HIPAA compliance with Zoho SalesIQ

HIPAA compliance with Zoho SalesIQ

The Health Insurance Portability and Accountability Act (including the Privacy Rule, Security Rule, Breach notification Rule, and Health Information Technology for Economic and Clinical Health Act) ("HIPAA"), requires Covered Entities and Business Associates to take certain measures to protect health information that can identify an individual. It also provides certain rights to individuals. Zoho does not collect, use, store or maintain health information protected by HIPAA for its own purposes.

HIPAA requires Covered Entities to sign a Business Associate Agreement (BAA) with its Business Associates on the permissible and impermissible uses of Protected Health Information (PHI). You can request our BAA template by sending an email to legal@zohocorp.com.

Product-specific features

As many healthcare-related organizations started using SalesIQ to provide the best support to their customers, SalesIQ is working for HIPAA compliance by putting in place certain measures to keep the customers' ePHI information secure. 
Data audits help you secure your system and monitor for unexpected changes or usage trends. Zoho SalesIQ will store the audit logs, i.e., the information about every addition, update, and deletion of the ePHI possible fields of your database record.

ePHI data in SalesIQ

Before we see how the SalesIQ protects the customers' ePHI data, we shall see all the entry points for the ePHI data. 

Conversations

In SalesIQ, if a customer organization processes the health data, ePHI might appear in the conversations. Hence, all the live chat data will be considered by SalesIQ as ePHI and subjected to audits. 

Pre-chat forms

The information of the visitors that they provide before initiating a conversation with the operators will contain information such as Name, Email, Phone number. This information on its own doesn't fall under the ePHI category, but when associated with the conversation, it can be considered as ePHI. Hence, SalesIQ treats all the default Pre-chat form data as ePHI. 

JS API custom fields

Zoho SalesIQ allows customers to use JS API custom fields on their website to configure custom fields and get more data from their visitors using the pre-chat forms. Since the JS API custom field is implemented on the customer's website, SalesIQ can only display the collected data, and the customers cannot modify it. Hence, it will not be audited, and HIPAA requirements cannot be implemented on this JS API option.

We do not recommend the usage of the JS API custom fields to collect ePHI data from the visitors. 
Note: 
  1. The data collected using the JS API custom fields will be encrypted in the storage. 
  2. The customer cannot modify the data collected using JS API custom field via SalesIQ. 

Audit Exports and Retention

To comply with HIPAA, we have started auditing essential ePHI data. All audit logs are retained for a duration of up to one year. The Audit log can be shared with portal operators and visitors upon request based on the feature. 

1. Conversation attachment download audit logging

Zoho SalesIQ keeps audit logs of all conversation attachment downloads performed on your database.

2. Conversation delete audit logging

Zoho SalesIQ keeps audit logs of all conversation deletions performed on your database. The audit logs will contain only limited information such as Visit ID and Conversation ID.

3. Visitor meta like name, email, and phone update logging

Zoho SalesIQ keeps audit logs of visitors' information updates provided via pre-chat forms. 

4. Data encryption

All conversation and audit data is encrypted in storage. SalesIQ uses Zoho Filestore and databases to store the data securely.
  1. All ePHI considered data like chat messages and attachments encrypted and stored securely.
  2. SalesIQ follows the Zoho encryption standard to encrypt the data at both transit and storage levels.
Important:
  1. No other feature has the possibility to receive ePHI data. Hence, the other features will not be subjected to audits. 
  2. Kindly note that the content presented here is not to be construed as legal advice. Please contact your legal advisor to learn how HIPAA impacts your organization and what you need to do to comply with HIPAA.
    • Related Articles

    • Integrating Leadberry with Zoho SalesIQ

      Overview What is Leadberry? Leadberry is a web application that can help you enrich your website visitor's company information. With the help of the email address or the domain, it can help you with the visitor's company details and instantly provide ...
    • Integrating Zoho Analytics with SalesIQ

      Overview What is Zoho Analytics? Zoho Analytics is a self-service BI and data analytics software that lets you visually analyze your data, create stunning data visualizations and discover hidden insights in minutes. Zoho Analytics in SalesIQ When you ...
    • Getting started with Zoho SalesIQ

      Zoho SalesIQ is a simple, quick-to-implement, efficient tool that allows you to chat with your website visitor. You can actively engage with your website visitor proactively and reactively using live chat widgets, triggers, and much more. SalesIQ has ...
    • Integrating Salesforce with Zoho SalesIQ

      Overview What is Salesforce? Salesforce is a customer relationship management solution that brings companies and customers together. It's one integrated CRM platform that gives all your departments — including marketing, sales, commerce, and service ...
    • Integrating Zendesk with SalesIQ

      What is Zendesk?  Zendesk is a customer ticketing system that allows companies a method of tracking and responding to customer service requests. Together Zendesk and Zoho SalesIQ deliver a complete view of all your support interactions logged in one, ...