Over the past six months we’ve fielded quite a few inquiries from customers and prospects alike about whether our HIPAA compliant email service integrates with Zoho.
We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.
Today we will determine if Zoho offers HIPAA compliant email for marketing or not.
SEE ALSO: HIPAA Breaches and Cloud Providers
Zoho is a suite of online applications ranging from hosted email, to CRM, accounting, and help desk. They are an early adopter of cloud software.
According to their site, Zoho is a division of ZOHO Corporation, a US-based company that has been creating and selling software solutions since 1996.
Zoho and the business associate agreement
We checked Zoho’s site and found conflicting and often confusing information about its HIPAA compliance capabilities.
For example, the Zoho forums were the only places we could find any mention of HIPAA or HIPAA Compliance:
- HIPPA Compliance: Submitted 10 years ago, the forum thread meanders back and forth before ending on an ominous piece of feedback from another Zoho user: “I did reach out. But they told me that they would sign a BAA but they did not encrypt data on their server. Does this not null and void the BAA for PHI information?” (That user is correct.)
- Is Zoho Creator HIPAA Compliant?: Submitted 7 years ago, a Zoho employee states, “Zoho is not a health care service provider, Zoho does not have a HIPAA compliance program.”
- HIPAA Compliance: Submitted 6 years ago, another Zoho employees writes, “Zoho Mail is a general-purpose email service and is not mainly intended to be used for transmitting/storing patient data. Hence we have not taken any steps for compliance with HIPAA.”
- Zoho Hipaa compliant?: Submitted 4 years ago, a Zoho staff member claims, “Please note, we are not HIPPA compliant however we will be able to sign a BAA. If you have an existing BAA copy, please send it to our legal team. They will review and sign it digitally.”
- Zoho Books HIPAA compliance: Submitted 1 year ago, a different Zoho employee says, “Yes. We do sign Business Associate Agreements (BAA). To know more about the procedure and HIPAA compliance, kindly write us at [email protected] from your registered email address.”
- HIPAA Compliance Plan: Submitted 6 months ago, a Zoho employee recommends contacting [email protected] for more information on Zoho and HIPAA compliance.
We did not find any mention of HIPAA or a BAA on those key legal pages.
Does Zoho offer HIPAA compliant service?
The BAA is a key component to HIPAA compliance between a covered entity and a business associate.
There were troubling aspects in our research about Zoho and HIPAA compliance:
- There was no mention of HIPAA compliance or its ability to sign a BAA on their key legal pages (privacy and security).
- We found confusing and conflicting advice from its support staff on their own forums. The information was often outdated and left unanswered for years.
Zoho is all over the place on its stance on HIPAA Compliance.
We do not recommend not using it if you require HIPAA compliant services.