HIPAA Compliance Guide for Zoho Notebook

HIPAA Compliance Guide for Zoho Notebook

The Health Insurance Portability and Accountability Act (including the Privacy Rule, Security Rule, Breach notification Rule, and Health Information Technology for Economic and Clinical Health Act) ("HIPAA"), requires Covered Entities and Business Associates to take certain measures to protect health information that can identify an individual. It also provides certain rights to individuals. Zoho Notebook does not collect, use, store or maintain health information protected by HIPAA for its own purposes. However, Zoho Notebook provides certain features (as described below) to help its customers use Zoho Notebook in a HIPAA compliant manner.

HIPAA requires Covered Entities to sign a Business Associate Agreement (BAA) with its Business Associates. You can request our BAA template by sending an email to legal@zohocorp.com.

Audit Trial

Audit trial allows you to keep a track of your activities in your note cards - how many times you viewed the note, to whom you shared it, and so on. You can do that with the Activity Log in Zoho Notebook. Keep a better track of your note card activities with the Activity Log and export it in whenever you want.

ePHI

All your data in Notebook is marked as ePHI. The note card content you create, the images you add, the sketches you create, the lists you make, and the files you add are all considered as ePHI and encrypted. 

Data
Data Source
Notecards
Added by users for:
  1. Any Health information content inside any note card types
Attachments
Added by users when attaching files using File card
Object Detection
Objects which are present inside images. Learn More
OCR, Resource Keywords
Text content extracted using OCR
Keywords used for searching notes and contents

We don't consider your note card titles, notebook names, and the short description of your note cards (i.e, the content you see on your notes preview before you open them) as ePHI.

In addition to this, all your note cards are Encrypted at Transit and Rest making you the only one to view your data. You can know more about it here.