HIPAA Compliance

Table of Contents

The Health Insurance Portability and Accountability Act (including the Privacy Rule, Security Rule, Breach notification Rule, and Health Information Technology for Economic and Clinical Health Act) ("HIPAA"), requires Covered Entities and Business Associates to take certain measures to protect health information that can identify an individual. It also provides certain rights to individuals. Zoho Forms does not collect, use, store, or maintain health information protected by HIPAA for its own purposes. However, Zoho Forms provides certain features (as described below) to help customers use forms in a HIPAA compliant manner.

HIPAA requires Covered Entities to sign a Business Associate Agreement (BAA) with its Business Associates. You can request our BAA template by sending an email to legal@zohocorp.com.

HIPAA Compliance in Zoho Forms

In Zoho Forms, we provide the healthcare organizations with ways to ensure the confidentiality of Electronic Protected Health Information (ePHI) submitted by the respondents. Zoho Forms provides with the following features to help you build forms in a HIPAA compliant manner:

Marking fields as ePHI to distinguish the data
Restrictions on the data marked as ePHI
Monitoring audit logs of activities performed on records

To configure HIPAA compliance related settings in Zoho Forms at the organization level,

In the top-right corner, click the icon to access the Control Panel.
Click HIPAA - Organization Control under Data Administration.
Click Activate HIPAA.

Note: Only the Super Admin of your Zoho Forms Org can configure HIPAA compliance related settings at the organization level.

Once HIPAA settings is activated at the org level, you can configure HIPAA Compliance settings for individual forms.

To enable HIPAA Compliance related features for a form,

In your form builder, navigate to Settings > Compliance & Audit > HIPAA.
Enable HIPAA-compliant security protection in the form by selecting Yes. This will allow you to mark form fields as ePHI.
If you wish to allow the transfer of data for the fields marked as ePHI to external sources, select Allow ePHI data to be transmitted to external apps/sources. You will still be warned before transferring the data to any external sources.

Marking fields as ePHI

Form fields that are used to collect confidential health information of respondents, such as medication details, diagnosis reports, surgical history of patients, etc., can be marked as ePHI (Electronic protected health information) for adding an additional layer of security. Data of the fields marked as ePHI will be encrypted by default. This will help the system identify and restrict access to the data collected through these fields and prevent the export of such data.

To mark a field as ePHI,

In your form builder, go to the Properties of a field.
Under Privacy, select Mark as ePHI (HIPAA).

Fields that can be marked as ePHI

Single Line, Multi Line, Number, Name, Address, Phone, Email, Date, Date-Time, Website, File Upload, Image Upload, Signature, and Unique ID

Only the following comparison operators are compatible with the fields marked as ePHI for search filters applied to All Entries and Reports:

is
is not
is empty
is not empty

Note:

A maximum of 25 fields can either be encrypted or marked as ePHI.
Fields once marked as ePHI will be encrypted even if the Mark as ePHI (HIPAA) option is disabled.

Restrictions on data marked as ePHI

If you choose to allow data transfer for ePHI fields, you'll receive a warning while transferring. If you choose not to allow data transfer for ePHI fields, the data transfer will be restricted.

For all the form fields that have been marked as ePHI, you will be restricted/warned while:

Configuring Email Notifications, SMS Notifications, Push Notifications using the fields
Configuring Double Opt-In settings using the fields
Configuring Approval emails using the fields
Printing or exporting Reports
Including PDF of form submission
Configuring Integrations using the fields
Configuring Document Merge (using WebMerge)
Using the Report Permalink (URL) will be restricted

Monitoring audit logs

Monitoring every user's activity is crucial to alleviate potential threats to sensitive data and prevent data misuse. Monitoring record audit data is a means to assist an organization by maintaining logs on the sequence of activities performed on form entries, as well as when, by whom, and how much of data has been modified. This is helpful in case of security violations by identifying user behavior and the chronological order of events that caused them.
Learn more about the Record Audit option.

You can export record audit logs periodically and preserve them as per HIPAA requirements.

Exporting audit logs

You can export the audit logs of the records, however, it is your responsibility to protect and retain the exported copy of the Audit logs in accordance with HIPAA requirements. The record audit logs are available only for the last 90 days, after which they will be automatically deleted. Only the Super Admin can export the record audit data.

Learn more about the Export Record Audit Data feature.

Note: HIPAA Compliance feature is available only in our Premium and Zoho One plans.

Disclaimer: The information provided here should not be construed as legal advice. We recommend that you seek legal advice to learn how HIPAA impacts your organization and what steps you must take to comply with the requirements of HIPAA.

Access your files securely from anywhere

Zoho CRM Training Programs

Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.

Redefine the way you work

with Zoho Workplace

Start your free trial

Zoho DataPrep Personalized Demo

If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.

Create, share, and deliver

beautiful slides from anywhere.

Get Started Now

Zoho Sign now offers specialized one-on-one training for both administrators and developers.

BOOK A SESSION

Zoho Workerly Home
Forums
Connect With Us:

Zoho Recruit Home
Forums
Connect With Us:

Start tracking your website metrics today

Use PageSense to understand what your visitors are looking for, how they are behaving, and where they are facing problems on your website.

Ready to improve your website's performance?

Install the PageSense code snippet on your site in a matter of minutes and start collecting in-depth data about the website visitors to grow your business.

Track and measure every business goal

Set up goals in PageSense to measure every single action performed by visitors on your website like button or link clicks, form submissions, and page engagements.

Understand the customer journey on your website

Create funnels in PageSense to quickly see which pages visitors use to enter your website, where they navigate to next, and which pages they decide to leave without converting.

Visualize your visitor's behavior with color codes

Set up heatmaps in PageSense to see where users have clicked more, how far they've scrolled, and on which parts of a page they've spent the most time using color-coded patterns in reports.

Measure customer engagement with your web forms

Use form analytics in PageSense to see how people interact with different fields in your form, whether they complete the form successfully or not, and where exactly they drop out on your form.

Record real visitor interactions on your website

Use session recordings in PageSense to watch a video of all the visitor actions performed on your website including the pages they navigate, the buttons they click, the UX issues they face, and more.

Test and optimize webpages for better conversions

Run A/B or Split URL tests in PageSense to figure out which version of your web page works best for your business and results in the best conversion rate.

Give each customer a unique website experience

Use personalization in PageSense to deliver customized versions of your website for every individual customer based on their demographics, local weather, browsing history, and more.

Grow your business through customer feedback

Run polls on your website using PageSense to understand what your customers think about your products/services and what needs improvement on your site.

Send timely updates that customers love

Use web push notifications in PageSense to schedule and notify your customers about an upcoming flash sale, product releases, promotional coupons, and a lot more that can spark conversions on your website.

Advertise your business to website visitors

Use pop-ups in PageSense to instantly grab the attention of visitors by showing attractive signup offers, coupon code discounts, or email newsletters that can eventually convert them into subscribers.

Access more advanced settings in PageSense

Use PageSense's advanced features like creating mutually exclusive groups, enabling cross-domain tracking, configuring customized project JS, and more to get deeper insights about your website.

Try easy-to-use extensions

Download the PageSense extension app available for your web browser with a few clicks and start collecting all of your required website metrics in real time.

Discover your favorite integrations with PageSense

Get a deeper look at your website's data by seamlessly integrating PageSense with a host of popular third-party apps like Google Analytics, Mixpanel, Intercom, and more.

Quick Links	Workflow Automation	Data Collection
Web Forms	Enterprise	Begin Data Collection
Interactive Forms	Workplace	Data Collection App
Offline Forms	Customer Service	Accessible Forms
Digital Forms	Marketing	Forms for Small Business
HTML Forms	Education	Forms for Enterprise
Contact Forms	E-commerce	Forms for any business
Lead Generation Forms	Healthcare	Forms for Startups
Wordpress Forms	Customer onboarding	Order Forms for Small Business
No Code Forms	Construction	RSVP tool for holidays
Free Forms	Travel
Prefill Forms	Non-Profit
Intake Forms	Legal
Form Designer	HR
Card Forms	Food
Assign Forms	Photography
Translate Forms	Real Estate
Electronic Forms
Notification Emails for Forms	Alternatives
Holiday Forms	Google Forms alternative
Form to PDF	Jotform alternative
Email Forms CRM Forms Embeddable Forms Drag and Drop form builder HIPAA Forms Encrypted Forms

New to Zoho CRM Plus?

