Many healthcare providers choose to use customer relationship management (CRM) platforms to manage their patient customers. However, many CRM platforms are not HIPAA compliant. CRM platforms need to comply with HIPAA since they often receive protected health information (PHI), which needs protection from unauthorized users. Let's review Kustomer, to see if using it can be a potential HIPAA compliance issue for healthcare providers.
What is Kustomer?
Kustomer is a CRM platform for optimizing the customer experience. Kustomer allows customer service teams to better connect with people that need their services.
Kustomer and the business associate agreement
Any time a covered entity works with a third-party service provider, it needs to consider if the provider comes into contact with PHI. If a third party stores any PHI in its system, it is considered a business associate. Business associates need to follow HIPAA security standards or they could be hit with a HIPAA violation. Covered entities may be on the hook too if their business associates aren't following HIPAA security guidelines to protect PHI. READ MORE: The Complete Guide to HIPAA Violations One way HIPAA ensures that business associates are putting in the necessary safeguards to protect PHI is to require them to sign a business associate agreement (BAA). A BAA covers the responsibilities of the business associate in terms of how it handles PHI. If you need a BAA, Kustomer will provide one upon request— if you are on the Enterprise or Ultimate plan.
Kustomer and data security
Not all data security features are built the same. Some companies only cover the bare minimum to protect PHI, while other companies provide the highest level of security.
Kustomer's data security configurations include:
- Two-factor authentication
- Password policies to protect against misuse (like requiring that they meet certain complexity standards)
- Users are locked out after 15 minutes of inactivity
- Data is encrypted while at rest and in transit
One important aspect to consider is that Kustomer's website explains that "Kustomer Support is not responsible for securing email transmissions from End-Users, and related Service Data, prior to being received into Subscriber’s Kustomer Support instance. This includes any PHI that may be passed through email via replies to Kustomer Support tickets, including but not limited to, ticket comments or attachments." You may want to consider integrating Kustomer along with a HIPAA compliant email solution such as Paubox Email Suite to maintain compliance for all email. You can learn more about Kustomer's data security policies by clicking here.
Is Kustomer HIPAA compliant?
Yes, Kustomer can be configured to meet HIPAA security requirements. Kustomer is willing to sign a BAA and has extra security features to ensure HIPAA compliance. However, it's up to covered entities to ensure that Kustomer is configured to meet their business needs along with any third-party integrations used.
Keep all your online communications secure with Paubox
HIPAA compliant email remains a top priority for covered entities to ensure that all aspects of their online communications are protected from unauthorized users. Say goodbye to client portals and third-party apps because Paubox Email Suite lets your employees send encrypted emails directly to a patient's inbox. Paubox works with popular email providers such as Google Workspace or Microsoft 365 , so it is a seamless transition to integrate into your system.
Subscribe to Paubox Weekly
Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.