HIPAA compliance with Zoho WorkDrive
The Health Insurance Portability and Accountability Act, HIPAA (including the Privacy Rule, Security Rule, Breach notification Rule, and Health Information Technology for Economic and Clinical Health Act), requires Covered Entities and Business Associates to take certain measures to protect health information that can identify an individual. It also provides certain rights to individuals.
Zoho WorkDrive does not collect, use, store, or maintain health information protected by HIPAA for its own purposes.
HIPAA requires Covered Entities to sign a Business Associate Agreement (BAA) with its Business Associates on the permissible and impermissible uses of Protected Health Information (PHI). You can request our BAA template by sending an email to
legal@zohocorp.com.
WorkDrive provides the following features or tools that can help users to be HIPAA compliant.
Clearly defined user roles and permissions
Team - Assign users either admin or member role. Admins will be able to add or remove users, and manage all team level settings from the Admin Console.
Team Folders - Create Team Folders and add members with a specific role such as Admin, Organizer, Editor, Commenter, and Viewer.
In a private Team Folder, only the members who have been added to it can view and access files. However, in a public Team Folder, any team member will be able to view and access files by default.
You can disable download and print options at Team Folder level for users with viewer role or view-only access.
Granular access to files and sub folders
Instead of giving your users (for example, Viewer) higher access to all files in a Team Folder, you can just assign them Edit access on a particular file or sub-folder when required.
Disable external sharing
You can restrict team members from sharing files that contain personal health information with external users, i.e., users who are not part of your team or organization.
You can achieve this in the following ways:
- Disable external sharing for the entire team
- Disable external sharing in a particular team folder
- Disable external sharing in My Folders for an individual user
Data Retention Policy
A Data Retention Policy allows you to retain files and folders for up to a certain period (such as 30 days), then automatically delete them afterwards.
For
Trash in My Folders and Team Folders, you can choose whether you want to keep those files indefinitely or delete them after 7, 15, or 30 days.
For
Deleted Items in Admin Console, you can choose whether you want to permanently delete them after 7, 30, 90, or 120 days.
Team Admins can also choose to manually delete files and folders permanently from Deleted Items in Admin Console anytime.
Permanently deleted files and folders will be purged (i.e., data will be removed from all data centers and servers), and they can no longer be restored.
Learn more about data retention policy
Monitor team activity
Team admins can generate activity reports based on a custom criteria to monitor all activities of their team members. The reports will be helpful for auditing and legal purposes. Learn more
Device management
Team Admins can view details of all the connected devices of a user, such as device name, app type, last accessed date and time, IP address, and location.
For individual users, team admins can set permissions for desktop and mobile apps, and disconnect or wipe and disconnect devices remotely. Learn more
WorkDrive app permissions
Manage access to WorkDrive's desktop and mobile apps at a team level from the Admin Console. If disabled, team members will not be able to use WorkDrive apps to access files. Any files that were synced or saved offline will be removed and all team members will be logged out of these apps on all their devices. Learn more
Transfer file ownership when deleting a user
If a user switches to a different team or leaves the organization, you can transfer their files in My Folders to an active user before deleting them from your account. This helps you retain files created by your team users. By default, files in a team folder will be retained as it is a shared folder and other members in the team folder will have access to it.
Data Encryption
Data in WorkDrive is encrypted both in transit and at rest.
Learn more
Important:
- Features such as app permissions and device management are only available in the WorkDrive's Business plan. Learn more about the available features in each WorkDrive plan here.
- Zoho WorkDrive Suite is HIPAA compliant, which includes the products WorkDrive, Writer, Sheet, and Show.
- Kindly note that the content presented here is not to be construed as a legal advice. Please contact your legal advisor to learn how HIPAA impacts your organization and what you need to do to comply with HIPAA.
Other security related features that Zoho WorkDrive offers:
Access your files securely from anywhere
Zoho CRM Training Programs
Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.
Zoho DataPrep Personalized Demo
If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.
- Zoho Workerly Home
- Forums
- Connect With Us:
- Zoho Recruit Home
- Forums
- Connect With Us:
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.
New to Zoho Survey?
Zoho Sheet Resources
Zoho Forms Resources
New to Zoho Sign?
Zoho Sign Resources
Sign, Paperless!
New to Zoho TeamInbox?
Zoho TeamInbox Resources
New to Zoho ZeptoMail?
Zoho DataPrep Resources
Design. Discuss. Deliver.
New to Zoho Workerly?
New to Zoho Recruit?
New to Zoho CRM?
New to Zoho Projects?
New to Zoho Sprints?
New to Zoho Assist?
New to Bigin?
Related Articles
Compliance at Zoho WorkDrive
Zoho WorkDrive helps you comply with the above industry's leading security and privacy standards or regulations. For any WorkDrive compliance queries, please contact our support. Learn more about the HIPAA compliance with Zoho WorkDrive Learn more ...Zoho Connect - WorkDrive Integration
Zoho WorkDrive is a content collaboration platform for individuals or teams to store, share, and manage files in one place. Zoho Connect, a business communication tool, helps the entire organization to share ideas, hold real-time discussions, and ...Zoho Mail - WorkDrive Integration
Zoho WorkDrive’s integration for Zoho Mail unlocks access to your WorkDrive storage in four ways: Insert files from WorkDrive WorkDrive's picker component in Zoho Mail allows the users to insert files from their WorkDrive account as an email ...WorkDrive Essentials plan for teams
Zoho WorkDrive is an online file management and collaboration platform for teams and individuals. WorkDrive is available as a standalone product as well as part of various app bundles, such as Zoho One, Workplace, Remotely, and Zillum. WorkDrive's ...How to remove Docs Sync app data after migrating from Zoho Docs to WorkDrive
After migrating from Zoho Docs to Zoho WorkDrive, you will need to uninstall the Docs Sync app from your computer. It is important to remove all the Docs data synced to your computer before you install the WorkDrive desktop app. Here's how you can ...
New to Zoho LandingPage?
Zoho LandingPage Resources