to comply with HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA), which includes the Privacy Rule, Security Rule, Breach notification Rule, and Health Information Technology for Economic and Clinical Health Act), requires Covered Entities and Business Associates to take certain measures to protect health information that can identify an individual. It also provides certain rights to individuals.
Zoho does not collect, use, store, or maintain health information protected by HIPAA for its own purposes.
Note: HIPAA requires Covered Entities to sign a Business Associate Agreement (BAA) with its Business Associates. You can request our BAA template by sending an email to legal@zohocorp.com.

Zoho CRM provides features to help its customers use CRM within the premises of HIPAA compliance. To allow health organizations to comply with HIPAA we allow admins to mark the fields that contain personal health information of individuals so that certain restrictions can be put into place to prevent unauthorized access to those sensitive details.
For example, patient ID, surgical details, and ailments are an individual's personal health information, which should not be available to outsiders.

To mark fields that contain personal health data

  1. Go to Setup > Customization > Modules and Fields.

  2. Select a module and click the More icon to select the desired layout.
    Alternately, you can click the More icon and select Edit Layout.

  3. Go to the desired field and click the More icon.

  4. Click Edit Properties and check the Contains Personal Health Data box.
    Remember that this option will only appear if the module has been selected for HIPAA compliance. 

Once marked, there are certain restrictions which can be set to prevent unauthorized access to the sensitive values present in the fields.
  1. Restrict data access through API: Other applications can connect with CRM using API and data can be transferred. You can ensure that personal health data of your customers is not shared in the process, by restricting transfer of personal health data to other applications via API.
  2. Restrict data export: While exporting data from the CRM account, you may want to withhold personal health information from being exported by checking this option.
  3. Restrict data transfer to Zoho apps: If the CRM account is integrated with other Zoho applications like Desk, Campaigns, and Projects, the data will flow from the CRM to these applications. This option will prevent personal health data from being transferred to other apps. To check the data flow restrictions, refer to the table.
  4. Restrict data transfer to third party apps: If your CRM account is integrated with third-party applications for business-related reasons, there will be chances of data flow from CRM to these apps. This option will prevent personal health data from being transferred to other apps. To check the data flow restrictions, refer to the table

To set restrictions on PHI fields

  1. Go to Setup > Users and Controls > Compliance Settings.

  2. Click the HIPAA Compliance tab.

  3. Toggle the Enable HIPAA Compliance Settings button.
    Select the modules from the dropdown list. You can select up to 10 modules.

  4. In Personal Health Data Handling, toggle Restrict Data access through API, Restrict Data in Export, or both, as required.


    Redefine the way you work
    with Zoho Workplace

      Zoho DataPrep Personalized Demo

      If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.

      Zoho CRM Training

        Create, share, and deliver

        beautiful slides from anywhere.

        Get Started Now


          Get started with Zoho Sign

          in a few quick steps!

          Download Help Guide





                    Still can't find what you're looking for?

                    Write to us: support@zohoforms.com


                          



                          





                        Secure your business
                        communication with Zoho Mail


                        Mail on the move with
                        Zoho Mail mobile application

                          Stay on top of your schedule
                          at all times


                          Carry your calendar with you
                          Anytime, anywhere




                                  Zoho Sign Resources

                                    Sign, Paperless!

                                    Sign and send business documents on the go!

                                    Get Started Now


                                        Zoho SalesIQ Resources



                                            Zoho TeamInbox Resources



                                                    Zoho DataPrep Resources



                                                      Zoho DataPrep Demo

                                                      Get a personalized demo or POC

                                                      REGISTER NOW


                                                        Design. Discuss. Deliver.

                                                        Create visually engaging stories with Zoho Show.

                                                        Get Started Now











                                                                              • Related Articles

                                                                              • HIPAA Compliance with Zoho CRM

                                                                                The Health Insurance Portability and Accountability Act (including the Privacy Rule, Security Rule, Breach notification Rule, and Health Information Technology for Economic and Clinical Health Act) ("HIPAA"), requires Covered Entities and Business ...
                                                                              • How do I configure HIPAA Compliance in my CRM account?

                                                                                With more healthcare organizations using CRM to run their business smoothly and store customer information in a shared database, it is crucial that they can ensure the confidentiality of an individual's health information.  In Zoho CRM, we provide ...
                                                                              • What kind of restrictions can be set for the PHI fields under HIPAA Compliance?

                                                                                A total of 25 fields in each module can be marked as personal health data containing fields. Once marked, there are certain restrictions that can be set to prevent unauthorized access to the sensitive values present in the fields. Note: Lookup, ...
                                                                              • Marking Personal Fields

                                                                                GDPR defines personal data as any information relating to an identified or identifiable natural person (i.e. the data subject). There is a wide range of personal data that includes email addresses, location, mobile numbers, identification numbers, ...
                                                                              • Where do I find the option to mark fields as personal health information?

                                                                                In a module, there may be only a few fields that contain personal health details of a customer. For example, surgical history, symptoms, medication details, etc. Marking these fields as personal health details will help the system identify and ...
                                                                              Wherever you are is as good as
                                                                              your workplace

                                                                                Resources

                                                                                Videos

                                                                                Watch comprehensive videos on features and other important topics that will help you master Zoho CRM.



                                                                                eBooks

                                                                                Download free eBooks and access a range of topics to get deeper insight on successfully using Zoho CRM.



                                                                                Webinars

                                                                                Sign up for our webinars and learn the Zoho CRM basics, from customization to sales force automation and more.



                                                                                CRM Tips

                                                                                Make the most of Zoho CRM with these useful tips.



                                                                                  Zoho Show Resources