How does Zoho manage personal health information fields to comply with HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA), which includes the Privacy Rule, Security Rule, Breach notification Rule, and Health Information Technology for Economic and Clinical Health Act), requires Covered Entities and Business Associates to take certain measures to protect health information that can identify an individual. It also provides certain rights to individuals.

Zoho does not collect, use, store, or maintain health information protected by HIPAA for its own purposes.

Note: HIPAA requires Covered Entities to sign a Business Associate Agreement (BAA) with its Business Associates. You can request our BAA template by sending an email to legal@zohocorp.com.

Zoho CRM provides features to help its customers use CRM within the premises of HIPAA compliance. To allow health organizations to comply with HIPAA we allow admins to mark the fields that contain personal health information of individuals so that certain restrictions can be put into place to prevent unauthorized access to those sensitive details.

For example, patient ID, surgical details, and ailments are an individual's personal health information, which should not be available to outsiders.

To mark fields that contain personal health data

Go to Setup > Customization > Modules and Fields.
Select a module and click the More icon to select the desired layout.
Alternately, you can click the More icon and select Edit Layout.
Go to the desired field and click the More icon.
Click Edit Properties and check the Contains Personal Health Data box.
Remember that this option will only appear if the module has been selected for HIPAA compliance.

Once marked, there are certain restrictions which can be set to prevent unauthorized access to the sensitive values present in the fields.

Restrict data access through API: Other applications can connect with CRM using API and data can be transferred. You can ensure that personal health data of your customers is not shared in the process, by restricting transfer of personal health data to other applications via API.
Restrict data export: While exporting data from the CRM account, you may want to withhold personal health information from being exported by checking this option.
Restrict data transfer to Zoho apps: If the CRM account is integrated with other Zoho applications like Desk, Campaigns, and Projects, the data will flow from the CRM to these applications. This option will prevent personal health data from being transferred to other apps. To check the data flow restrictions, refer to the table.
Restrict data transfer to third party apps: If your CRM account is integrated with third-party applications for business-related reasons, there will be chances of data flow from CRM to these apps. This option will prevent personal health data from being transferred to other apps. To check the data flow restrictions, refer to the table

To set restrictions on PHI fields

Go to Setup > Users and Controls > Compliance Settings.
Click the HIPAA Compliance tab.
Toggle the Enable HIPAA Compliance Settings button.
Select the modules from the dropdown list. You can select up to 10 modules.
In Personal Health Data Handling, toggle Restrict Data access through API, Restrict Data in Export, or both, as required.

Redefine the way you work

with Zoho Workplace

Start your free trial

Zoho DataPrep Personalized Demo

If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.

Create, share, and deliver

beautiful slides from anywhere.

Get Started Now

Get started with Zoho Sign

in a few quick steps!

Download Help Guide

Zoho Workerly Home
Forums
Connect With Us:

Zoho Recruit Home
Forums
Connect With Us:

Start tracking your website metrics today

Use PageSense to understand what your visitors are looking for, how they are behaving, and where they are facing problems on your website.

Ready to improve your website's performance?

Install the PageSense code snippet on your site in a matter of minutes and start collecting in-depth data about the website visitors to grow your business.

Track and measure every business goal

Set up goals in PageSense to measure every single action performed by visitors on your website like button or link clicks, form submissions, and page engagements.

Understand the customer journey on your website

Create funnels in PageSense to quickly see which pages visitors use to enter your website, where they navigate to next, and which pages they decide to leave without converting.

Visualize your visitor's behavior with color codes

Set up heatmaps in PageSense to see where users have clicked more, how far they've scrolled, and on which parts of a page they've spent the most time using color-coded patterns in reports.

Measure customer engagement with your web forms

Use form analytics in PageSense to see how people interact with different fields in your form, whether they complete the form successfully or not, and where exactly they drop out on your form.

Record real visitor interactions on your website

Use session recordings in PageSense to watch a video of all the visitor actions performed on your website including the pages they navigate, the buttons they click, the UX issues they face, and more.

Test and optimize webpages for better conversions

Run A/B or Split URL tests in PageSense to figure out which version of your web page works best for your business and results in the best conversion rate.

Give each customer a unique website experience

Use personalization in PageSense to deliver customized versions of your website for every individual customer based on their demographics, local weather, browsing history, and more.

Grow your business through customer feedback

Run polls on your website using PageSense to understand what your customers think about your products/services and what needs improvement on your site.

Send timely updates that customers love

Use web push notifications in PageSense to schedule and notify your customers about an upcoming flash sale, product releases, promotional coupons, and a lot more that can spark conversions on your website.

Advertise your business to website visitors

Use pop-ups in PageSense to instantly grab the attention of visitors by showing attractive signup offers, coupon code discounts, or email newsletters that can eventually convert them into subscribers.

Access more advanced settings in PageSense

Use PageSense's advanced features like creating mutually exclusive groups, enabling cross-domain tracking, configuring customized project JS, and more to get deeper insights about your website.

Try easy-to-use extensions

Download the PageSense extension app available for your web browser with a few clicks and start collecting all of your required website metrics in real time.

Discover your favorite integrations with PageSense

Get a deeper look at your website's data by seamlessly integrating PageSense with a host of popular third-party apps like Google Analytics, Mixpanel, Intercom, and more.

Still can't find what you're looking for?

Write to us: support@zohoforms.com

New to Zoho Forms?

Latest Feature Updates

Explore our Pricing Plans

Secure your business

communication with Zoho Mail

Get started

Mail on the move with

Zoho Mail mobile application

Go Mobile

Stay on top of your schedule

at all times

Get started

Carry your calendar with you

Anytime, anywhere

Get started

Latest Announcements

New to Zoho Sign?

Zoho Sign Resources

Sign, Paperless!

Sign and send business documents on the go!

Get Started Now

Zoho SalesIQ Resources

New to Zoho TeamInbox?

Zoho TeamInbox Resources

Connect with us

New to Zoho ZeptoMail?

LEARN MORE

Latest Feature Updates

Zoho DataPrep Resources

New to Zoho DataPrep?

Access Zoho DataPrep

Zoho DataPrep Demo

Get a personalized demo or POC

Design. Discuss. Deliver.

Create visually engaging stories with Zoho Show.

Get Started Now

New to Zoho Workerly?

Access Zoho Workerly

New to Zoho Recruit?

Access Zoho Recruit

New to Bigin?

Signup Now

Access Bigin

Latest Feature Updates

New to Zoho CRM?

Signup Now

Access Zoho CRM

Latest Feature Updates

New to Zoho Projects?

Access Zoho Projects

New to Zoho Sprints?

Access Zoho Sprints

New to Zoho Assist?

Access Zoho Assist

Related Articles
HIPAA Compliance with Zoho CRM
The Health Insurance Portability and Accountability Act (including the Privacy Rule, Security Rule, Breach notification Rule, and Health Information Technology for Economic and Clinical Health Act) ("HIPAA"), requires Covered Entities and Business ...
How do I configure HIPAA Compliance in my CRM account?
With more healthcare organizations using CRM to run their business smoothly and store customer information in a shared database, it is crucial that they can ensure the confidentiality of an individual's health information. In Zoho CRM, we provide ...
What kind of restrictions can be set for the PHI fields under HIPAA Compliance?
A total of 25 fields in each module can be marked as personal health data containing fields. Once marked, there are certain restrictions that can be set to prevent unauthorized access to the sensitive values present in the fields. Note: Lookup, ...
Marking Personal Fields
GDPR defines personal data as any information relating to an identified or identifiable natural person (i.e. the data subject). There is a wide range of personal data that includes email addresses, location, mobile numbers, identification numbers, ...
Where do I find the option to mark fields as personal health information?
In a module, there may be only a few fields that contain personal health details of a customer. For example, surgical history, symptoms, medication details, etc. Marking these fields as personal health details will help the system identify and ...

Wherever you are is as good as

your workplace

Workplace on mobile

Resources

Videos

Watch comprehensive videos on features and other important topics that will help you master Zoho CRM.

Watch Now

eBooks

Download free eBooks and access a range of topics to get deeper insight on successfully using Zoho CRM.

Download eBooks

Webinars

CRM Tips

Make the most of Zoho CRM with these useful tips.

Learn More

How Zoho manages personal health information fields to comply with HIPAA | Zoho CRM - FAQ

How does Zoho manage personal health information fields to comply with HIPAA?

Zoho DataPrep Personalized Demo

Start tracking your website metrics today

Ready to improve your website's performance?

Track and measure every business goal

Understand the customer journey on your website

Visualize your visitor's behavior with color codes

Measure customer engagement with your web forms

Record real visitor interactions on your website

Test and optimize webpages for better conversions

Give each customer a unique website experience

Grow your business through customer feedback

Send timely updates that customers love

Advertise your business to website visitors

Access more advanced settings in PageSense

Try easy-to-use extensions

Discover your favorite integrations with PageSense

Still can't find what you're looking for?

Zoho Sign Resources

Zoho SalesIQ Resources

Zoho TeamInbox Resources

Zoho DataPrep Resources

Related Articles

HIPAA Compliance with Zoho CRM

How do I configure HIPAA Compliance in my CRM account?

What kind of restrictions can be set for the PHI fields under HIPAA Compliance?

Marking Personal Fields

Where do I find the option to mark fields as personal health information?

Resources

Videos

eBooks

Webinars

CRM Tips

Zoho Show Resources