The Health Insurance Portability and Accountability Act (including the Privacy Rule, Security Rule, Breach notification Rule, and Health Information Technology for Economic and Clinical Health Act) ("HIPAA"), requires Covered Entities and Business Associates to take certain measures to protect health information that can identify an individual. It also provides certain rights to individuals.
Zoho People does not collect, use, store or maintain health information protected by HIPAA for its own purposes. However, Zoho People provides certain features (as described below) to help its customers use Zoho People in a HIPAA compliant manner.
HIPAA requires Covered Entities to sign a Business Associate Agreement (BAA) with its Business Associates. You can request our BAA template by sending an email to legal@zohocorp.com .
As many organizations use Zoho People and share employee information on the cloud, it is important that the health information and related HIPAA identifiers are protected and recorded in a confidential manner.
1. Labelling of Electronic protected health information (ePHI)
Custom fields that contain personal health details can be marked as 'ePHI'. This applies to single line, multi line and number custom fields.
Navigate to Settings > Select a Service > Extend Service > Forms and select the required form.
Go to Field Properties and check the 'Mark as ePHI' option. By labelling the field as ePHI, audit and encryption options will be enabled by default. Learn more.
2. Encryption of ePHI
Employee fields containing ePHI data in forms can be encrypted.All files are encrypted at rest.Learn more.
3. Audit trail of ePHI
Using the audit history feature, any changes made to data in the ePHI related fields can be tracked. Audit trail records the change in data of the fields for which you have enabled audit. Audit can be enabled for a field under form customization. Audit history can also be exported. Learn more.
4. Activity Log of ePHI
Activity logs can help track the various changes made to entities that can contain ePHI related data. A detailed log on the date, time of the action, the name of the employee who performed the action, and other details about the action can be seen under the activity log. Learn more.
5. Export History of ePHI
The overall history of all exports can be tracked and viewed under Settings > Data Administration > Export History.
6. Controlling access to ePHI
You can define who can perform add, edit, view and delete actions for ePHI related fields and records. Learn more.
Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.
If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.
You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.