Data security features in compliance with HIPAA

The Health Insurance Portability and Accountability Act (including the Privacy Rule, Security Rule, Breach Notification Rule, and Health Information Technology for Economic and Clinical Health Act) ("HIPAA"), requires Covered Entities and Business Associates to take certain measures to protect health information that can identify an individual. It also provides certain rights to individuals. Zoho does not collect, use, store, or maintain health information protected by HIPAA for its own purposes. However, Zoho Analytics provides certain features (as described below) to help its customers use Zoho Analytics in a HIPAA-compliant manner.

HIPAA requires Covered Entities to sign a Business Associate Agreement (BAA) with their Business Associates. You can request our BAA template by sending an email to legal@zohocorp.com.

HIPAA compliance in Zoho Analytics

Zoho Analytics provides the following features for all users with Standard Plan or above to help its customers use Zoho Analytics in a HIPAA-compliant manner.

Handling Electronic Protected Health Information (ePHI) with Care

Zoho Analytics allows you to take utmost care when it comes to handling ePHI.

To secure the ePHI column, right-click the column and select Mark as Personal Data. The data will be encrypted and saved on our servers. While exporting views containing such data, the columns marked as personal data will not be included by default to avoid accidental sharing.



Alternatively, you can also click the Edit Design button in the toolbar and change the value of Is Personal Data? to 'Yes' for the ePHI column.

Securing data with Data Encryption

Zoho Analytics encrypts all personal information in our servers for enhanced security. We have handled data encryption at various levels.

  • Any field marked as Personal Data will be encrypted and stored in Zoho Analytics servers.
  • Any private information provided for authenticating third-party applications will automatically be identified with due diligence and stored in our databases in an encrypted manner.

Providing Data Privacy and Security

We have brought in extra measures to secure your data and keep it private.

  • Password protection for files that are exported: You can choose to protect the data that is exported using a password. This way, you will be able to restrict unauthorized access to the information in the exported files.

  • Password protection for Embed and Permalink: When you grant Access without Login permission for your embedded views or Permalinks, you can choose to set password protection for the views.
     
  • Expiry Date for Embed and Permalink: You can also set an expiry date for published views with Access without Login permission. So that the published view will not be accessible after a specific period of time.

Enabling you to Port Data

Zoho Analytics provides various options to transfer your ePHI data anytime. Zoho Analytics allows you to obtain your data at 2 levels.

  • Data Backup: The Data Backup option will back up all the data from tables and SQL queries from query tables and make it available for download. You can download the backed-up data anytime. Learn more about this feature.
     
  • Exporting Data: Exporting views allows you to export your data anytime in common file formats such as CSV, Excel, HTML, PDF, or image files. You can also password-protect your exported document. Learn more about exporting data.

Auditing All Activities

Zoho Analytics allows you to keep track of the user accesses and activities performed in Zoho Analytics. This allows you to monitor who has accessed the data and is the data modified, shared, or exported.

  • Access logs: This option enables the administrators to monitor the application access information.
  • Activity logs: This option enables the administrators to monitor all the activities Zoho Analytics users perform.

The activity logs data will be saved in a workspace for a year. You can export the older data for your use.

Zoho Compliance and Privacy Policy

You can read more about Zoho's compliance and privacy policy in the links given below: