HIPAA Compliance in Zoho Survey - Online Help Guide

HIPAA Compliance

The Health Insurance Portability and Accountability Act (including the Privacy Rule, Security Rule, Breach Notification Rule, and Health Information Technology for Economic and Clinical Health Act) ("HIPAA"), requires Covered Entities and Business Associates to take certain measures to protect health information that can identify an individual. It also provides certain rights to individuals.

Zoho does not collect, use, store, or maintain health information protected by HIPAA for its own purposes. However, Zoho Survey provides features (as described below) to help its customers use their surveys in a HIPAA-compliant manner. HIPAA requires Covered Entities to sign a Business Associate Agreement (BAA) with their Business Associates. You can request our BAA template by sending an email to legal@zohocorp.com.

HIPAA Compliance in Zoho Survey

Zoho Survey is widely used to collect health-related information. You can now create secure surveys by using the following methods:
  1. Data Encryption
  2. Custom Field Encryption
  3. Monitoring and exporting audit logs 


Notes
  1. Data encryption is only available for the Healthcare Survey category. However, you can modify the survey category in the Edit Survey Name section anytime.
  2. We only support custom field encryption and data encryption labelling in Short Answer, Long Answer, Email, Date/Time, Number, Full Name, Contact Information, Multiple Textbox, Matrix Textbox, Matrix Grid questions, and Text, Number, Email, and Date custom variables.


Data Encryption

With data encryption, you can mark selected fields as health information, and all data fields will be encrypted, by default. Also, all the controls applicable to the encrypted fields will be applied to data encryption as well. data encryption labelling is available with our Pro plan.

To encrypt an answer:

  1. Click or drag and drop a Short Answer, Long Answer, Email, Date/Time, Number, Full Name, Contact Information, Multiple Textbox, Matrix Textbox, or Matrix Grid question to the builder.
  2. Type your question in the Question box. Read more to learn how to fill in the other fields for each of these questions.
  3. Click Advanced options and select Encrypt answer in the Data Privacy section. The Encrypt answer field also gets selected, by default.

Custom Field Encryption

You can now encrypt specific questions and custom variables, and the responses will be encrypted at rest (storage). Read more on how to encrypt answers.

Monitoring and Exporting Audit Logs

You can now track all data encryption modifications and export the audit logs into a spreadsheet or CSV file as well. Audit logs are available only with our Enterprise plan.