The Health Insurance Portability and Accountability Act, HIPAA (including the Privacy Rule, Security Rule, Breach notification Rule, and Health Information Technology for Economic and Clinical Health Act), requires Covered Entities and Business Associates to take certain measures to protect health information that can identify an individual. It also provides certain rights to individuals.
Zoho WorkDrive does not collect, use, store, or maintain health information protected by HIPAA for its own purposes.
HIPAA requires Covered Entities to sign a Business Associate Agreement (BAA) with its Business Associates on the permissible and impermissible uses of Protected Health Information (PHI). You can request our BAA template by sending an email to
legal@zohocorp.com.
WorkDrive provides the following features or tools that can help users to be HIPAA compliant.
Clearly defined user roles and permissions
Team - Assign users either admin or member role. Admins will be able to add or remove users, and manage all team level settings from the Admin Console.
Team Folders - Create Team Folders and add members with a specific role such as Admin, Organizer, Editor, Commenter, and Viewer.
In a private Team Folder, only the members who have been added to it can view and access files. However, in a public Team Folder, any team member will be able to view and access files by default.
You can disable download and print options at Team Folder level for users with viewer role or view-only access.
Granular access to files and sub folders
Instead of giving your users (for example, Viewer) higher access to all files in a Team Folder, you can just assign them Edit access on a particular file or sub-folder when required.
Disable external sharing
You can restrict team members from sharing files that contain personal health information with external users, i.e., users who are not part of your team or organization.
You can achieve this in the following ways:
- Disable external sharing for the entire team
- Disable external sharing in a particular team folder
- Disable external sharing in My Folders for an individual user
Data Retention Policy
A Data Retention Policy allows you to retain files and folders for up to a certain period (such as 30 days), then automatically delete them afterwards.
For
Trash in My Folders and Team Folders, you can choose whether you want to keep those files indefinitely or delete them after 7, 15, or 30 days.
For
Deleted Items in Admin Console, you can choose whether you want to permanently delete them after 7, 30, 90, or 120 days.
Team Admins can also choose to manually delete files and folders permanently from Deleted Items in Admin Console anytime.
Permanently deleted files and folders will be purged (i.e., data will be removed from all data centers and servers), and they can no longer be restored.
Learn more about data retention policy
Monitor team activity
Team admins can generate activity reports based on a custom criteria to monitor all activities of their team members. The reports will be helpful for auditing and legal purposes.
Learn more
Device management
Team Admins can view details of all the connected devices of a user, such as device name, app type, last accessed date and time, IP address, and location.
For individual users, team admins can set permissions for desktop and mobile apps, and disconnect or wipe and disconnect devices remotely.
Learn more
WorkDrive app permissions
Manage access to WorkDrive's desktop and mobile apps at a team level from the Admin Console. If disabled, team members will not be able to use WorkDrive apps to access files. Any files that were synced or saved offline will be removed and all team members will be logged out of these apps on all their devices.
Learn more
Transfer file ownership when deleting a user
If a user switches to a different team or leaves the organization, you can transfer their files in My Folders to an active user before deleting them from your account. This helps you retain files created by your team users. By default, files in a team folder will be retained as it is a shared folder and other members in the team folder will have access to it.
Data Encryption
Data in WorkDrive is encrypted both in transit and at rest.
Learn more
Important:
- Features such as app permissions and device management are only available in the WorkDrive's Business plan. Learn more about the available features in each WorkDrive plan here.
- Zoho WorkDrive Suite is HIPAA compliant, which includes the products WorkDrive, Writer, Sheet, and Show.
- Kindly note that the content presented here is not to be construed as a legal advice. Please contact your legal advisor to learn how HIPAA impacts your organization and what you need to do to comply with HIPAA.
Other security related features that Zoho WorkDrive offers: