HIPAA Compliance
HIPAA Compliance in Zoho Forms
In Zoho Forms, we provide the healthcare organizations with ways to ensure the confidentiality of Electronic Protected Health Information (ePHI) submitted by the respondents. Zoho Forms provides with the following features to help you build forms in a HIPAA compliant manner:
- Marking fields as ePHI to distinguish the data
- Restrictions on the data marked as ePHI
- Monitoring audit logs of activities performed on records
To configure HIPAA compliance related settings in Zoho Forms at the organization level,
- Click Control Panel in the left pane as shown.
-
Click HIPAA - Organization Control
under Data Administration.
-
Click Activate HIPAA.
- In your form builder, navigate to Settings > Compliance & Audit > HIPAA.
-
Enable HIPAA-compliant security protection in the form by selecting Yes. This will allow you to mark form fields as ePHI.
- If you wish to allow the transfer of data for the fields marked as ePHI to external sources, select Allow ePHI data to be transmitted to external apps/sources. You will still be warned before transferring the data to any external sources.
Marking fields as ePHI
- In your form builder, go to the Properties of a field.
- Under Privacy, select Mark as ePHI (HIPAA).
Fields that can be marked as ePHI
Single Line, Multi Line, Number, Name, Address, Phone, Email, Date, Date-Time, Website, File Upload, Image Upload, Signature, and Unique ID
Only the following comparison operators are compatible with the fields marked as ePHI for search filters applied to All Entries and Reports:
- is
- is not
- is empty
- is not empty
-
A maximum of 25 fields can either be encrypted or marked as ePHI.
- Fields once marked as ePHI will be encrypted even if the Mark as ePHI (HIPAA) option is disabled.
Restrictions on data marked as ePHI
If you choose to allow data transfer for ePHI fields, you'll receive a warning while transferring. If you choose not to allow data transfer for ePHI fields, the data transfer will be restricted.
For all the form fields that have been marked as ePHI, you will be restricted/warned while:
- Configuring Email Notifications, SMS Notifications, Push Notifications using the fields
- Configuring Double Opt-In settings using the fields
- Configuring Approval emails using the fields
- Printing or exporting Reports
- Including PDF of form submission
- Configuring Integrations using the fields
- Configuring Document Merge (using WebMerge)
-
Using the Report Permalink (URL) will be restricted
Monitoring audit logs
Learn more about the Record Audit option.
Exporting audit logs
You can export the audit logs of the records, however, it is your responsibility to protect and retain the exported copy of the Audit logs in accordance with HIPAA requirements. The record audit logs are available only for the last 90 days, after which they will be automatically deleted. Only the Super Admin can export the record audit data.
Learn more
about the
Export Record Audit Data
feature.
Note: HIPAA Compliance feature is available only in our Premium and Zoho One
plans.
Access your files securely from anywhere
Zoho CRM Training Programs
Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.
Zoho DataPrep Personalized Demo
If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.
- Zoho Workerly Home
- Forums
- Connect With Us:
- Zoho Recruit Home
- Forums
- Connect With Us:
All-in-one knowledge management and training platform for your employees and customers.
Create. Review. Publish.
You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.
Zoho Sheet Resources
Zoho Forms Resources
Zoho Sign Resources
Sign, Paperless!
Zoho TeamInbox Resources
Design. Discuss. Deliver.
Related Articles
Welcome to Zoho Forms!
Transform the time-consuming “ collect, stack, and enter ” paper form workflow into “ capture, store, and process ” paperless approach with Zoho Forms and simplify data collection. Who is Zoho Forms for? Zoho Forms is for anyone who wants to ...GDPR Compliance
General Data Protection Regulation (GDPR) deals with the collection and processing of data of individuals who reside in the EU bringing the residents of the EU under a much more effective umbrella of protection for their data and privacy. GDPR ...Is my data secure with Zoho Forms?
Yes, your data is secure with Zoho Forms. We prioritize data security, implementing robust measures to safeguard your information. Key security features include compliance with global standards like HIPAA, GDPR, and CCPA, along with Spam control, ...Embedding forms on a WordPress website
If you are using WordPress to build your website, you can embed your Zoho Forms form as follows: Installing Zoho Forms Plugin In your WordPress site, Navigate to the Plugins tab and then click on Add New Plugin located just below. Search for Zoho ...Why choose Zoho Forms?
It's functional, affordable and incredibly easy to use. Plus, no knowledge of code necessary! We know how much you value your time and productivity, so our prompt customer support makes sure you're never left in the dark. With a range of ...