The Health Insurance Portability and Accountability Act, HIPAA (including the Privacy Rule, Security Rule, Breach notification Rule, and Health Information Technology for Economic and Clinical Health Act), requires Covered Entities and Business Associates to take certain measures to protect health information that can identify an individual. It also provides certain rights to individuals.
Vani does not collect, use, store, or maintain health information protected by HIPAA for its own purposes. However, Vani provides certain features (as described below) to help its customers use Vani in a HIPAA compliant manner
HIPAA requires Covered Entities to sign a Business Associate Agreement (BAA) with its Business Associates. You can request our BAA template by sending an email to legal@zohocorp.com.
Vani provides the following features or tools that can help users to be HIPAA compliant.
Any text content which can be input by the user in Vani can be an ePHI(electronic Protected Health Information). The text data can be from TextBox, Shape text body, Comments and text content copied and pasted from system clipboard.
Clearly defined user roles and permissions
The user who creates the team will be assigned as the Super Admin. The Super Admin is the only role in the team that can upgrade or downgrade plans and enable or disable permissions.
Teammates added to the team afterwards can be either Admins or Members. Both Admins and the Super Admin can invite new members to the team and can assign Admin or Member privileges to other teammates. Admins can manage all team level settings from the Admin Console.
Refer to the table below to learn more about the privileges associated with each role.
The privileges associated with each role are available in the Vani's help document here.
| Super Admin | Admin | Member |
Team Settings | Yes | Yes | 'View Team' only |
Team rename | Yes | Yes | No |
Invite users to team | Yes | Yes | No |
View invited members | Yes | Yes | No |
Change team members' roles | Yes | Yes | No |
Activate and deactivate teammates | Yes | Yes | No |
Remove teammates from team | Yes | Yes | No |
Audit logs (Paid plan) | Yes | Yes | No |
Plan and billing details | Yes | Yes | Yes |
Request to upgrade plan | No | Yes | Yes |
Upgrade/downgrade plan | Yes | No | No |
Enable/disable permissions (External share and team request access) | Yes | No | No |
Only org members can be given access to a space. The access can be Read only, Comment only, or Edit only. The collaborators and their access permissions are captured in the help document.
If the Team Admin allows to share the space with external individuals, then the team members can share the space with external users. The access can be Read only, Comment only, or Edit only. The user can specify the expiry time for the externally shared link or they can specify a password to open the link.
Data Encryption
Data is encrypted during transit and encryption at rest by default for content written in Vani. The data encryption details at Vani are available here.
Control access for collaborators
User-specific permission - Share spaces with user-specific permission levels (View, View and Comment, Edit) and choose to restrict, grant, or remove access anytime.
Auto file backup
Version History - Vani keeps automatic backed-up versions of your project for your reference at any given time. You can also view version specific changes and revert to older versions of the project. For free plans, the last 15 days version history will be persisted. For paid plans, the version history will be persisted forever.
Tracking changes
Audit Trail - Keep track of all changes in Space Management and User Management. Open/Add/Download space operations will be tracked in the Audit Trail. The Audit Trail will be available until the Org/Team is permanently deleted. Otherwise, it will be available forever.
Share with External persons
Vani allows you to share spaces with individuals outside the team without adding them to the team. Depending on the preferences, the external share link can grant View only, Comment only, or Edit access to external users. The security and privacy of the link can be enhanced by specifying a password to restrict access and expiration time for the link. More details about external sharing are available here.
Disable External Share
You can restrict the whole team members from sharing spaces that contain personal health information with external users, i.e., users who are not part of your team or organization.
Support access
The support people will not ask for access to user space generally. In case of any issues in rendering, and if the development team could not identify the issue, then only the support will ask the space to be shared with the support team. The development team will not make any changes to the user space and identify the issue by checking the project data. After the issue has been resolved, access can be revoked.
The team was informed properly about the procedures.
Data Retention Policy
A Data Retention Policy allows you to retain spaces for up to a certain period (such as 30 days), then automatically delete them afterwards. Before the retention period, the user can restore the space or delete it forever.
Permanently deleted spaces will be purged (i.e., data will be removed from all data centres and servers), and they can no longer be restored.
Monitor team activity
Team admins can view activity reports to monitor all activities of their team members. The reports will be helpful for auditing and legal purposes. Learn more
Transfer file ownership when deleting a user
If a user switches to a different team or leaves the organization, you can transfer their spaces to an active user before deleting them from your account. This helps you retain spaces created by your team users.
Important:
Kindly note that the content presented here is not to be construed as a legal advice. Please contact your legal advisor to learn how HIPAA impacts your organization and what you need to do to comply with HIPAA.
Learn more about compliance at Vani, write to us at support@vanihq.com or legal@zohocorp.com
Other security related features that Vani offers: