Healthcare providers and their partners need to know if the products they are using are HIPAA compliant. Can customer service software companies be HIPAA compliant? Today we’re going to examine Zendesk Chat.
About Zendesk
Based in San Francisco, Zendesk is a customer service software provider used to manage customer queries, provide support, and build customer relationships. Zendesk products include Zendesk Support , Zendesk Chat , Zendesk Talk , and Zendesk Explore , among others.
Business associates and business associate agreements
A business associate is a person or company that performs certain functions or activities that involve the use or disclosure of protected health information (PHI) for a covered entity . In more straightforward terms, the role of a business associate is to help covered entities comply with the HIPAA Privacy Rule . If a business associate provides services to a covered entity, then a business associate agreement (BAA) must be in place. A BAA is a written contract between a covered entity and a business associate and is required by law for HIPAA compliance.
Zendesk Chat and HIPAA
We looked through Zendesk’s website and found several helpful documents about HIPAA compliance and its products. According to Zendesk’s document Advanced Security: Enhanced Disaster Recovery and HIPAA Compliance Configuration (Enterprise Add-on) , the Advanced Compliance add-on “helps fulfill your obligations” under HIPAA. Zendesk will enter into a BAA for customers with this add-on. This webpage also includes other information such as exceptions to its security add-ons and more information about its other software products’ HIPAA compliance.
Is Zendesk Chat HIPAA compliant?
While Zendesk does state that it will enter into a BAA with customers, this is reserved for the Enterprise plan only and not for those on the Essential, Team, or Professional plan. We found no information about whether or not Zendesk will sign a BAA for its Elite plan. According to Security Configuration Requirements for HIPAA Enabled Accounts on Zendesk , subscribers must have the following security configurations in place for Zendesk Chat accounts to be HIPAA compliant:- Maintain an active subscription to Zendesk Support Enterprise, Zendesk Chat Enterprise, and the Advanced Security Deployed Associated Service (“Add-On”)
- Limit access to the Zendesk Chat service by authenticating via the Zendesk Support Service
- Disable email piping
- Disallow attachments while using Chat or assume all responsibility for ensuring attachments contain no PHI
Healthcare providers who chose to use Zendesk Chat will need to monitor staff use of this product to avoid accidental PHI transmission. Per the Security Configuration document:
Subscriber’s failure to implement and comply with any particular configuration listed below, or any series of required configurations listed below, shall be at Subscriber’s own risk and at Subscriber’s sole discretion ; and such failure shall relieve Zendesk and its employees, agents, and affiliates of any responsibility with respect to any unauthorized access to, or improper use or disclosure of, Subscriber’s Service Data, including any electronic Protected Health Information , that results from such failure by Subscriber.
Remember, investing in continuing cybersecurity training for your employees is an additional precaution to make sure your practice stays HIPAA compliant. Individuals in your organization can be exploited and expose PHI without realizing it.
Conclusion
Zendesk Chat can be HIPAA compliant for Enterprise plan customers who follow the above-stated security configurations once a BAA is executed.
Send direct patient communication with Paubox Email Suite
Zendesk Chat can offer a useful and easy way to speak with patients. However, not every customer on the Zendesk platform can use Chat in a HIPAA compliant manner. Healthcare professionals who want another line of direct communication to their patients should consider using a HIPAA compliant email solution, like Paubox Email Suite. Paubox Email Suite helps ensure that 100% of the emails you send are secure in transit all the way to your recipient’s inbox, but with the added benefit of making the experience seamless. As soon as the product is configured, all outbound emails will be encrypted. With our product, emails you send arrive directly to your patients’ inboxes. That means no more passwords and no more email portals required. Paubox Email Suite integrates with your existing email platform (like Google Workspace or Microsoft 365 ) so you won’t have to worry about changing your email workflow to use it.
Subscribe to Paubox Weekly
Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.