HIPAA compliance in Zoho Flow

HIPAA compliance in Zoho Flow

The Health Insurance Portability and Accountability Act (including the Privacy Rule, Security Rule, Breach Notification Rule, and Health Information Technology for Economic and Clinical Health Act) ("HIPAA"), requires Covered Entities and Business Associates to take certain measures to protect health information that can identify an individual. It also provides certain rights to individuals. Zoho Flow does not collect, use, store, or maintain health information protected by HIPAA for its own purposes. However, Zoho Flow provides certain features (as described below) to help its customers use Zoho Flow in a HIPAA-compliant manner.

HIPAA requires Covered Entities to sign a Business Associate Agreement (BAA) with its Business Associates. You can request our BAA template by sending an email to legal@zohocorp.com.

Zoho Flow provides the following features or tools that can help users be HIPAA compliant:

Share or unshare connections

App connections created in Zoho Flow are private by default. Sharing a connection makes it available to all members of your organization. They can access, create, and update data by using the connection in flows. Unsharing a connection denies all other users' access and makes it private again. Flows using the connection will continue to access, create, and update data using the connection.

Export audit trail and task history

  1. Audit trail is an organization-wide log of activities. Use it to track what's happening in your Flow organization. All the audit logs since the time the organization was created will be available. The option to export or download this data is only available for the owner or the admins of the organization.
  2. History shows the task history of all flow executions in your organization. Clicking on a particular execution lets you see all the steps of the flow and their input and output details. The option to export or download this data is only available for the owner or the admins of the organization.

Clearly defined roles and permissions

Zoho Flow lets you control access to your application and data. The roles and permissions differ for the owner, admins, and members. The owner or admins can manage members of the organization. Members will not have permission to access administrator functions, such as audit trail, and connections not created by them or shared with them.

The owner of the organization can:
  1. Modify the organization's name
  2. Add or remove members
  3. Change roles of members
  4. Create, edit, and delete flows
  5. Create, test, delete, and reconnect app connections
  6. View and export audit trail and task history

Data is encrypted

As for encryption, which is an addressable safeguard under the HIPAA security rule, data is encrypted during transit and at rest by default

Note:
  1. Learn more about compliance at Zoho
  2. Kindly note that the content presented here is not to be construed as legal advice. Please contact your legal advisor to learn how HIPAA impacts your organization and what you need to do to comply with HIPAA.