HIPAA Compliance | Zoho Forms - User Guide

HIPAA Compliance

The Health Insurance Portability and Accountability Act (including the Privacy Rule, Security Rule, Breach notification Rule, and Health Information Technology for Economic and Clinical Health Act) ("HIPAA"), requires Covered Entities and Business Associates to take certain measures to protect health information that can identify an individual. It also provides certain rights to individuals. Zoho Forms does not collect, use, store, or maintain health information protected by HIPAA for its own purposes. However, Zoho Forms provides certain features (as described below) to help customers use forms in a HIPAA compliant manner.


HIPAA requires Covered Entities to sign a Business Associate Agreement (BAA) with its Business Associates. You can request our BAA template by sending an email to legal@zohocorp.com.

HIPAA Compliance in Zoho Forms

In Zoho Forms, we provide the healthcare organizations with ways to ensure the confidentiality of Electronic Protected Health Information (ePHI) submitted by the respondents. Zoho Forms provides with the following features to help you build forms in a HIPAA compliant manner:

  • Marking fields as ePHI to distinguish the data
  • Restrictions on the data marked as ePHI
  • Monitoring audit logs of activities performed on records

To configure HIPAA compliance related settings in Zoho Forms at the organization level,

  1. In the top-right corner, click the  icon to access the Control Panel.
  2. Click HIPAA - Organization Control under Data Administration.

    Select Hipaa
  3. Click Activate HIPAA.

    Activating Hipaa
Note: Only the Super Admin of your Zoho Forms Org can configure HIPAA compliance related settings at the organization level.

Once HIPAA settings is activated at the org level, you can configure HIPAA Compliance settings for individual forms.

To enable HIPAA Compliance related features for a form,
  1. In your form builder, navigate to Settings > Compliance & Audit > HIPAA.
  2. Enable HIPAA-compliant security protection in the form by selecting Yes. This will allow you to mark form fields as ePHI.

    Enable HIPAA at form level
  3. If you wish to allow the transfer of data for the fields marked as ePHI to external sources, select Allow ePHI data to be transmitted to external apps/sources. You will still be warned before transferring the data to any external sources.

Marking fields as ePHI

Form fields that are used to collect confidential health information of respondents, such as medication details, diagnosis reports, surgical history of patients, etc., can be marked as ePHI (Electronic protected health information) for adding an additional layer of security. Data of the fields marked as ePHI will be encrypted by default. This will help the system identify and restrict access to the data collected through these fields and prevent the export of such data.

To mark a field as ePHI,
  1. In your form builder, go to the Properties of a field.
  2. Under Privacy, select Mark as ePHI (HIPAA).

    Marking fields as ePHI

Fields that can be marked as ePHI

Single Line, Multi Line, Number, Name, Address, Phone, Email, Date, Date-Time, Website, File Upload, Image Upload, Signature, and Unique ID

Only the following comparison operators are compatible with the fields marked as ePHI for search filters applied to All Entries and Reports:

  • is
  • is not
  • is empty
  • is not empty
  1. A maximum of 25 fields can either be encrypted or marked as ePHI.
  2. Fields once marked as ePHI will be encrypted even if the Mark as ePHI (HIPAA) option is disabled.

Restrictions on data marked as ePHI

If you choose to allow data transfer for ePHI fields, you'll receive a warning while transferring. If you choose not to allow data transfer for ePHI fields, the data transfer will be restricted.

For all the form fields that have been marked as ePHI, you will be restricted/warned while:

  • Configuring Email Notifications, SMS Notifications, Push Notifications using the fields
  • Configuring Double Opt-In settings using the fields
  • Configuring Approval emails using the fields
  • Printing or exporting Reports
  • Including PDF of form submission
  • Configuring Integrations using the fields
  • Configuring Document Merge (using WebMerge)
  • Using the Report Permalink (URL) will be restricted

Monitoring audit logs

Monitoring every user's activity is crucial to alleviate potential threats to sensitive data and prevent data misuse. Monitoring record audit data is a means to assist an organization by maintaining logs on the sequence of activities performed on form entries, as well as when, by whom, and how much of data has been modified. This is helpful in case of security violations by identifying user behavior and the chronological order of events that caused them.
Learn more about the Record Audit option.
You can export record audit logs periodically and preserve them as per HIPAA requirements.

