HIPAA Compliance

HIPAA compliance for JIGS

What is HIPAA?

The Health Insurance Portability and Accountability Act is a United States act that was created primarily to modernize the flow of healthcare information, stipulate how personally identifiable information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and address limitations on healthcare insurance coverage.

How our products enable you to comply with HIPAA policies

The customer operates as the data controller and Jivrus operates as a data processor. Customer has the responsibility for ensuring that the personal data of subjects they are collecting are being processed lawfully and, similar to controllers, processors, that process personal data on behalf of a data controller, are expected to comply with the HIPAA.

Data Collection

With HIPAA, Zoho takes explicit consent from email subscribers that they accept Zoho's terms and conditions and privacy policy during the installation of the extension. Any marketing emails include a visible unsubscribe link so that subscribers can click to instantly unsubscribe from all your future marketing communications.

Data Storage and Processing

JIGS acts as a data processor, exporting and importing data based on the user’s instructions (the user maps fields between Zoho CRM and Google Sheets). It does not store any data on our servers, and the configuration for importing and exporting is stored in the user-selected Google Sheet. JIGS only extracts and securely transmits data. It does not identify or classify data as PHI. The user is responsible for ensuring that sensitive data (e.g., PHI) is handled in compliance with applicable regulations. 

Data Portability

We do not transfer, sell, make copies, or share any of your data processed by our products to third-party services or companies. We only store data within the Zoho platform that is necessary for our products to function.

  Zoho Platform Compliance

   JIGS extension inherits Zoho's security and compliance features, such as data encryption, secure API integrations, and access controls.

  Google Workspace Compliance

Google Workspace enforces a robust security model with granular account controls and Drive permissions, allowing admins 

   to define user roles, restrict data sharing, and enforce least-privilege access. Features like multi-factor authentication (MFA), 

   secure file-sharing settings, and audit logs ensure data security and compliance.

General

If the users uninstall an extension or revoke access to the extension from your Google Account, the product will not be able to access any of your data and will instantly stop functioning.

Our products facilitate compliance with HIPAA for our users.  If the users are dealing with their customers using our products, they need to practice complying with HIPAA with their customers' data.

We conduct regular risk assessments to identify potential vulnerabilities and implement corrective actions.