We're thrilled to unveil enhanced HIPAA compliance features within Zoho DataPrep, designed to bolster the protection and handling of ePHI (Electronic Protected Health Information).
HIPAA as most of you know, refers to Health Insurance Portability and Accountability Act (HIPAA) of 1996 that set regulatory standards in the US aimed at safeguarding sensitive patient data that shouldn't be disclosed without patient's consent or knowledge.
It applies to entities that are directly covered under it referred to as "covered entities" and "business associates" who deal with covered entities and handle ePHI data or their sub-contractors. The legislation requires covered parties concerned to have business associate agreements (BAA) and business associate sub-contractor agreements (BASA) in place to honor the treatment of ePHI data with care.
The following infographic gives a simplified look at the entities covered under the regulation. Please bear in mind this is not an exhaustive list.We are happy to say that key features we are introducing include:
Capabilities for marking ePHI data
Controls to implement roles and sharing permissions tailored to safeguard sensitive health information
Security measures to prevent misuse of health data
Checks in place to restrict export of ePHI data to third-party applications.
With comprehensive audit trails and controls for ePHI data access, Zoho DataPrep can ensure your data handling meets HIPAA standards.
Covered entities can directly use DataPrep, as can Business Associates and Business Associate Sub-contractors to create data pipelines that will tokenize/mask ePHI data before storing them in data warehouses or sending them to business applications such as Zoho CRM or Analytics for downstream analysis/other processes.
There are several touch points when it comes to how data is captured and how it flows when it comes to business activities of covered entities as well as business associates. DataPrep can be used at critical junctures in the data pipeline to prevent leakage and misuse of ePHI data.
A typical example can be