Deliver unforgettable customer experiences

ACCESS ZOHO CRM PLUS

New to Zoho CRM Plus?

Deliver unforgettable customer experiences

ACCESS ZOHO CRM PLUS

New to Zoho Marketing Plus?

Everything you need to run your marketing

ACCESS ZOHO MARKETING PLUS

New to Zoho Marketing Plus?

Everything you need to run your marketing

ACCESS ZOHO MARKETING PLUS

Zoho Pagesense Resources

You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.

New to Zoho Survey?

Access Zoho Survey

Latest Feature Updates

Explore our Pricing & Plans

Zoho Survey Resources

Android Mobile Surveys

Insurvey Blogs

Insight Blogs

Tips & Tricks

New to Zoho Social?

Manage your brands on social media

Access Zoho Social

Zoho Desk Resources

Desk Community Learning Series
Digest
Functions
Meetups
Kbase
Resources
Glossary
Desk Marketplace
MVP Corner
Word of the Day

Zoho Sheet Resources

New to Zoho Forms?

Latest Feature Updates

Explore our Pricing & Plans

Zoho Forms Resources

Secure your business

communication with Zoho Mail

Get started

Mail on the move with

Zoho Mail mobile application

Go Mobile

Stay on top of your schedule

at all times

Get started

Carry your calendar with you

Anytime, anywhere

Get started

Latest Announcements

New to Zoho Sign?

Zoho Sign Resources

Sign, Paperless!

Sign and send business documents on the go!

Get Started Now

Zoho SalesIQ Resources

New to Zoho TeamInbox?

Zoho TeamInbox Resources

Connect with us

New to Zoho ZeptoMail?

LEARN MORE

Latest Feature Updates

Zoho DataPrep Resources

New to Zoho DataPrep?

Access Zoho DataPrep

Zoho DataPrep Demo

Get a personalized demo or POC

Design. Discuss. Deliver.

Create visually engaging stories with Zoho Show.

Get Started Now

New to Zoho Workerly?

Access Zoho Workerly

New to Zoho Recruit?

Access Zoho Recruit

New to Zoho CRM?

Signup Now

Access Zoho CRM

Latest Feature Updates

New to Zoho Projects?

Access Zoho Projects

New to Zoho Sprints?

Access Zoho Sprints

New to Zoho Assist?

Access Zoho Assist

New to Bigin?

Signup Now

Access Bigin

Latest Feature Updates

Related Articles
GDPR Compliance
General Data Protection Regulation (GDPR) deals with the collection and processing of data of individuals who reside in the EU bringing the residents of the EU under a much more effective umbrella of protection for their data and privacy. GDPR ...
Welcome to Zoho Forms!
Transform the time-consuming “ collect, stack, and enter ” paper form workflow into “ capture, store, and process ” paperless approach with Zoho Forms and simplify data collection. Who is Zoho Forms for? Zoho Forms is for anyone who wants to ...
Is my data secure with Zoho Forms?
Yes, your data is secure with Zoho Forms. We prioritize data security, implementing robust measures to safeguard your information. Key security features include compliance with global standards like HIPAA, GDPR, and CCPA, along with Spam control, ...
Advanced Fields
In your form builder, Advanced fields list certain complex fields that help you perform calculations, collect Payments, capture digital signatures, and more. The fields listed in the table below are available under Advanced Fields . The table column ...
Why choose Zoho Forms?
It's functional, affordable and incredibly easy to use. Plus, no knowledge of code necessary! We know how much you value your time and productivity, so our prompt customer support makes sure you're never left in the dark. With a range of ...