Exporting audit logs

You can export the audit logs of the records, however, it is your responsibility to protect and retain the exported copy of the Audit logs in accordance with HIPAA requirements. The record audit logs are available only for the last 90 days, after which they will be automatically deleted. Only the Super Admin can export the record audit data.

Learn more about the  Export Record Audit Data  feature.

Note: HIPAA Compliance feature is available only in our Premium and Zoho One plans.

Disclaimer: The information provided here should not be construed as legal advice. We recommend that you seek legal advice to learn how HIPAA impacts your organization and what steps you must take to comply with the requirements of HIPAA.

    Zoho CRM Training Programs

    Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.

    Zoho CRM Training
      Redefine the way you work
      with Zoho Workplace

        Zoho DataPrep Personalized Demo

        If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.

        Zoho CRM Training

          Create, share, and deliver

          beautiful slides from anywhere.

          Get Started Now

            Zoho Sign now offers specialized one-on-one training for both administrators and developers.

            BOOK A SESSION

                                        You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.

                                            Manage your brands on social media

                                              Zoho Desk Resources

                                              • Desk Community Learning Series

                                              • Digest

                                              • Functions

                                              • Meetups

                                              • Kbase

                                              • Resources

                                              • Glossary

                                              • Desk Marketplace

                                              • MVP Corner

                                              • Word of the Day

                                                Zoho Marketing Automation

                                                  Zoho Sheet Resources


                                                      Zoho Forms Resources

                                                        Secure your business
                                                        communication with Zoho Mail

                                                        Mail on the move with
                                                        Zoho Mail mobile application

                                                          Stay on top of your schedule
                                                          at all times

                                                          Carry your calendar with you
                                                          Anytime, anywhere

                                                                Zoho Sign Resources

                                                                  Sign, Paperless!

                                                                  Sign and send business documents on the go!

                                                                  Get Started Now

                                                                          Zoho TeamInbox Resources

                                                                                  Zoho DataPrep Resources

                                                                                    Zoho DataPrep Demo

                                                                                    Get a personalized demo or POC

                                                                                    REGISTER NOW

                                                                                      Design. Discuss. Deliver.

                                                                                      Create visually engaging stories with Zoho Show.

                                                                                      Get Started Now

                                                                                                          • Related Articles

                                                                                                          • GDPR Compliance

                                                                                                            General Data Protection Regulation (GDPR) deals with the collection and processing of data of individuals who reside in the EU bringing the residents of the EU under a much more effective umbrella of protection for their data and privacy. GDPR ...
                                                                                                          • Welcome to Zoho Forms!

                                                                                                            Every business, big or small, needs to scoop up data at some point. Data helps businesses understand their customers, and figure out what's working and what's not. It's like having a map to guide you through the business journey. Transform the ...
                                                                                                          • Advanced Fields

                                                                                                            In your form builder, Advanced fields list certain complex fields that help you perform calculations, collect Payments, capture digital signatures, and more. The fields listed in the table below are available under Advanced Fields . The table column ...
                                                                                                          • Creating your first web form in Zoho Forms

                                                                                                            This walkthrough is to help you get started with creating a form using Zoho Forms. Follow the simple step-by-step instructions given below to build forms that perfectly match your requirements. Creating a new account To build a form using Zoho Forms, ...
                                                                                                          • How to build interactive forms online?

                                                                                                            What are interactive forms? Interactive forms are the ones which visitors can engage without any difficulty, providing them a user-friendly approach rather than the feel of paperwork. This is essential to make the form filling experience smooth and ...
                                                                                                            Wherever you are is as good as
                                                                                                            your workplace



                                                                                                              Watch comprehensive videos on features and other important topics that will help you master Zoho CRM.


                                                                                                              Download free eBooks and access a range of topics to get deeper insight on successfully using Zoho CRM.


                                                                                                              Sign up for our webinars and learn the Zoho CRM basics, from customization to sales force automation and more.

                                                                                                              CRM Tips

                                                                                                              Make the most of Zoho CRM with these useful tips.

                                                                                                                Zoho Show Resources