HIPAA Compliance in Zoho Projects | Online Help | Zoho Projects

HIPAA Compliance in Zoho Projects

INTRODUCTION

The Health Insurance Portability and Accountability Act (including the Privacy Rule, Security Rule, Breach notification Rule, and Health Information Technology for Economic and Clinical Health Act) ("HIPAA"), requires Covered Entities and Business Associates to take certain measures to protect health information that can identify an individual. It also provides certain rights to individuals. Zoho does not collect, use, store or maintain health information protected by HIPAA for its own purposes. However, Zoho Projects provides certain features (as described below) to help its customers use Zoho Projects in a HIPAA compliant manner.

HIPAA requires Covered Entities to sign a Business Associate Agreement (BAA) with its Business Associates. You can request our BAA template by sending an email to legal@zohocorp.com.

HIPAA compliance in Zoho Projects

To ensure the security of your information, you can take the following actions in Zoho Projects:
  1. Mark ePHI fields to distinguish their data
  2. Encrypt data entered into ePHI designated fields
  3. Administer roles and permissions to secure data
  4. Export audit trail to monitor operational activities

Marking ePHI Fields

You can mark a field as ePHI if it contains the health information of your customers or patients.
To mark fields that contain personal health data:
  1. Navigate to  > Customization > Layout and Fields.
  2. Select a module to view layouts.
  3. Select the desired layout to edit it.
  4. Go to the desired field and click the  icon.
  5. Click Edit Properties and check the PII or PHI box. Marking the field as PHI will automatically turn on the Encrypt field option. Nevertheless, you can turn it OFF manually (not recommended).
  6. Click Update and save the layout.

Encrypting ePHI Field Data

Fields that contain personal health information can be encrypted for additional security. Though field encryption is not a mandatory step in Zoho Projects, we strongly recommend you enable encryption as it is the best practice to prevent unauthorized access to confidential data. Read this articles here to learn more about encrypting fields in Zoho Projects.

Administering Roles and Permissions

Roles and profiles on Zoho Projects let you define permissions, so you can tightly control who in your organization has access to what information. Field-level permissions help you take this a step further.

Exporting Audit Trail

Zoho Projects stores the audit logs—that is, information about every addition, update, and deletion made to your database records—in the backend. We have provided an option to export this data, which can be done using the Export Data option under Setup.
  1. Encryption Details in Zoho Projects
  2. ISO and SOC certifications