HIPAA Compliance
The Health Insurance Portability and Accountability Act (including the Privacy Rule, Security Rule, Breach notification Rule, and Health Information Technology for Economic and Clinical Health Act) ("HIPAA"), requires Covered Entities and Business Associates to take certain measures to protect health information that can identify an individual. It also provides certain rights to individuals. Zoho does not collect, use, store or maintain health information protected by HIPAA for its own purposes. However, Zoho Analytics provides certain features (as described below) to help its customers use Zoho Analytics in a HIPAA compliant manner.
HIPAA requires Covered Entities to sign a Business Associate Agreement (BAA) with its Business Associates. You can request our BAA template by sending an email to legal@zohocorp.com.
HIPAA compliance in Zoho Analytics
Zoho Analytics provides the following features for all the users with Standard Plan or above to help its customers use Zoho Analytics in a HIPAA compliant manner.
- Handling Electronic Protected Health Information (ePHI) with Care
- Securing data with Data Encryption
- Providing Data Privacy and Security
- Enabling you to Port Data
- Allowing Secured Account Access
- Auditing All Activities
Handling ePHI with Care
Zoho Analytics allows you to take utmost care when it comes to handling ePHI .
To secure the ePHI column, right click the column and select Mark as Personal Data. The data will be encrypted and saved in our servers. While exporting views containing such data, the columns marked as personal data will not be included by default to avoid accidental sharing.
Alternatively, you can also click the Edit Design button in the toolbar and change the value of Is Personal Data? to 'Yes' for the ePHI column.
Securing data with Data Encryption
Zoho Analytics encrypts all personal information in our servers for enhanced security. We have handled data encryption at various levels.
- Any field marked as Personal Data will be encrypted and stored in our servers.
- Any private information provided for authenticating third-party applications will automatically be identified with due diligence and stored in our databases in an encrypted manner.
Providing Data Privacy and Security
We have brought in extra measures to secure your data and keep it private.
- Password protection for files that are exported: You can choose to protect the data that is exported using a password. This way you will be able to restrict the unauthorized access to the information in the exported files.
- Password protection for Embed and Permalink: When you grant Access without Login permission for your embedded views or Permalinks, you can choose to set password protection for the views.
- Expiry Date for Embed and Permalink: You can also set an expiry date for published views with Access without Login permission. So that the published view will not be accessible after a specific period of time.
Enabling you to Port Data
Zoho Analytics provides various options to transfer your ePHI data anytime. Zoho Analytics allows you to obtain your data at 3 levels.
- Data Backup - Workspace Backup option will backup the data from tables and SQL queries from query tables and make it available for download. You can download the backed up data anytime as CSV files. Learn more about this feature.
- Exporting Data - Exporting views allows you to export your data anytime in common file formats such as CSV, Excel, HTML, PDF or image files. You can also password-protected your exported document. Learn more about exporting data.
- Downloading all your Data in One Shot - Zoho Analytics offers a direct one time download to download all the data stored in our service. Right now we do not have an option for that in our user interface, in case you wish to utilize this service write to us at support@zohoanalytics.com and we will help you with this.
Allowing Secured Account Access
Zoho Analytics provides a set of security options that enable you to control and manage access to your account such as IP restriction and controlling the various sharing & collaboration options. These options ensure that your data is accessible only by trusted users.
- IP Restriction: You can restrict access to the views in your organization account from a set of select IP ranges alone.
- Restriction to share within trusted domains: You can restrict sharing of data or views in Zoho Analytics only to users from trusted domains.
- Restriction to create Private or Public Links: You can specify whether Embed Snippet or Permalink can be created for views with either private or public access.
- Restriction to publish within trusted domains: You can restrict that your published views (private or public) can be accessed only to users from the trusted domains.
- Restriction for exporting and emailing views: You can specify whether views can be exported or emailed. You can also choose to restrict emailing of views only to users from trusted domains.
Auditing All Activities
Zoho Analytics allows you to keep track of the user accesses and activities performed in Zoho Analytics. This allows you to monitor who has accessed the data, is the data modified, shared or exported.
- Access logs: This option enables the administrators to monitor the application access information.
- Activity logs: This option enables the administrators to monitor all the activities performed by Zoho Analytics users.
The activity logs data will be saved in a workspace for a year. You can export the older data for your use.
Zoho's Compliance and Privacy Policy
You can read more about Zoho's compliance and privacy policy in the links given below: