HIPAA compliance with Vani

HIPAA compliance with Vani

The Health Insurance Portability and Accountability Act, HIPAA (including the Privacy Rule, Security Rule, Breach notification Rule, and Health Information Technology for Economic and Clinical Health Act), requires Covered Entities and Business Associates to take certain measures to protect health information that can identify an individual. It also provides certain rights to individuals.

 

Vani does not collect, use, store, or maintain health information protected by HIPAA for its own purposes. However, Vani provides certain features (as described below) to help its customers use Vani in a HIPAA compliant manner

 

HIPAA requires Covered Entities to sign a Business Associate Agreement (BAA) with its Business Associates. You can request our BAA template by sending an email to legal@zohocorp.com.

 

Vani provides the following features or tools that can help users to be HIPAA compliant.

 

Any text content which can be input by the user in Vani can be an ePHI(electronic Protected Health Information). The text data can be from TextBox, Shape text body, Comments and text content copied and pasted from system clipboard. 

Clearly defined user roles and permissions

The user who creates the team will be assigned as the Super Admin. The Super Admin is the only role in the team that can upgrade or downgrade plans and enable or disable permissions.

 

Teammates added to the team afterwards can be either Admins or Members.  Both Admins and the Super Admin can invite new members to the team and can assign Admin or Member privileges to other teammates. Admins can manage all team level settings from the Admin Console.

 

Refer to the table below to learn more about the privileges associated with each role.

 

The privileges associated with each role are available in the Vani's help document here. 

 

 

Super Admin

Admin

Member

Team Settings

Yes

Yes

'View Team' only

Team rename

Yes

Yes

No

Invite users to team

Yes

Yes

No

View invited members

Yes

Yes

No

Change team members' roles

Yes

Yes

No

Activate and deactivate teammates

Yes

Yes

No

Remove teammates from team

Yes

Yes

No

Audit logs (Paid plan)

Yes

Yes

No

Plan and billing details

Yes

Yes

Yes

Request to upgrade plan

No

Yes

Yes

Upgrade/downgrade plan

Yes

No

No

Enable/disable permissions (External share and team request access)

Yes

No

No

 

Only org members can be given access to a space. The access can be Read only, Comment only, or Edit only. The collaborators and their access permissions are captured in the help document.

If the Team Admin allows to share the space with external individuals, then the team members can share the space with external users. The access can be Read only, Comment only, or Edit only. The user can specify the expiry time for the externally shared link or they can specify a password to open the link.

 

Data Encryption

Data is encrypted during transit and encryption at rest by default for content written in Vani. The data encryption details at Vani are available here.

 

 

Control access for collaborators

User-specific permission - Share spaces with user-specific permission levels (View, View and Comment, Edit) and choose to restrict, grant, or remove access anytime. 

 

Auto file backup

Version History - Vani keeps automatic backed-up versions of your project for your reference at any given time. You can also view version specific changes and revert to older versions of the project. For free plans, the last 15 days version history will be persisted. For paid plans, the version history will be persisted forever.

 

Tracking changes

Audit Trail - Keep track of all changes in Space Management and User Management. Open/Add/Download space operations will be tracked in the Audit Trail. The Audit Trail will be available until the Org/Team is permanently deleted. Otherwise, it will be available forever.

 

Share with External persons


Vani allows you to share spaces with individuals outside the team without adding them to the team. Depending on the preferences, the external share link can grant View only, Comment only, or Edit access to external users. The security and privacy of the link can be enhanced by specifying a password to restrict access and expiration time for the link. More details about external sharing are available here.

 

Disable External Share

You can restrict the whole team members from sharing spaces that contain personal health information with external users, i.e., users who are not part of your team or organization.

 

Support access

The support people will not ask for access to user space generally. In case of any issues in rendering, and if the development team could not identify the issue, then only the support will ask the space to be shared with the support team. The development team will not make any changes to the user space and identify the issue by checking the project data. After the issue has been resolved, access can be revoked.

The team was informed properly about the procedures.

 

Data Retention Policy


A Data Retention Policy allows you to retain spaces for up to a certain period (such as 30 days), then automatically delete them afterwards. Before the retention period, the user can restore the space or delete it forever.

 

Permanently deleted spaces will be purged (i.e., data will be removed from all data centres and servers), and they can no longer be restored.


Monitor team activity

Team admins can view activity reports to monitor all activities of their team members. The reports will be helpful for auditing and legal purposes. Learn more

  

Transfer file ownership when deleting a user

If a user switches to a different team or leaves the organization, you can transfer their spaces to an active user before deleting them from your account. This helps you retain spaces created by your team users.

 

 

Important:

 

  1. Kindly note that the content presented here is not to be construed as a legal advice. Please contact your legal advisor to learn how HIPAA impacts your organization and what you need to do to comply with HIPAA.

  1. Learn more about compliance at Vani, write to us at support@vanihq.com or legal@zohocorp.com

 

Other security related features that Vani offers:

Data security

ISO and SOC 2 certificates

    • Related Articles

    • Personal preferences and settings

      While working together with your team is exciting, Vani is also a great platform for working by yourself. You can write down your thoughts, create content, and work alone. Vani lets you work without any interruptions, not just in Draft Spaces but ...