Hello, our company is very interested in switching from SalesForce to Zoho CRM. However, a major requirement is data security and Zoho CRM needs to be in compliance with the US Health Insurance Portability and Accountability Act. Can you help me learn more about your product in regards to this very important issue for us? I need to know if Zoho is HIPAA compliant. I am sure you've had this question from other prospects. Thank you.ANY UPDATES ON THIS?
Any final word on this issue. I cannot use the service (I would love to) until it is HIPPA compliant.
Please see info below. It appears that as long as Zoho maintains its security policies (which are already in place) and signs a Business Associate Agreement (BAA), Zoho users are considered to be HIPAA compliant. Can someone at Zoho please comment on this.
In order to ensure that PHI is safeguarded, the HIPAA rules require that you establish a Business Associate Agreement (BAA) with certain 3rd parties who are exposed to PHI. It’s been previously debated whether or not cloud software providers fall into this category, but the recent Omnibus rule, passed in Jan 2013, has expanded the definition of a business associate:
“We have modified the definition of ‘business associate’ to generally provide that a business associate includes a person who ‘creates, receives, maintains, or transmits’ [emphasis added] protected health information on behalf of a covered entity.”
There’s still some ambiguity here, but with the addition of “maintains,” it’s safe to assume that the vast majority of cloud software providers fall into this definition, and are thus required to maintain strict HIPAA compliance. This also means that you, the Covered Entity, must only use cloud software providers that sign BAAs.
We are very interested in using Zoho CRM in our medical practice but have concerns about HIPPA. Have you heard any more on whether Zoho would sign a "business associate agreement" so that we could endeavor to comply with HIPPA?