Create surveys that support HIPAA compliance

The Health Insurance Portability and Accountability Act (including the Privacy Rule, Security Rule, Breach notification Rule, and Health Information Technology for Economic and Clinical Health Act) (“HIPAA”), requires Covered Entities and Business Associates to take certain measures to protect health information that can identify an individual. Zoho does not collect, use, store or maintain health information protected by HIPAA for its own purposes. However, Zoho Survey provides certain features to help its customers use Survey in a HIPAA compliant manner.

GET STARTED

Trusted by the world’s best

hot star
asian-paints
itc
royalenfield
seaworld
pidilite
hnm

Zoho Survey and HIPAA compliance

Data privacy and security are top priorities for Zoho Survey. Our privacy policy and security protocols are designed with the aim to protect all sensitive data classified as ePHI (electronic protected health information).

Numerous organizations across the healthcare industry use Zoho’s health care surveys to collect patient information. Survey’s security features are intended to help you distribute and collect ePHI easily and securely.

Zoho Survey
general privacy guidelines

Any entity may need to obtain ePHI through healthcare surveys for different purposes. Here’s a list of guidelines that help you process ePHI in a privacy friendly manner using Zoho Survey.

Patient registration & medical research

Collect patient information with encryption.

Surveys

Conduct surveys with strict confidentiality using Zoho Survey.

Data access

Limit and monitor access to health care survey data.

Prepopulate

Make data collection simple with securely prepopulated survey answers.

Steps taken by Zoho Survey to help you with your HIPAA compliance requirements

We are fully committed to data protection and security. Here are the methods we use to keep ePHI secure:

Multi-factor authentication

Multi-factor authentication provides an extra layer of security by requiring verification in addition to your password. You can configure multi-factor authentication, and reduce the risk of unauthorized access, using Zoho OneAuth.

Encryption

Our survey tool supports custom field encryption, which allows you to encrypt any information collected from your respondents. Easily collect and store sensitive data with a multi-layer security protocol. All data transmitted to our servers is protected by strong encryption protocols. We use Transport Layer Security (TLS 1.2/1.3) encryption for all connections including web access, API access, our mobile apps.

Audit logging

We monitor all information gathered from services such as internal traffic, device usage, and terminals. This information is recorded in the form of audit logs. Logs are analyzed to identify unusual employee account activities or attempts to access customer data.

Disaster recovery and business continuity plan

Application data is stored and replicated in two data centers. In case of primary DC failure, data can be recovered from the secondary DC. Our recovery plan includes technical procedures such as power backups, temperature control systems, and fire prevention systems to support infrastructure management and ensure the continuity of your business.

Business Associate Agreement (BAAs) with Zoho

HIPAA requires Covered Entities to sign a Business Associate Agreement (BAA) with its Business Associates. You can request our BAA template by sending an email to legal@zohocorp.com.

Have more questions?

Visit our HIPAA Help page

To understand our security standards better, you can read our Whitepaper on Zoho security protocols.

Feel free to contact Us

support@zohosurey.com

We are Certified

The compliance certificate associated with Zoho’s compliance with HIPAA in its capacity as a Business Associate will be available for download on our accounts page.