Zoho Survey and HIPAA compliance
Data privacy and security are top priorities for Zoho Survey. Our privacy policy and security protocols are designed with the aim to protect all sensitive data classified as ePHI (electronic protected health information).
Numerous organizations across the healthcare industry use Zoho’s health care surveys to collect patient information. Survey’s security features are intended to help you distribute and collect ePHI easily and securely.
Zoho Survey
general privacy guidelines
Any entity may need to obtain ePHI through healthcare surveys for different purposes. Here’s a list of guidelines that help you process ePHI in a privacy friendly manner using Zoho Survey.
Patient registration & medical research
Collect patient information with encryption.
Surveys
Conduct surveys with strict confidentiality using Zoho Survey.
Data access
Limit and monitor access to health care survey data.
Prepopulate
Make data collection simple with securely prepopulated survey answers.
Steps taken by Zoho Survey to help you with your HIPAA compliance requirements
We are fully committed to data protection and security. Here are the methods we use to keep ePHI secure:
Multi-factor authentication
Multi-factor authentication provides an extra layer of security by requiring verification in addition to your password. You can configure multi-factor authentication, and reduce the risk of unauthorized access, using Zoho OneAuth.
Encryption
Our survey tool supports custom field encryption, which allows you to encrypt any information collected from your respondents. Easily collect and store sensitive data with a multi-layer security protocol. All data transmitted to our servers is protected by strong encryption protocols. We use Transport Layer Security (TLS 1.2/1.3) encryption for all connections including web access, API access, our mobile apps.
Audit logging
We monitor all information gathered from services such as internal traffic, device usage, and terminals. This information is recorded in the form of audit logs. Logs are analyzed to identify unusual employee account activities or attempts to access customer data.
Disaster recovery and business continuity plan
Application data is stored and replicated in two data centers. In case of primary DC failure, data can be recovered from the secondary DC. Our recovery plan includes technical procedures such as power backups, temperature control systems, and fire prevention systems to support infrastructure management and ensure the continuity of your business.
Business Associate Agreement (BAAs) with Zoho
HIPAA requires Covered Entities to sign a Business Associate Agreement (BAA) with its Business Associates. You can request our BAA template by sending an email to legal@zohocorp.com.
Have more questions?
Visit our HIPAA Help page
To understand our security standards better, you can read our Whitepaper on Zoho security protocols.
Feel free to contact Us
support@zohosurey.comWe are Certified
The compliance certificate associated with Zoho’s compliance with HIPAA in its capacity as a Business Associate will be available for download on our accounts page.