Not yet as we know because they have not stated that they are HIPAA compliant, but Zoho is working on HIPAA compliance. The company's stance on HIPAA compliance is unclear, so it’s important for covered entities to use caution before using Zoho for PHI.
Zoho’s website provides limited information about HIPAA compliance. Even though its tools aren’t for healthcare entities specifically, many of the security features may meet HIPAA requirements.
These cloud-based services are comparable to those in Office 365 and G Suite, with secure solutions for word processing, custom applications, project management, live chat, app integration, and an IoT management platform.
The company offers technical, physical, and administrative safeguards for all services, but there are questions about whether these privacy features are sufficient for HIPAA regulations.
Zoho is willing to sign a Business Associate Agreement (BAA), but the company clearly states that its apps aren't built for the healthcare industry. Responsibility for compliance remains with the customer.
For now, covered entities should check with Zoho for specific security features and updates on each of the available tools.