How to enable the HIPAA settings in Zoho PageSense | User guide

Enable HIPAA compliance settings in Zoho PageSense

The Health Insurance Portability and Accountability Act (including the Privacy Rule, Security Rule, Breach notification Rule, and Health Information Technology for Economic and Clinical Health Act) ("HIPAA"), requires Covered Entities and Business Associates to take certain measures to protect health information that can identify an individual. It also provides certain rights to individuals. Zoho does not collect, use, store, or maintain health information protected by HIPAA for its own purposes. However, Zoho PageSense provides certain features (Polls & Pop-ups) to help its customers use Zoho PageSense in a HIPAA-compliant manner. 

 

HIPAA requires Covered Entities to sign a Business Associate Agreement (BAA) with their Business Associates. You can request for our BAA template by sending an email to legal@zohocorp.com


AlertHIPAA Compliance settings can be accessed/enabled only by Org Owner and Project Admin(s) in Zoho PageSense.


To enable HIPAA compliance in PageSense:


1. Choose the project where you want to enable HIPAA compliance for your business. Click on Project Settings and select the HIPAA Compliance tab.


 

2. Click on Enable HIPAA Compliance Support toggle.


 

Here you'll also see the option Restrict Export of Personal Data. By enabling this option, PageSense lets you identify and prevent the export of your visitors' personal healthcare data collected on your website from your experiment reports.




3. Once the setting has been  updated , you will notice  a checkbox in the top right corner under polls (first picture) and a toggle button on the left (second picture) called Secure Personal Health Data under your respective experiments  in PageSense. All the data entered  in the fields by your website visitors will now comply with HIPAA regulations.
Alert
  1. As we adhere to HIPAA, we assure you that the ePHI data is securely encrypted from our end.
  2. ePHI data will not be  shared with any third party.



Alert

The collected ePHI data cannot be modified in the application. If the "Restrict export of Personal data" option is disabled and if the experiment data has been exported, the activity will be captured in the experiment time line.


Account Deletion and Data Retention:
  1. PageSense retains all experiment reports for 90 days after the expiry of a user’s trial. . 
  2. The data retention period varies based on the subscription type a user opts for (6 months for Analyze & Engage Subscription, 12 months for Optimize).
  3. Once the data retention period expires, all the data tracked is deleted.
  4. Experiment data can be exported before the retention period ends.
  5. All experiment configurations and reports in a deleted space or project can be restored within 15 days. Post 15 days, all data will be deleted permanently. 
We hope this documentation helps make the process easy for you. Please feel free to reach out to us anytime by dropping an email to support@zohopagesense.com if you need more explanation or have any questions.