by Hoala Greevy Founder CEO of Paubox
Article filed in

Is Zoho HIPAA Compliant?

by Hoala Greevy Founder CEO of Paubox

Is Zoho HIPAA Compliant? - Paubox

Over the past six months we’ve fielded quite a few inquiries from customers and prospects alike about whether our HIPAA compliant email service integrates with Zoho.

We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.

Today we will determine if Zoho offers HIPAA compliant email for marketing or not.

SEE ALSO: HIPAA Breaches and Cloud Providers

About Zoho

Zoho is a suite of online applications ranging from hosted email, to CRM, accounting, and help desk. They are an early adopter of cloud software.

According to their site, Zoho is a division of ZOHO Corporation, a US-based company that has been creating and selling software solutions since 1996.

Zoho and the business associate agreement

We’ve previously talked about how a business associate agreement (BAA) is a written contract between a covered entity and a business associate. It is required by law for HIPAA compliance.

We checked Zoho’s site and found conflicting and often confusing information about its HIPAA compliance capabilities.

For example, the Zoho forums were the only places we could find any mention of HIPAA or HIPAA Compliance:

  • HIPPA Compliance: Submitted 10 years ago, the forum thread meanders back and forth before ending on an ominous piece of feedback from another Zoho user: “I did reach out. But they told me that they would sign a BAA but they did not encrypt data on their server. Does this not null and void the BAA for PHI information?” (That user is correct.)
  • Is Zoho Creator HIPAA Compliant?: Submitted 7 years ago, a Zoho employee states, “Zoho is not a health care service provider, Zoho does not have a HIPAA compliance program.”
  • HIPAA Compliance: Submitted 6 years ago, another Zoho employees writes, “Zoho Mail is a general-purpose email service and is not mainly intended to be used for transmitting/storing patient data. Hence we have not taken any steps for compliance with HIPAA.”
  • Zoho Hipaa compliant?: Submitted 4 years ago, a Zoho staff member claims, “Please note, we are not HIPPA compliant however we will be able to sign a BAA. If you have an existing BAA copy, please send it to our legal team. They will review and sign it digitally.”
  • Zoho Books HIPAA compliance: Submitted 1 year ago, a different Zoho employee says, “Yes. We do sign Business Associate Agreements (BAA). To know more about the procedure and HIPAA compliance, kindly write us at support@zohobooks.com from your registered email address.”
  • HIPAA Compliance Plan: Submitted 6 months ago, a Zoho employee recommends contacting legal@zohocorp.com for more information on Zoho and HIPAA compliance.

As a last resort to find a definitive answer, we checked the Zoho Privacy Policy and Security Practices pages.

We did not find any mention of HIPAA or a BAA on those key legal pages.

Does Zoho offer HIPAA compliant service?

The BAA is a key component to HIPAA compliance between a covered entity and a business associate.

There were troubling aspects in our research about Zoho and HIPAA compliance:

  • There was no mention of HIPAA compliance or its ability to sign a BAA on their key legal pages (privacy and security).
  • We found confusing and conflicting advice from its support staff on their own forums. The information was often outdated and left unanswered for years.

Conclusion

Zoho is all over the place on its stance on HIPAA Compliance.

We do not recommend not using it if you require HIPAA compliant services.

Try Paubox Marketing for free and make your email marketing HIPAA compliant today.
Copy link
Powered by Social Snap